Privacy Policy

Your privacy is important to us and maintaining your trust is one of our highest priorities. This Privacy Policy provides you with a description of how we collect and use data relating to or identifying individuals (“Personal Data”). We also provide information on privacy rights, how to exercise these rights and how to contact us with any questions.

1.2 INTRODUCTION TO BRAZE

Braze is a U.S. company, headquartered in New York, with global operations. A reference to “Braze,” “we,” “us” or the “Company” is a reference to Braze, Inc. and the relevant affiliate(s) involved in the processing activity.

Braze is a life-cycle engagement platform for companies around the world, supporting stronger relationships between brands and their clients, primarily by leveraging first party data to personalize and automate life-cycle marketing campaigns through first party channels, such as email, SMS, mobile and web push notifications, and in-app/in-browser messaging.

More information about Braze can be found at www.braze.com.

Our Japanese website can be found at https://www.braze.co.jp/.

1.3 SCOPE OF THIS POLICY

What is in Scope?

This Privacy Policy applies to Braze, where we determine the purposes and means of the processing of Personal Data for our marketing or business purposes (further details below) and in such capacity, we will use the term “Data Controller”.

What is not in Scope?

Our Websites and Services are intended to be used by businesses and their representatives. We do not offer any products or services to individuals for personal, family or household use. All Personal Data that we process is treated as belonging to individuals in a business capacity.

Braze’s privacy commitments to its customers, where we process Personal Data on behalf of our customers, are outlined in Braze’s agreements with such customers. In our capacity as a processor of our customers’ data, we will refer to ourselves as a “Data Processor.” Specifically, in that capacity, Braze processes Personal Data of people who interact with customer applications or websites that are offered by our customers and that have incorporated Braze technology (“Customer Applications”). The protections that apply to such Personal Data will be described in the individual privacy policies of those customers, and not in this Privacy Policy. If you wish to learn more about the privacy and data security practices of those customers, you should reach out to them directly. For clarity, this Privacy Policy does not cover any Personal Data that our customers choose to collect and share with Braze, where Braze is not the Data Controller, but is instead a Data Processor.

Individuals who are interested in, apply for, or are recruited for a job with Braze can find our related privacy practices described in our Candidate Privacy Policy.

Additionally, our Websites or Services (as defined below) may contain links to other websites, applications and services maintained by third parties. The privacy and data security practices of such third-party sites and/or services are governed by the privacy statements of those third parties, and not by this Privacy Policy.

PART II. DATA COLLECTION AND USE

2.1 DATA COLLECTION

The Personal Data that Braze collects will be determined by your interaction with Braze, our partners, Braze publications and other sources.

How and where do we collect data?

Braze collects Personal Data from prospects, customers, participants at our trainings, certifications and events, business partners and vendors (if they are natural persons), their respective employees, advisors, and/or consultants, along with the data of whomever our customers have authorized to use the Braze services (the “Services”) on their behalf (collectively, “Individuals”), who:

Visit our websites (the “Websites”);
Visit our offices;
Receive/send communications from/to us, including via mail, email, phone call, Slack, chat features of our Websites, support tickets or texts;
Use our Services as an authorized user (for example, an employee of one of our customers who has been given a log-in to access our Services);
Register for, attend and/or otherwise take part in our events, webinars, contests, trainings and certification courses;
Download or otherwise engage with Braze content and publications, such as viewing our videos, reading content on our Websites, or interacting with our chat bot;
Submit requests for an action, support or information;
Participate in meetings or events;
Engage with our resellers or partners;
Work at partners or suppliers of Braze and interact with our company in the course of doing business or contemplating doing business with us; or
Otherwise directly interact with Braze.

Braze collects Personal Data from a variety of sources, such as from:

The Individual who is the subject of such Personal Data, including in their use of the Websites and the Services;
Publicly available sources, such as an individual’s social media account, online communities, forums, blogs or chat rooms;
Our business partners;
Vendors; and
Braze affiliates.

What type of data do we collect?

