Privacy Policy

Last Updated: May 20, 2020

Welcome to Doppler. Doppler is a platform for engineering teams to manage their digital authentication credentials (“secrets”), including passwords, API keys, certificates, tokens, and encryption keys across all of their environments, tools, and processes.

We appreciate you trusting us with your projects, your secrets, and your personal information. This Privacy Policy describes how Doppler Technologies, Inc. (“Doppler”, “we”, “us”, and/or “our”) handles the personal information we collect from and about you when you use our website, www.doppler.com (“the Site”), our online products and services (“Platform” and collectively with the Site, the “Services”), as well when you otherwise interact with us. It also describes certain legal rights you may have, subject to applicable law, and how you can exercise them.

For the purposes of this Privacy Policy, “Personal Information” means information about identified or identifiable individuals, such as their name and email address, and includes “personal data” as defined by the European Union’s General Data Protection Regulation (“GDPR”) and “personal information” as defined by the California Consumer Privacy Act (“CCPA”).

This Privacy Policy applies to information we collect and use for our own purposes, including information we collect from and about visitors to the Site, customers when they register for or access the Services, and individuals in relation to our marketing activities. In these situations, Doppler is considered the “data controller” for purposes of the GDPR and similar data protection laws. This Privacy Policy does not apply to data Doppler processes on behalf of our customers in our capacity as a processor. Doppler has no direct control or ownership of the Personal Information we process on behalf of our customers and we process that data solely in accordance with our customers’ instructions.

In addition, this Privacy Policy does not apply to any third-party applications or software that integrate with Doppler Services (“Third-Party Services”).

By using any of Doppler’s Services, you confirm you have agreed to the Doppler Terms of Service, to the extent permitted by law, and have read and understood this Privacy Policy.


Information We Collect

Information you provide us directly


We collect information that you voluntarily provide in the following ways:

  • Filling in forms on our website. When you fill in forms on our website including when you request additional information about our Services, request a demo, or contact our sales team, we may require that you provide us with your contact information such as your name, job title, company name, email address, physical address, and phone number. We may also ask about the number of engineers on your project and how you heard about Doppler.


  • Creating a Doppler account. When you create a Doppler account, we may collect your name, email address, a password which we ask you to create, and a profile photo which you can elect to provide to us through Gravatar, a third-party provider. Please note that your profile information may be visible to other Doppler users.


  • Purchasing a plan. When you purchase a plan for one of our products, we may require that you provide us, or our third-party payment processor, with your name, payment card information, and billing address.


  • Contacting us. When you contact us by email; through our branded social media accounts; through our integrated chat providers; or by phone, SMS, or physical mail, we may collect your name, username, email address, phone number, physical address, and the contents of your communication which can include any information you choose to provide.


  • Registering for an event or webinar; signing up to receive email communications from us, including our monthly digest; subscribing to our blog, or completing a survey. When you engage in any of these activities, we may collect your name, email address, phone number, and any information you provide to us as part of that request (such as information about your user experience in response to a survey).


  • Scanning your badge or otherwise leaving your details with us a trade show or other marketing event. In these circumstances, we may collect your name, job title, company name, address, phone number, and email address.


  • Submitting “secrets.” Through your use of the Services you may provide us with various “secrets,” including but not limited to credentials, flags, API keys, certificates, tokens, private keys, and encryption keys.


  • Inviting others to use Doppler. If you invite others to use Doppler, we will collect the invitee’s email address in order to send the invitation.


  • Applying to work with us. If you apply to work with us, we will collect any information you choose to share in your application, include your name, email address, phone number, physical address, employment history, and education history.


Information we collect automatically when you use our Services


We also collect certain information automatically as you navigate our Services.

  • Log Data. Like many websites, Doppler’s website collects certain information automatically and stores it in log files. This may include information about the devices you use to access our Services (including your internet protocol (IP) address, browser type, and operating system); the address of the web page visited before and after using our Services; details about your interactions with our Services (such as the date, time, length of stay, and specific pages accessed during your visits); search terms used to reach our Services; and usage information (such as the number and frequency of visitors to our Services). We use this information to help us design and administer our website, improve our Services, and gather broad demographic information that helps us identify user preferences.


  • Cookies. We collect some of the information above using cookies and similar technologies. A “cookie” is a text file that websites send to a visitor’s computer or other internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. Doppler uses cookies to provide a secure and authenticated experience, to customize your experience, and to facilitate log-in and other interactive features. Some of our service providers, such as third-party analytics providers we use to help us improve and optimize our Services, may use their own cookies and similar technologies in connection with the services they perform on our behalf. You can disable cookies, limit the types of cookies you allow, or set your browser to alert you when cookies are being sent. Please refer to the guidance offered by your chosen web browser if you’d like help managing your cookie preferences.


