Privacy Policy

Last Modified: July 26, 2024

This privacy policy (the “Privacy Policy") describes how Cockroach Labs, Inc. (“CRL,” “we,” or “us”) collects, uses and discloses personal information (“Personal Information”) about you when you visit any of the websites owned or operated by CRL (collectively, the “Sites”), any of our products or services (collectively, the “Services”), or when you otherwise interact with us.

Other websites may follow different rules regarding the use or disclosure of the information you submit to them. We encourage you to read the privacy policies or statements of other websites you visit before providing your information to them.

We may change this Privacy Policy from time to time. If we make substantial changes, we will notify you by revising the date at the top of this Privacy Policy and adding a notice to our homepage, and by sending you an email if you have provided us an email address and have not opted out of receiving legal notices from us. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all the changes.

The Sites and Services are not intended for children. We do not knowingly collect or solicit Personal Information from anyone under the age of 13. If you are under 13, please do not attempt to use the Site or Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us Personal Information, please contact us at info@cockroachlabs.com.

Information We Collect

Personal Information You Provide to Us

We collect Personal Information you provide us. This includes, for example, information you provide when you sign up for or attempt to pay for one of our Services, participate in any interactive features of the Sites or the Services, fill out a form, register for white papers, web seminars, and other events, or otherwise communicate with us via the Sites, the Services, third party digital properties or any other means. Some examples of information you might provide us include your name, email address, mailing address, credit/debit card information, and demographic information.

Personal Information We Collect Automatically When You Use the Sites or the Services

When you access or use the Sites or Services, we automatically collect certain Personal Information about you. This information includes:

  • Log Information: We log information from your use of the Sites and the Services, including your device information, access times, IP address, pages viewed, and the page you visited before navigating to one of our Sites and/or using the Services. We use this information for analytics, marketing, product improvement, and security monitoring purposes.

  • Device Information: We collect information about the computer or device you use to access the Sites and the Services, including the hardware model, operating system and version and unique device identifiers. We use this information for analytics, marketing, and product improvement, and security monitoring purposes.

  • Interaction Information: We collect information about how you navigate and interact with the Sites and the Services. We use this information for analytics, marketing, customer support, product improvement, and security monitoring purposes.

Information Collected by Cookies and Other Tracking Technologies: We use various technologies to collect information, including Cookies, JavaScript tags and web beacons. Cookies are small data files stored on your hard drive or in device memory, while web beacons (also known as “tracking pixels”) are non-visible electronic images. These technologies are used for analytics and product improvement purposes, such as seeing which areas and features of our Sites and Services are popular or determining whether an advertisement has been viewed or clicked or if email has been opened and acted upon. For more information about Cookies, and how to disable them, please see the “Cookies” section below.

Personal Information We Collect from Other Sources

We may obtain information about you from other sources. For example, if you create or log into your account with us using your login with a third party, such as Google, Microsoft, or GitHub, we may be provided certain information about you by those sites, such as your name, log-in credentials, account information, and friends lists, in accordance with the authorization procedures determined by those sites. We may combine information about you that we receive from other sources with other information we have collected about you. We may receive Personal Information about you from third parties that resell or otherwise provide our products and services and from lead generation providers, content and event sponsors and social media platforms. The information we collect from these sources may include marketing, contact information (name, email, company, address, job title), information about your profile on those platforms. We may combine this information with the information we collect and use it to support our marketing activities.

How we Use Your Personal Information

We use your Personal Information for legitimate business purposes. We may use your Personal Information to:

  • Provide, deliver, maintain, test and improve our Sites and Services;

  • Communicate with you, including notices regarding changes to our terms and policies, technical notices, Service-related updates, confirmations, requests for feedback, security alerts and support and administrative messages;

  • Respond to your comments, questions, and requests, and to provide customer support;

  • Send you advertisements and communications about products, services, offers, promotions, rewards and events offered by CRL and others and measure the effectiveness of those advertisements and communications;

  • Distribute news and information that we think may be of interest to you;

  • Monitor and analyze trends, usage and activities regarding our Sites and Services; and

  • Protect our Sites and Services from security breaches, abuse, or other harm, including to detect, investigate, and prevent suspected breaches of the terms applicable to your use of our Sites and Services.

We will not use your Personal Information for purposes that are materially different from the purposes described above without your authorization.