Personal Data that we may collect includes, but is not limited to:

Name and job title;
Contact information such as email address, business phone number, and business address;
Industry;
Employer;
Marketing subscription status;
Audio and video recordings of meetings, event attendance and preferences associated with in person event attendance such as dietary preferences;
Trainings and certifications;
Downloads or engagement with Braze reports and other publications;
Communications that we exchange with you, including when you contact us with questions or feedback, through the support portal, email, calls to our support team, our chat features, social media, survey participation, or otherwise;
Certain information in connection with the use of the Websites by visitors and the Services by authorized users, and information about your interaction with other relevant third-party pages displaying Braze content, which may include:
- Device Data: information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, and operating system and system configuration information; and
- Usage Data: information, such as activity on the Websites and Services, the pages and files viewed, actions taken, conversations through our chat features, searches, account configuration information and date/time stamps associated with your usage.

Some of the information described above is collected through our Websites and our Services using logs, cookies and/or other tracking technologies. To read more about the cookies and tracking technologies we use, please visit our Cookie Policy. You can manage your cookie consent preferences by visiting our Cookie Consent Manager.

We also use session replay technology provided by third-party vendors to record the interactions and Personal Data of dashboard users of our Services. We and such third-party vendors may use information from these recordings, which may include the Usage Data detailed above. Personal Data within these recordings may be processed for the purposes outlined in Section 2.2 of this Privacy Policy. Such recordings do not include Personal Data for which Braze is a Data Processor.

2.2 PURPOSES OF PROCESSING

Braze collects Personal Data for several purposes, including:

Enabling us to understand and engage with those who are interested in learning about our products, services, content, and company-related initiatives;
Promoting the security of our Websites and Services by tracking use of our Websites and Services, enforcing our terms and policies, investigating and preventing fraudulent, suspicious or illegal activities, and preventing unauthorized access to the Services;
Providing, operating, and maintaining the Services including billing and account management purposes;
Responding to requests for action, support or information;
Complying with our contractual obligation to provide technical and customer success support;
Registering office visitors to maintain the security of our offices and to ensure the confidentiality of our business activities;
Analyzing our customers' use of the Services and Websites for trend monitoring, marketing, advertising, business development, for improvements, for security purposes and to ensure continued proper functioning;
Marketing purposes;
- To send marketing communications about us and our affiliates and partners, including information about our products, promotions or events via email and other channels;
- To facilitate targeted advertising campaigns;
To send marketing communications about us and our affiliates and partners, including information about our products, promotions or events via email and other channels;
For internal training and research;
Sending messages to the users of our Services with respect to technical alerts, updates, security notifications, and educational, administrative or transactional communications; and
Complying and assisting with legal obligations, judicial proceedings, court orders and legal processes, pursuing remedies available to us and limiting our damages, responding to lawful requests and pursuing internal investigations.

Where we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to comply with our legal obligations or perform our contract with you.

If you provide us with Personal Data relating to another person, you confirm that you have informed them of our identity, the purposes (as set out above) for which their Personal Data will be used, and that you have obtained their consent prior to sharing their Personal Data with us.

2.3 DISCLOSURE OF INFORMATION TO THIRD PARTIES

We may disclose Personal Data to the following types of third parties and for the following purposes:

Braze Affiliates - We may disclose Personal Data to Braze corporate group affiliates in connection with customer or technical support, marketing, business development, operations, account management, events or webinars, for general business purposes, in order to protect, exercise, establish or defend legal rights, where we are legally required to do so and to receive professional advice.
Partners - If you use our Websites to register for an event or webinar organized by one of our partners, we may disclose your Personal Data to these partners to process your registration and manage your participation in the event. In such instances, our partner will process the relevant Personal Data as a separate controller and the partner’s use and control over your Personal Data will be governed by their privacy policy. We may also disclose your Personal Data to technology and solutions partners in connection with customer or technical support, marketing, business development and account management.
Vendors – We may disclose Personal Data to third party vendors and service providers for general business purposes and to support our internal operations, including IT solutions vendors, marketing vendors, advertising vendors, consultants, professional advisers acting as processors or controllers, including lawyers, bankers, auditors and insurers. We may also disclose Personal Data where we believe it necessary in order to protect or exercise, establish or defend our legal rights.
Shared Communities - Any Personal Data or other information you choose to submit in communities, forums, blogs or chat rooms on our Websites may be read, collected and used by others who visit these forums, depending on your account settings.
Law Enforcement - We may disclose Personal Data to a third party where we are legally required to do so in order to comply with any applicable law, regulation, legal process or governmental request, including government authorities, law enforcement and others.
Corporate Transaction Participants - We may transfer Personal Data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