Information we collect from other sources

  • Payment Processors. In general, when you purchase one of our plans, your payment card information is provided directly to our third-party payment processor, Stripe, and Doppler does not collect or store that information. However, we may receive limited information about your payment card from Stripe, such as the last four digits of your card, the country of issuance, and the expiration date.


  • Third-Party Services. Our Platform allows customers to enable a variety of Third-Party Services on the Platform. For instance, users can connect their accounts on Slack, GitHub, and Heroku to their Doppler workplace. Once enabled, the provider of a Third-Party Service may share certain information with Doppler such as the username and email address associated with that customer on the Third-Party Service as well as additional information that the provider has chosen to make available to Doppler to facilitate the integration. Customers should check the privacy settings and privacy policies of these Third-Party Services to understand what information may be shared with Doppler.


  • Third Party Authentication Providers. Doppler allows you to sign up and log in to our Platform using third-party authentication providers such as Google, okta, onelogin, and Azure Active Directory. If you choose to sign up and log in in this manner, the third-party authentication service will ask your permission to share certain information with us, including your name and email address. You can control the information that we receive from third-party authentication providers using the privacy settings in your accounts with those services.  


  • Event Partners. We may also receive information about you from our event partners. For instance, if you attend a trade show or an event which we sponsor, the organizer may provide us with your name and contact information in accordance with the disclosure they made to you so that we can reach out to you to discuss our products and services.  


  • Another Individual at Your Organization. We may collect your Personal Information from another individual at your organization who may provide us with your business contact information in order to invite you to join a team workplace.


How We Use Your Information

We use the information described above to:


  • Determine whether to enter into a business relationship with you;
  • Provide you with the Services if you are or become a Doppler customer including creating your Doppler account and identifying you when you sign-in to your account;
  • Operate and improve our Services, including monitoring and analyzing usage, trends, and activities related to the Services;
  • Send you technical notices, updates, security alerts, and support and administrative messages;
  • Identify, fix, and troubleshoot bugs and service errors;
  • Respond to your requests, inquiries, comments, and suggestions;
  • Communicate with you about products, services, offers, promotions, and events we offer and provide news and information we think will be of interest to you;
  • Improve our educational, networking, marketing, social, and recruitment strategies;
  • Assess job applicants and make hiring decisions;
  • Protect against, identify, investigate, and respond to misuse of our Services or other unlawful behavior; and
  • Carry out any other purpose described to you at the time the information was collected.


How We Share Your Information

We may share information about you with certain third parties in the following circumstances:


  • Companies under common control: We may share data between and among any current or future parents, subsidiaries, affiliates, and other companies under common control and ownership with Doppler.
  • Vendors and service providers: We may share Personal Information with vendors, consultants, and other service providers who need to access the data in order to perform services on our behalf, such as processing payments, providing analytics services, enabling communication between you and Doppler, or providing secure storage.
  • Business transfers: We may share Personal Information with another company in connection with or during negotiations of any merger, acquisition, financing, re-organization, bankruptcy, sale of all or a portion of our assets, or transition of services to another provider. Any company which buys us or part of our business will have the right to continue to use your Personal Information, but only in the manner set out in this Privacy Policy unless you agree otherwise.
  • Legal requirements: We may share Personal Information when we believe it is necessary to comply with a legal obligation, including lawful requests from public authorities to meet national security or law enforcement requirements. We may also share Personal Information when we believe it is necessary to protect Doppler’s rights and property, to protect the safety of our users, and to defend against legal liability.
  • Consent: We may share Personal Information with third parties with your consent and at your direction, including if we notify you that the information you provide will be shared in a particular manner and you provide that information.
  • Event Partners: We may share your Personal Information with our event partners who may contact you for their own direct advertising and marketing purposes. For instance, if you consent to have your attendee badge scanned by an exhibitor at an event we host, we may, on occasion provide your data to that exhibitor so that they may follow up with you. We may also share lists of attendees at our events with exhibitors. In that case, the exhibitors’ use of your information would be subject to the exhibitors’ privacy policies. If you prefer that we not share your information with such third parties, you may opt out by emailing us at privacy@doppler.com.


We may also share aggregate or de-identified information, which cannot reasonably be used to identify you, for various purposes including compliance with various reporting obligations; for business or marketing purposes; or to assist third parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Service.


Our Legal Bases for Handling Your Personal Information

The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your Personal Information. To the extent those laws apply, our legal grounds are as follows:

  • Legitimate interest. In most cases, we handle Personal Information on the ground that it furthers our legitimate interests in commercial activities such as the following in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals:
  • Providing the Services pursuant to our contract with our customers.
  • Marketing our business.


  • Protecting our customers, personnel, and property.


  • Analyzing and improving our business.


  • Processing job or other applications.


