Dragonfly Cloud announces new enterprise security features - learn more

DragonflyDB Privacy Policy

Last Revised: January , 2024

This Privacy Policy (the “Privacy Policy” or “Policy”) outlines how DragonflyDB Ltd. and/or any of its affiliates (“Dragonfly”, “we”, “us” or “our”) collect, use, and disclose information shared with or otherwise made available to us in connection the user (“User” or “you”) use of and/or access of to our website at https://dragonflydb.io/ (“Website"), our online managed in-memory data storage solution (“Solution”), or any other software, products and related services provided by us (collectively and together with the Solution the “Services”).

Capitalized terms that are not defined herein, shall have the meaning ascribed to them in our Website Terms of Use available at https://www.dragonflydb.io/terms and the Terms of Service available at https://www.dragonflydb.io/cloud-terms (collectively “Terms”) to which this Privacy Policy is incorporated thereto by reference. This Privacy Policy supplements and shall be read in conjunction with our Terms and our Cookie Policy, available here https://www.dragonflydb.io/cookie-policy (the “Cookie Policy”) and may be amended from time to time by additional privacy statements, terms, or notices provided to you.

PLEASE READ CAREFULLY THIS PRIVACY POLICY BEFORE ACCESSING AND USING THE SERVICES (OR ANY PART THEREOF). BY ENTERING, CONNECTING TO, ACCESSING AND/OR USING OUR WEBSITE OR SERVICES, YOU AGREE TO BE BOUND BY THE TERMS AND CONDITIONS SET FORTH IN THIS PRIVACY POLICY, INCLUDING TO THE COLLECTION AND PROCESSING OF PERSONAL INFORMATION (AS DEFINED BELOW) AND AS FURTHER DETAILED IN THIS POLICY.

PLEASE NOTE: you are not obligated by law to provide us with any Personal Information. You hereby acknowledge and agree that you are providing us Personal Information at your own free will, for the purposes described in this Policy, and that we may retain such information in accordance with this Policy and any applicable laws and regulations.

TO THE EXTENT THAT YOU PROVIDE US WITH ANY INFORMATION RELATED TO ANY THIRD PARTY OR ANY THIRD PARTY THAT IS NOT YOU, INCLUDING INFORMATION RELATED TO YOUR ORGANIZATION, PERSONNEL, COLLEAGUES OR CUSTOMERS, YOU ARE SOLELY RESPONSIBLE TO RECEIVE AND HEREBY REPRESENTING AND WARRANT THAT YOU HAVE RECEIVED AND YOU SHALL HAVE AT ALL TIMES, MAINTAIN THE CONSENT, AUTHORITY, PERMISSION AND APPROVAL OF SUCH THIRD PARTY TO ALLOW DRAGONFLY TO ACCESS, STORE, COLLECT, ANALYZE AND PROCESS SUCH INFORMATION AS DETAILED HEREIN.

2. SCOPE AND APPLICABILITY

Users of our Services may include (i) individuals who use our Solution in their capacity as employees or other personnel of our business customers (our business customers are hereafter a “Customer”) including individuals identifying as a Customer “admin” users or a Customer’s end-users, using or accessing the Services on a Customer’s behalf (each, a “Customer End-User”); (ii) visitors of the website (each, a “Visitor”); and (iii) Candidate(s) (as defined below).

IMPORTANT NOTE: where we process Personal Data of or about Customer End-Users, we do so on behalf of and under the instruction of the respective Customer (where such a Customer may be your employer, or other corporation on behalf of which you perform services, or otherwise are using our Service), Dragonfly does so in our capacity as a “data processor” on behalf of such a Customer. See below for more information about our practices as a data processor and the impact on your Personal Data in our possession.

The provisions of this Privacy Policy as they relate to Dragonfly’s independent privacy and data processing activities as a “data controller” – with respect to Users who are Visitors or Candidates and do not apply to the processing of Personal Data of Customer End-Users. If you are using our Services (including the Solution) as a Customer End-User, or if you otherwise have any questions or requests regarding Customer End-Users’ Personal Data, please contact the Customer on behalf of which you use the Solution.

3. THE INFORMATION WE COLLECT

We collect information from you when you use or interact with our Services. We divide the information we access and collect into two categories: Personal Information and Non-Personal Information. In this section, we describe each of the two categories of information which we may collect, and the applicable circumstances under which such collection is performed.

A. “Non-Personal Information” is un-identified and non-identifiable information pertaining to a user, which may be made available to us, or collected automatically via your use of the Services. Such Non-personal Information does not enable us to identify the person from whom it was collected, and mainly consists of technical and aggregated usage information which is not linked to an identifiable individual.