PART III. INTERNATIONAL TRANSFERS, SECURITY AND DATA RETENTION

3.1 PROCESSING OF PERSONAL DATA IN THE U.S. AND ELSEWHERE

Braze, Inc. is located in the United States ("U.S.") and our group companies operate in Singapore, Germany, Japan, Canada, France, Australia, Indonesia, the United Kingdom ("UK"), Ireland, Romania, Brazil and South Korea. Braze works with vendors and partners who operate predominantly in these countries. From time to time, we may work with vendors and partners in other parts of the world where we do business. This means that when we collect your Personal Data, we may process it in any of these countries. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective), but we have in place appropriate safeguards and international transfer mechanisms (e.g., the Data Privacy Framework or the EU Standard Contractual Clauses). We also implement a number of supplementary measures designed to better protect the Personal Data with which we are entrusted.

Where available, Braze, Inc. complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union, the UK and Switzerland, as applicable, to the US in reliance on the Data Privacy Framework. Please visit our Data Privacy Framework Notice for further information.

For non-US transfers, Braze may rely on an alternative transfer mechanism, including the 2021 EU Standard Contractual Clauses, to transfer Personal Data from the UK and European Economic Area ("EEA") to other third-party countries.

3.2 SECURITY

We use a number of technical, organizational and administrative security measures designed to protect the security, confidentiality and integrity of information. However, security risk is inherent in internet and information technologies and we cannot guarantee the security of your Personal Data.

3.3 DATA RETENTION

We will retain Personal Data we collect from you for so long as we have an ongoing legitimate business need to do so (in connection with the purposes set out in Part II above). We determine the appropriate retention period for Personal Data on the basis of the purpose for which we process the Personal Data, the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation). When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it.

PART IV. YOUR PRIVACY RIGHTS

4.1 EXERCISING YOUR PRIVACY RIGHTS

You may have the right under applicable law to request that we take certain actions in connection with Personal Data that we may have about you. Not all jurisdictions grant privacy rights, so whether or not you have any such rights, and the nature of those rights, if any, are determined by multiple factors, including your location, country, state, or place of residence. Privacy rights may include the following:

Information: You may be able to request information about the categories of Personal Data we collect, the categories of sources from which we collect it, the purposes for which we process it, and the categories of third parties to whom we disclose it.
Access: You may be able to request access to the Personal Data we hold about you.
Rectification/correction: You may be able to request modification or correction of your Personal Data if it is inaccurate or incomplete.
Erasure/deletion: You may be able to request that we delete Personal Data we hold about you.
Restriction: You may be able to request that we restrict use of your Personal Data.
Objection: You may be able to object to the processing of your Personal Data for direct marketing or where our legal basis for the processing is our legitimate interest.
Portability: You may be able to request a copy of your Personal Data in a structured, commonly used, machine-readable format, to allow you to transfer your data to another provider.
Automated Decision Making: You may be able to request not to be subject to a decision based solely on automated processing, where it produces a legal or similar effect.

If you wish to exercise any of these requests, please fill out this form. We will respond to requests from individuals wishing to exercise data protection rights applicable to them. For certain rights, such as where you request access to Personal Data, we will need to confirm your identity. To verify your identity, we will require you to provide ID, where permitted or required by applicable law. You also have the right to exercise your applicable privacy rights free from discriminatory treatment and retaliation as prohibited by applicable law. These rights are not absolute, and in certain cases we may decline or partially decline your request as permitted by law.