  • Legal compliance. We need to use and disclose Personal Information in certain ways to comply with our legal obligations.


  • To honor our contractual commitments to an individual. Some of our processing of Personal Information is to meet our contractual obligations to the individual to whom the Personal Information pertains.


  • Consent. Where required by law, and in some other cases, we handle Personal Information on the basis of implied or express consent. For instance, in relation to direct marketing, we will obtain and rely on your consent in relation to the processing concerned.


Where we act as a processor of Personal Information on behalf of a customer, we process the Personal Information pursuant to our contract with the customer.


Your Rights and Choices

You have a variety of rights and choices related to our use of your Personal Information.


  • Opting out of email marketing. You can opt-out of receiving our promotional emails at any time by following the instructions included in those emails. Please be aware that it may take up to 10 days for us to process your request, and you may continue receiving promotional communications from us during that period. If you opt-out of receiving such communications, please note that we may continue to send you non-promotional emails (such as emails related to our business relationship or emails about changes to our legal terms).


  • Restricting cookies/Do Not Track. Doppler does not change its behavior in response to web browser “do not track” signals. However, you can configure most browsers to reject cookies or to notify you when you are sent a cookie, giving you a chance to decide whether or not to accept it. You can consult the help section of your browser to find out how to do this. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.


  • Limiting Information in Your Doppler Profile. You can control the information we collect about you by limiting what information you provide in your Doppler profile.


  • Limiting Information Available Through Third-Party Services: If you want to limit or stop receipt of information from Third-Party Services, such as GitHub or Slack, which are linked to your Doppler account, you can change your privacy settings on those Third-Party Services. You may also choose not to use Third-Party Services we make available.


  • Limiting Information Available Through Third-Party Authentication Providers: If you want to limit or stop receipt of information from Third-Party Authentication Providers, you may change your privacy settings with those Third-Party Authentication Providers or choose not to use the Third-Party Authentication Providers we offer.


  • Access, Update, or Delete Your Information. Doppler provides a variety of self-help options to allow users to access, update, and delete their information. For instance, if you are already a Doppler user, you may access, update, or delete Personal Information you have provided by logging into your Doppler workplace and editing your account information. If you are an owner and you would like to download or delete your workplace secrets, you can do so through the Doppler dashboard, the Doppler CLI, or through the Doppler REST API. You may also take your data with you, at any time, by emailing us at privacy@doppler.com with a request to export your data. Please note that we may keep certain information as necessary to comply with our legal obligations or for legitimate business purposes, such as to resolve disputes or enforce our agreements. We may also keep cached archived copies of Personal Information for a certain period of time. If you are not already a Doppler user and you would like to review, correct, or delete your information, please contact us at privacy@doppler.com.


  • Data Requests. In some instances you may be eligible to request that we provide access to and/or a copy of certain Personal Information we hold about you; ask that your Personal Information be corrected, updated, or erased; object to our processing of your Personal Information; request that we restrict certain processing; transfer your Personal Information to a third party; or honor your withdrawal of consent for certain processing of your Personal Information. We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interest or to comply with a legal obligation. Before responding to your request, we may require that you provide us with additional information to confirm your identity. You have the right to lodge a complaint with the authorities applicable to your situation. However, we invite you to contact us with any concern, as we would be happy to try to resolve it directly.


If you are a resident of California, California law requires us to disclose the following information with respect to our collection, use, and disclosure of your Personal Information.


  • Notice of Collection. Although the information we collect is described in greater detail in the “Information We Collect” section above, the categories of Personal Information that we have collected – as described by the CCPA – including in the past 12 months are:


  • Identifiers, such as name, email address, mailing address, and IP address. We collect this information directly from you or from third-party sources.


  • Other individual customer records, such as phone number, billing address, and payment card information. This category includes personal information protected under pre-existing California law (Cal. Civ. Code § 1798.80(e)), and overlaps with other categories listed here.


  • Commercial information, such as purchasing information and engagement with our Services. We collect this information directly from you.


  • Internet activity, such as referring and exiting pages and your interactions with our Services. We collect this information directly from your device.


  • Geolocation data, such as IP address. We collect this information directly from your device.


  • Financial Information, such as payment information or financial account numbers in order to provide you with services. We collect this information directly from you.


  • Employment information, such as company name and job title. We collect this information directly from you or from other individuals at your organization.


  • Sensory information, such as photos.


  • Inferences, such as information about your interests and preferences.


  • Business or Commercial Purpose for Collecting and Using Personal Information. We collect each category of Personal Information listed above for the business or commercial purposes described in the “How We Use Your Information” section above.


  • Categories of Sources of Personal Data: We collect each category of Personal Information listed above directly from you, through automatic data collection means, or through the third-party sources described in the “Information We Collect” section above.