We may create Anonymous Data using your Personal Information, provided that it excludes information that makes the data personally identifiable to you. We may use Anonymous Data at our discretion, including to help us understand and improve the Services (including through diagnostic reporting), our advertising, and for analytics purposes. For more information about diagnostics reporting (including how to opt-out), please visit https://www.cockroachlabs.com/docs/stable/diagnostics-reporting.

Lawful Basis - for our European Users only

For our users based in the UK and the European Economic Area ("EEA"), the General Data Protection Regulation ("GDPR") (as applicable in either the UK or the EEA) will apply to our processing of your Personal Information. We always ensure that we have a "lawful basis" under GDPR for processing your Personal Information. This means we have a legitimate reason recognized by the GDPR for processing your information and using at as we have set out in this Privacy Policy. Our lawful basis will be as follows:

  • for the purpose of performance of our contract with you and so that we can provide, manage, maintain, and secure the Services you request;

to fulfil our legitimate interest (a) to operate and improve our business, including to administer, protect, and improve our Sites, Services and our systems, to develop new products and services, and for other internal business purposes; and (b) to better understand the preferences of the users of our Services, compile aggregated statistics about usage of our Services, and help personalize your experience of our Sites and Services;

  • to comply with legal obligations, including to defend CRL against any legal claims or disputes;

  • with your consent, where required by law.

How We Share Your Personal Information

We may share your Personal Information with third parties as described in this section.

Anonymous Data: We may de-identify your Personal Information so that it no longer permits anyone to identify you (“Anonymous Data”). We may share Anonymous Data, including aggregate usage information, with third parties at our discretion.

Public Profiles & Information you Post: If you choose to create a profile and post in any community spaces, forums or discussion boards on the Sites, other visitors to the Sites may be able to see certain Personal Information in your profile, such as your username, and profile picture. Any content that you submit or post in any community spaces, forums, or discussion boards on the Sites may be publicly visible, including by other visitors to the Sites.

Vendors and Service Providers: We may share your Personal Information with vendors, consultants and other service providers who need access to such information to help us with our business activities, perform work or provide services on our behalf. We may use third parties to collect information on our behalf, and these entities may use Cookies, web beacons and other technologies to collect information on our behalf about your use of the Sites and Services, including, among other things, your IP address, web browser, pages viewed, time spent on pages, links clicked and conversion information. For example, we use Google Analytics to collect information about the Services and your use of the Services in order to understand how our Services are operating and to improve the Services. If you would like more information on how Google uses data when you use the Services, please refer to the "How Google uses data when you use our partners' sites or apps" section of Google’s policies, located at www.google.com/policies/privacy/partners/.

Advertising Partners: We may share your Personal Information with advertising partners for the interest-based advertising purposes described in the “Cookies” section below.

Business Transfers: We may share your Personal Information with other companies under our common control (“Affiliates”) and such Affiliates will honor this Privacy Policy. If a third party acquires us or our assets, or we go through some other change of control, Personal Information could be transferred to or acquired by a third party.

Compelled Disclosures: We may disclose your Personal Information when we reasonably believe it is required by law, subpoena or other legal process.

Other Disclosures: We may disclose your Personal Information when we believe in good faith that disclosure is necessary to protect the property or rights of CRL or any third party, investigate or protect against violations of our terms of use and policies, fraud or illegal activity, reduce credit risk, or protect the safety of the public or any person.

We do not sell your Personal Data as we understand the term sale to be defined by the CCPA. We may share Personal Information with your consent or at your direction, including if we notify you through any of the Services that the information you provide will be shared in a particular manner, and you choose to provide such information.

Your Rights

You may be entitled to exercise certain data subject rights available under the General Data Protection Regulation, the United Kingdom General Data Protection Regulation, the California Consumer Privacy Act, the Data Privacy Framework or other privacy laws. These rights may include the right to request access to, and rectification or erasure of, Personal Information. You may also have the right to object to, or request that we restrict, processing of your Personal Information. Where we are relying on your consent to process your Personal Information, you may have the right to withdraw your consent, though in such a circumstance we may no longer be able to provide certain Services to you. If you would like to exercise any of these rights, please contact us at info@cockroachlabs.com.

If you are in the EEA or the UK and you have any concerns about our processing of your Personal Information, you have the right to make a complaint to a data protection supervisory authority. If you are in the UK, the supervisory authority is the Information Commissioner's Office ("ICO"). You can visit their webpage at www.ico.org.uk.