You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local supervisory authority. If you have a question about your privacy rights, please email us at privacy@braze.com.

4.2 PRIVACY RIGHTS AND BRAZE CUSTOMERS

Braze customers may collect Personal Data through their websites or applications and send that data to the Braze Services. Where you wish to enforce any of your rights in respect of such data, we encourage you to contact the customer who provides you with the Customer Application, as this will be the quickest way to have your request processed. Where you submit a request about a Braze customer and you are able to identify the customer, we forward your request to the customer to handle.

4.3 MARKETING AND ADVERTISING

At any time, you have the right to opt-out of marketing communications that we send, or object to the use of your personal data for behavioral advertising. You can exercise these rights by visiting the Braze Preference Center, or by using the contact details provided under the “How to Contact Us ” heading below. Authorized users of the Services may exercise this right through preference center options available within the Services. Where applicable, you may also opt-out through unsubscribe options available within the marketing communication itself.

Please note that opting-out of the receipt of marketing communications or objecting to the use of your personal data for behavioral advertising does not opt you out of receiving important business communications related to your current relationship with us, such as communications about event registrations, service announcements or security information.

4.4 COOKIES AND OTHER TRACKING TECHNOLOGIES

You can manage your cookie preferences by visiting our Cookie Consent Manager. Please see our Cookie Policy for further information on cookies and other tracking technologies.

4.5 CHAT TECHNOLOGIES

We use chat technologies provided by third-party vendors that employ cookies and software code to operate the chat features you can use to communicate with us through our Websites. We and such third-party vendors may monitor, record and use information from your interactions with our Websites. This information includes details you have shared through online chats, data on sections of the Website you have visited, your IP address and your general geographic information (e.g., city, state). This Personal Data may be processed for the purposes outlined in Section 2.2 of this Privacy Policy.

PART V. LEGAL BASIS FOR PROCESSING PERSONAL DATA

If you are from a region that requires us to have a legal basis for processing your Personal Data, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

However, we will normally collect Personal Data from you only where we have your consent to do so, where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.

PART VI. IMPORTANT INFORMATION FOR CALIFORNIA RESIDENTS

If you are a California resident, this section applies to you in addition to the rest of the Privacy Policy. It provides more detail on how we collect, use and disclose Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this Part VI, Personal Information has the meaning given in the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”). However, this Part VI does not apply:

To information exempted from the scope of the CCPA;
To Personal Information we collect, use, and disclose on behalf of our customers as a "service provider" under the CCPA for purposes of providing our Services to them.

6.1 YOUR CALIFORNIA PRIVACY RIGHTS

As a California resident, you have information, access, rectification/correction, erasure/deletion, and non-discrimination rights as described in Part IV (Your Privacy Rights). In addition, you have the right to opt-out of the “sale” or “sharing” of Personal Information as those terms are defined by the CCPA.

If you have appointed an authorized agent to act on your behalf, your authorized agent may request to exercise these rights on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to applicable California law. If you have not provided your agent with such a power of attorney, we may ask you and/or your agent to take additional steps permitted by law to verify that your request is authorized, such as information required to verify your identity and that you have given the authorized agent permission to submit the request.

6.2 CATEGORIES OF PERSONAL DATA THAT WE COLLECT AND THIRD PARTIES TO WHOM THE DATA MAY BE DISCLOSED

The following chart describes our practices currently in use and in use during the past 12 months. This chart summarizes the Personal Information we collect by reference to the statutory categories specified in the CCPA, and the categories of third parties to whom we may disclose it for a business purpose. These third parties are defined in Section 2.3 (Disclosure of Information to Third Parties). Information you voluntarily provide to us, such as in free-form webforms or via email, may contain other categories of Personal Information not described below. The business/commercial purposes for which we use these categories of Personal Information listed in the below table are described above in Section 2.2 (Purposes of Processing). Our relevant data retention practices are addressed in Section 3.3 (Data Retention).