  • Categories of Personal Data Disclosed: In the preceding 12 months, we have disclosed the categories of Personal Information listed above in the circumstances described in the “How We Share Your Information” section above.


  • Categories of Third Parties With Whom We Share Personal Data: We may share each category of Personal Information listed above with the third parties described in the “How We Share Your Information” section above.


  • Right to Know: California residents may request disclosure of the specific pieces and/or categories of personal data that we have collected about them, the categories of sources for that Personal Information, the business or commercial purposes for collecting the information, the categories of Personal Information that we have disclosed, and the categories of third parties with which the information was shared. To request this information please contact us at privacy@doppler.com.


  • Right to Opt-Out. Doppler does not sell Personal Information to third parties for monetary or other valuable consideration.


  • Deletion. You may request that we delete the Personal Information we have collected about you (subject to certain exceptions). Please be aware that we may keep certain information as required or permitted by applicable law. To exercise this right, please contact us at privacy@doppler.com or using our contact information below.


  • Authorized Agent. You may designate an authorized agent to make a request on your behalf. To do so, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government-issued identification. To verify the request, we may contact you directly.


  • Right to Non-Discrimination. Limiting use of, or deleting, your Personal Information may affect features and uses that rely on that information. However, we will not discriminate against you for exercising any of your rights, including denying you goods or services, providing you with a different level or quality of services, or charging you different prices or rates for services.


  • Shine the Light. California Civil Code § 1798.83, also known as the “Shine The Light” law, permits California residents to request and obtain from us, once a year and free of charge, information about categories of Personal Information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared Personal Information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

Children’s Privacy

Our Services are intended for adults and we do not knowingly collect Personal Information from children. If you are a parent or legal guardian and think your child under the age of 13 (or a higher age threshold where applicable) has given us Personal Information without your consent, please contact us at privacy@doppler.com.


Links to Other Websites and Third-Party Content

We may provide links to third-party websites, services, and applications that are not operated or controlled by Doppler. This Privacy Policy does not apply to the privacy practices of those third parties. The fact that we link to a website, service, or application is not an endorsement, authorization, or representation of our affiliation with that third party. We encourage you to review the privacy policies of any third-party service before providing any Personal Information to or through them.


Data Transfer

Personal Information we collect may be stored and processed for the purposes set out in this Privacy Policy in the United States where we are based or in any country where we have operations or where we engage vendors or service providers. These countries may not have the same data protection laws as the country in which you originally provided the data. By using our Services or submitting your Personal Information to us, you agree to such transfers.


Where Personal Information is transferred outside the European Economic Area to a third party in a country that is not subject to an adequacy decision by the EU Commission, the information is adequately protected by Standard Contractual Clauses, an appropriate Privacy Shield certification, or a vendor’s Processor Binding Corporate Rules. If you would like a copy of the relevant mechanism please contact us at privacy@doppler.com.


Data Retention

We only keep your Personal Information for so long as reasonably necessary for the purposes described in this Privacy Policy, as required by law, or as necessary to resolve disputes and enforce our rights and agreements. To dispose of Personal Information, we may anonymize it, delete it, or take other appropriate steps. Data may persist in copies made for backup and business continuity purposes for additional time.


Security

Doppler uses robust administrative, physical, and technical safeguards which we believe are appropriate to protect the confidentiality, integrity, and availability of your Personal Information. Among other things we use end-to-end encrypted communication channels, encrypt data at rest, and prohibit our employees from accessing sensitive customer data without explicit customer permission. We also regularly review and update our policies and practices to improve our security readiness. However, while we make reasonable efforts to protect Personal Information from loss, misuse, or alteration by third parties, you should be aware that there is always some risk involved in transmitting information over the Internet and storing information electronically. Doppler cannot and does not guarantee absolute security. If you believe your Personal Information has been compromised through your use of our Services, please contact us immediately at privacy@doppler.com.

To learn more about how data flows through our systems, where and how it is encrypted, and how your secrets are secured at rest with our security partner, please visit the Doppler Security Page.


Changes to Our Privacy Policy

We may change this Privacy Policy from time to time to reflect changes in our practices or in the law. If we make changes to this policy, we will post the updated Privacy Policy on our website and indicate when it was last revised. You are advised to review this policy periodically to stay informed of our practices. If we make material changes, we may provide you with additional notice, such as posting a statement on our homepage or sending you an email notification, if we have your email address on file. Your continued use of the Services after the revised Privacy Policy has become effective indicates that you have read, understood, and agreed to the current version of this Privacy Policy, to the extent permitted by law.


Contacting Us

If you have any questions about our Privacy Policy or how we protect your Personal Information please contact us at privacy@doppler.com or you write us at 340 S. Lemon Avenue #5880 Walnut, CA 91789.