For Swiss individuals with concerns about our processing of your Personal Data, you have the right to make a complaint to a data protection supervisory authority. If you are in Switzerland, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner (“FDPIC”). You can visit their webpage at https://www.edoeb.admin.ch/edoeb/en/home.html.

If you are in the EEA, you find your local data protection authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

You may opt out of the cookie-based sharing or use of your Personal Information for targeted advertising. To exercise this right, follow the instructions in the “Cookies” section below, which explain how to modify the use of advertising Cookies on your device.

You are entitled to exercise the rights described above free from discrimination.

California residents can empower an “authorized agent” to submit requests on their behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws.

Cross-Border Data Transfers

CRL is a global company headquartered in the United States. Your Personal Information may be transferred, stored, and processed inside and outside of the United States, including in jurisdictions that may not provide the same protections as the data protection laws in your home country. CRL relies on appropriate safeguards to transfer your Personal Information between countries lawfully, in particular by relying on an EU Commission or UK government adequacy decision/regulation for transfers outside of the EEA and the UK, on contractual protections for the transfer of Personal Information, or on the EU-U.S. Data Privacy Framework (for more information about the EU-U.S. Data Privacy Framework, please see the “Data Privacy Framework” section below).

For more information about how we transfer Personal Information internationally, please contact us as set out in the “Contact Us” section below.

Data Privacy Framework

CRL complies with the EU-US Data Privacy Framework as set forth by the U.S. Department of Commerce (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively, “Data Privacy Framework”). CRL has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of Personal Information received from the EEA in reliance on the EU-U.S. DPF and from the UK (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. CRL has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles” and, collectively with the EU-U.S. DPF Principles, the “Principles”) with regard to the processing of Personal Information received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework, and to view our certification, please visit https://www.dataprivacyframework.gov.

CRL may be liable under the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles in cases of onward transfers to third parties.

CRL will respond to complaints by individuals about its compliance with the Principles with respect to their Personal Information (each, an “Individual Complaint”) within 45 days. If you have inquiries or complaint, please contact us at info@cockroachlabs.com.

If an Individual Compliant is not resolved, the individual may contact our US-based third-party dispute resolution provider JAMS, an independent dispute body, at https://www.jamsadr.com/DPF-Dispute-Resolution, to investigate and resolve the issue.

If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Data Privacy Framework Panel. For more information on this option, please see Annex I of the Data Privacy Framework Principles at https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

CRL may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

The Federal Trade Commission has jurisdiction over our compliance with the Data Privacy Framework.

Retention

We don't want to hold on to any of your Personal Information for longer than we need to. We delete your Personal Information as soon as we no longer require it to provide our Services unless there is a legal obligation we are subject to which requires us to hold onto it. For instance, if you opt-out of marketing from us, we may keep a record of your opt-out for longer so that we can demonstrate we respect your preference. We may keep anonymized information indefinitely.

Security

Your account is protected by a password for your privacy and security. If you access your account via a third-party site or service, you may have additional or different sign-on protections via that third party site or service. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password and/or other sign-on mechanism appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

CRL is committed to safeguarding the confidentiality of your Personal Information. As part of that commitment, we take reasonable administrative, physical, and electronic measures to help protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration or destruction. Please be aware, however, that no method of transmitting information over the Internet or storing of information is completely secure. Accordingly, we cannot guarantee the absolute security or secrecy of any of your Personal Information.

Account Information

You can review, amend, correct, or delete certain Personal Information such as your username, profile picture, email, and password, by accessing your password-protected account page. If you want us to delete information relating to any of your accounts on your behalf, please email us at support@cockroachlabs.com with your request. Note that we may retain certain information as required by law, or for business reasons as we deem necessary to fulfill the purposes identified in this Privacy Policy. We may also retain cached or archived copies of your information (including location information) for a certain period of time. The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us at info@cockroachlabs.com.

Cookies

Most web browsers are set to accept Cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser Cookies. Please note that if you do choose to remove or reject Cookies, this could affect the availability and functionality of the Sites and certain of the Services.

As stated above, our Site uses Cookies and/or other similar technologies such as device-IDs, pixel tags and web beacons to collect and store information about you.

What are Cookies?