6.3 THE SALE AND SHARING OF PERSONAL INFORMATION

Like many companies, Braze uses services that employ cookies and other technologies to collect Personal Information (including the identifiers and internet activity information described in the table above) about your use of our Websites and other online services over time, which helps us to deliver behavioral advertising. In addition, we may provide your contact details to our advertising vendors for the placement of targeted ads. Braze may share contact details of business contacts with our technology or solutions partners during any sales negotiations. Our use of some of these services constitutes the “sale” or “sharing” of Personal Information as defined under the CCPA.

You may opt-out of such sales or sharing by clicking on the “Do Not Sell or Share my Personal Information” link in the footer of our Websites and following the instructions therein. You can also opt-out of advertising cookies by visiting our Cookie Consent Manager or by enabling Global Privacy Control (“GPC”) in your web browser or browser extension, which we recognize to the extent required by applicable law. Enabling GPC will automatically set your cookie settings to opt out of the sharing of Personal Information for behavioral advertising. If you choose to use GPC, you will need to turn it on for each supported browser or browser extension you use. Other than GPC, we do not recognize any “do not track” signals.

Authorized users of the Services can also opt-out of the selling or sharing of contact details through setting preference center options available within the Services.

While our Website and Services are not directed to children under the age of 16, we are required to inform you that we have no actual knowledge that we have sold or shared the Personal Information of California residents under 16 years of age.

6.4 SENSITIVE PERSONAL INFORMATION AND DE-IDENTIFIED DATA

Braze does not use or disclose Sensitive Personal Information (as defined by the CCPA) for restricted purposes that California residents have a right to limit under the CCPA.

We do not to attempt to re-identify de-identified information that we derive from Personal Information, except for the purpose of testing whether our deidentification processes comply with applicable law.

PART VII. IMPORTANT INFORMATION FOR JAPANESE VISITORS

7.1 PERSONAL DATA DISCLOSURE

Braze K.K. (“Braze Japan”) may disclose your Personal Data to Braze group affiliates and other third parties for the purposes described in Section 2.3 (Disclosure of Information to Third Parties). A list of the Braze office locations may be found on our Website. The categories or items of the Personal Data that Braze Japan may disclose to a third party are the same as those described in Section 2.1 (Data Collection). When Braze Japan discloses your Personal Data to entrusted third parties, Braze Japan shall be the entity that is responsible for processing and managing your Personal Data.

7.2 BRAZE JAPAN’S INFORMATION

Braze Japan’s official name, address and the name of the representative director is described in https://www.braze.co.jp/company. However, if you have any questions, requests or complaints about our processing of your Personal Data or this Privacy Policy, please follow the instructions described in Section 8.3 (How to Contact Us).

PART VIII. OTHER IMPORTANT INFORMATION

8.1 CHANGES TO OUR PRIVACY POLICY

If we change our Privacy Policy, we will update the “Last Updated” date at the top of this webpage. We encourage you to review this Privacy Policy frequently to stay informed of the latest modifications.

8.2 CHILDREN

Our Websites are not directed to individuals under the age of 16. We do not knowingly collect Personal Data from such individuals without parental consent and require our customers to fully comply with applicable law in the data collected from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us by using the information in the “How to Contact Us” section, below, and we will take steps to delete such Personal Data from our systems.

8.3 HOW TO CONTACT US

If you would like to update your preferences with regards to our marketing communications to you, you can do this in our Preference Center.
If you have a request regarding Braze’s processing of your Personal Data, please complete this Form.
If you would like to manage your cookie settings you may do so by visiting our Cookie Consent Manager.
If you have any questions about this Privacy Policy, if you have a complaint, or would like to contact our DPO, you may contact us at:

privacy@braze.com

Braze, Inc.
Privacy Policy Issues
Attention: General Counsel
63 Madison Building
28 East 28th Street
12th Floor Mailroom
New York, NY 10016
USA