This Policy is incorporated into and is subject to the Plotly Terms of Service. Capitalized terms used but not defined in this Policy have the meaning given to them in the Plotly Terms of Service.
The information we collect
Information from Other Sources
We may obtain information, including your personal information, from third parties and sources other than the Service, such as our partners, advertisers, and Integrated Services. If we combine or associate information from other sources with personal information that we collect through the Service, we will treat the combined information as personal information in accordance with this Policy.
Our Security Measures
Plotly uses the strictest security measures that are available for our cloud site. Plotly uses https, a protocol for secure network communication and Secure WebSockets to open interactive communication between a browser and a server.
We encrypt data in transmission with industry-standard SSL. Plotly uses Amazon Web Services (AWS) for our servers and data hosting—which has a robust security policy—so we use the same security measures AWS provides. Amazon’s data center operations have been accredited under: ISO 27001 SOC 1 and SOC 2/SSAE, 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX).
We rely on best practices and extensive testing, both internally and externally--for example, using a Nessus Vulnerability Scan and Tenable Security to monitor vulnerabilities. All development is peer-reviewed and every engineer is trained on the OWASP Top 10.
We perform automated secure code reviews against the entire code base and correct issues prior to our releases. We continually test our applications, and monitor logs for exceptions and errors and remedy any irregularities. We perform a secure architecture design review for the applications provided. Our developers receive software security training (such as OWASP Top 1). Passwords are encrypted with PBKDF2.
The Plotly Cloud product and Plotly Enterprise product allow users to make a plot public, private, or secret. A public plot is accessible to other users on the web. Other users have the ability to fork their own version of a public plot, but cannot modify the original plot. A private plot can only be accessed by a logged-in user with whom the plot is shared. A secret plot has a shared key associated with the plot and plot URL. Only a user with the specific URL can access the plot. Secret plots can be embedded in other apps and websites and will only be accessible to an individual browsing that page. Users can share plots and files with other users to collaborate. Permission to edit and collaborate can also be revoked. For more information on sharing and permissions, see our privacy pages for R, Python, MATLAB, and Plotly Cloud.
An organizational account on Plotly cloud has an administrator who can add and remove users. Plotly Enterprise supports LDAP.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the website like message boards. The information you share in public areas may be viewed by any user of the website.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
We use the information that we collect on the Service to understand and analyze the usage trends and preferences of our users, to improve the Service, and to develop new products, services, features, and functionality.
We also may disclose your information as may be required to enforce or apply our terms of service and other agreements, including for billing and collection purposes.
We may disclose your information to our subsidiaries and/or affiliates.
How long will we retain your information
We will keep hold of your data for no longer than necessary. The length of time we retain it will depend on any legal obligations we have (such as tax recording purposes), the nature of any contracts we have in place with you, the existence of your consent and/or our legitimate interests as a business.
You may, of course, decline to share certain personal information with us, in which case we may not be able to provide to you some of the features and functionality of the Service. You may update, correct, or delete you profile information and preferences at any time by accessing your account preferences page on the Service. If you wish to access or amend any other personal information we hold about you, or to request that we delete any information about you that we have obtained from the Service, you may contact us at email@example.com. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving commercial email from us, and any other promotional communications that we may send to you from time to time, by sending your request to us by email at firstname.lastname@example.org or by writing to us at the address given at the end of this Policy. We may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us in user account functionality on the Service.
Please be aware that if you opt-out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request, and you may receive promotional communications from us that you have opted-out from during that period. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Service.
We do not carry out any automated decision making or profiling on our website. Should this change we will update this policy accordingly.
We are committed to upholding your rights. If you think we have not done so, please contact email@example.com.
The Service may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service.
We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.
Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under the age of 13 without obtaining parental consent. If you are under 13 years of age, then please do not use or access the Service or provide any information on this website or on or through any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address or any screen name or user name you may use, at any time or in any manner.
If we learn that personally identifiable information has been collected on the Service from persons under 13 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 13 years of age has obtained an account on the Service, then you may alert us at firstname.lastname@example.org and request that we delete that child’s personally identifiable information from our systems.
Although we may allow you to adjust your privacy settings to limit access to certain personal information, please be aware that no security measures are perfect or impenetrable. We are not responsible for circumvention of any privacy settings or security measures on the Service. Additionally, we cannot control the actions of other users with whom you may choose to share your information. Further, even after information posted on the Service is removed, caching and archiving services may have saved that information, and other users or third parties may have copied or stored the information available on the Service.
We cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorized persons.
The Service is hosted in the United States and is intended for visitors located within the United States. If you choose to use the Service from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal information outside of those regions to the United States for storage and processing. We are committed to upholding your rights. If you think we have not done so, please contact email@example.com. European users may also file a complaint with the Information Commissioner’s Office (ICO) or the European Data Protection Supervisor if they believe that their rights have not been upheld. The ICO is the data protection regulator of the United Kingdom. The European Data Protection Supervisor is the European Union’s (EU) independent data protection authority.
Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Service. By providing any information, including personal information, on or to the Service, you consent to such transfer, storage, and processing.
Changes and Updates to this Policy
Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change.
Our Contact Information
Please contact us with any questions or comments about this Policy, your personal information, our use and disclosure practices, or your consent choices by email at firstname.lastname@example.org.
Plotly Technologies Inc.
5555 avenue de Gaspé, Suite 118
Montréal, Québec, Canada