Cookies are usually pieces of information or code that a website transfers to or accesses from your computer or device to store, and sometimes track, information about you.

Cookies let websites remember you and your preferences, manage different features and content, store searches, and personalize content.

How does our Site use Cookies?

Our Site uses Cookies (alone or combined) to create a unique device ID, and to distinguish you from other users. This helps us to improve your experience and improve our Site.

Some Cookies only last while you use our Site. Some Cookies are used to remember you when you visit again, and will last for longer.

We use strictly necessary Cookies if it is in our legitimate interests (balanced with your rights). We use all other Cookies with your consent.

What Cookies do we use?

We use the following types of Cookies:

TECHNICAL/ FUNCTIONAL COOKIES

Technical Cookies are essential for you to be able to move around the Sites and use their functions. These Cookies enable the different functions of the Sites, make your browsing more secure or provide functionalities that are previously requested by you. As they are necessary for the operation of the Sites, these Cookies are enabled by default and cannot be refused.

We may use Cookies necessary to save your selection of Cookies in our configurator, to stabilize your navigation or to make it more secure.

These Cookies are necessary for the operation of the Site and therefore cannot be deactivated.

PERSONALIZATION COOKIES

These Cookies are those that allow information to be remembered so that you can access the Service with certain characteristics that may differentiate your experience from that of other users, such as, for example, the language, the number of results to be shown when the user performs a search, the appearance or content of the Service depending on the type of browser through which the user accesses the Service or the region from which the user accesses the Service, etc. In the event that this personalization is necessary for the operation of the Site or is requested directly by you, they will remain active as they are essential for the operation of the Site.

ANALYTICAL COOKIES

These Cookies make it possible to monitor and analyze user behavior, including the quantification of the impact of advertisements. The information collected through this type of Cookies is used to measure the activity of the Site in order to make improvements based on the analysis of the data on the use made by users of the Service.

In some geographic regions, you will have the option to accept or reject the installation of these Cookies.

ADVERTISING COOKIES

These Cookies are those that store information on the behavior of users obtained through the continuous observation of their browsing habits, which allows the development of a specific profile to display advertising based on this or to carry out certain treatments and advertising actions. Similarly, through the use of these Cookies you may receive CRL advertisements on third party websites. You can accept or reject the installation of these Cookies.

Disabling Cookies

The effect of disabling Cookies depends on which Cookies you disable but, in general, the Site may not operate properly if all Cookies are switched off.

If you want to disable Cookies on our Site you need to change your website browser settings to reject Cookies. How you can do this will depend on the browser you use.

Microsoft Internet Explorer

1. Select the Tools menu > Internet Options

2. Click on the Privacy tab

3. Click on Advanced within the Settings section and select the appropriate setting

Google Chrome

1. Select Settings > Advanced

2. Under Privacy and Security > Content settings.

3. Click Cookies and select the relevant options

Safari

1. Select Preferences > Privacy

2. Click on Remove all Website Data

Mozilla Firefox

1. Choose the Tools menu > Options

2. Click on the Privacy icon

3. Select the Cookie menu and select the relevant options

Opera 6.0 and further

1. Choose Files menu > Preferences

2. Select Privacy

We may also separately prompt you regarding our use of Cookies on the Site.

Promotional Communications

You may opt out of receiving promotional communications from CRL by following the instructions in those communications. If you opt out, we may still send you non-promotional communications, including those relating to your current accounts or your use of the Services.

You can manage your email preferences here.

Opting Out & Do Not Track Policy

We may disclose your Personal Information to third party agents and service providers to perform tasks on our behalf and pursuant to our instruction as described above (collectively, “Processors”) that relate specifically to making our products and services available to you. We enter into contracts with each of our Processors. You will not be able to opt out of such disclosures, since those Processors are operating on our behalf and at our instruction in order to help make our products and services available to you. You do have the ability to opt out of receiving promotional communications, by following the instructions in those communications; see the “Promotional Communications” paragraph above for more information. You also have the ability to opt out of having your web browsing information used for behavioral advertising purposes; see the “Disabling Cookies” paragraph above for more information.

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using the Services and after you leave our Services.

CRL does not use your Personal Information for purposes that are materially different from the purpose(s) for which that data was originally collected.

Contact us

If you have any questions or concerns about this Privacy Policy or any privacy issues, please email us at: info@cockroachlabs.com.