B. “Personal Information” is information that pertains or relates to a specific individual, where such individual is identified or may be identified with reasonable efforts or together with additional information, we have access to. Personal Information does not include information that has been anonymized or aggregated; provided that such information can no longer be used to identify a specific natural person. Personal Information that is collected by us may include the following types of information: name, email address, IP address, device identifier, organization identifiers, name, position, and other personal information provided or otherwise made available to us in connection with or as part of: (i) Contact us via the Website or otherwise; (ii) use of the Services; and (iii) engagement with our support services. In addition, the Personal Information we may collect also includes Candidates’ Information (as defined below).

Most of the information that we collect when you use or access our Services is Non-Personal Information, however we collect and process different types of Personal Data through the respective methods of collection discussed below.

If we combine Personal Information with Non-Personal Information, the combined information will be treated as Personal Information. Further Personal Information will only be stored and processed if you voluntarily provide it to us, e.g., through a contact form.

More specifically we collect and use the following categories and types of Personal Information in the following respective circumstances:

  1. Information you provide us actively and voluntarily when you use or interact with our Website and/or Services. Generally, this category refers to any information, data, or content you actively and voluntarily make available or provide us when and in order to use our Services, information you provide through our “Contact Us” online form or any similar input, and/or information you provide us in your email correspondence with us.
  2. Information we automatically obtain when you use or interact with our Website and/or Services: This category refers to any information we obtain through the Website and/or Services and which is derived, learned, or detected as a result of your access to and/or interaction with the Website and/or Services, for example technical and usage data such as IP addresses, approximate general locations derived from such IP addresses, device data (like type, operating system, browser version, location and language settings used), system logs of actions attributed to those IP addresses, and the relevant cookies and pixels installed or utilized on your device. We perform such automatic collection through use of analytics and system monitoring tools (including cookies and pixels and similar technologies as set forth in our Cookie Policy). Such means of collection allow us to collect information about the pages and screens Users view, the links they click, engagement within the Services, and technical data concerning the performance, functionality, and stability of the Website and Services.
  3. Personal Information collected from other sources: We may also collect Personal Information concerning you, from other third parties who have assured us that they have obtained your consent for such provision of information. For example, we may collect and use your contact information which we may have received from our Customer, your employer, or from another User who invited you to use our Services, as allowed by applicable national laws.

We collect, process and use your information for the purposes described in this Privacy Policy, based at least on one of the following legal grounds:

With your consent: We ask for your agreement to process your information for specific purposes, and you have the right to withdraw your consent at any time.

Provision of the Services: We collect and process your Personal Information in order to (i) provide you with our Services, following your acceptance of this Policy (in accordance with this Privacy Policy, while using technical and organizational measures, and in accordance with contractual obligations pursuant to applicable law); (ii) to maintain and improve our Services; and (iii) to develop new services and features for our Users; and (iii) to personalize the Services in order to provide better user experience.

Legitimate interests: We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. This means that we process your information for things like detecting, preventing, or otherwise addressing fraud, abuse, security, usability, functionality or technical issues with our services, protecting against harm to the rights, property or safety of our properties, our Users, or the public as required or permitted by law; enforcing legal claims, including investigation of potential violations of this Privacy Policy; and in order to comply and/or fulfil our obligations under applicable laws, regulations, guidelines, industry standards, contractual requirements, legal process, subpoena or governmental request, as well as our Terms of Use.

Compliance with legal obligations: We may use your Personal Data in order to comply with any applicable law, rule, regulation, guidelines, industry standards, or other governmental authority; respond to or defend against legal proceedings brought against us or our affiliates; prevent fraud; or investigate violations, and enforce our policies, including but not limited to our Terms.

5. USE OF YOUR INFORMATION

We may use information that we collect about you for the following purposes: (i) to provide, operate and improve our Services and Website and manage our business; (ii) to generate analysis and insights with respect to the Website and Services; (iii) to enable us to optimize and personalize our Services; (iv) to send you updates, notices, notifications, announcements, and additional information related to Dragonfly and the Services; (v) to create aggregated statistical data and other aggregated information and/or other conclusive information that is non-personal, in which we and/or our business partners might make use of in order to operate and improve our Services; (vi) To perform functions or services as otherwise described to you at the time of collection; (vii) if you are a Customer End-User to be able to contact you for the purpose of managing the engagement with you on behalf of the Customer and providing you with technical assistance, support and complaints and collect feedback, if you approach us with such requests and provide us with your contact details for such purpose; (viii) if you are a Visitor to be able to contact you for the purpose of responding to any of your communications, providing you with support and information about our Websites, our Solution and any related services; (ix) to verify your identity when we are approached with a request to exercise any rights available to you under this Privacy Policy or applicable law; (x) to market our Services to Users or potential Users, and to be able to track and evaluate our marketing activities and their results and attribute different marketing achievements to the respective marketing efforts; (xi) and To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities including any breaches of this Privacy Policy or of our Terms; (xii) to comply with any applicable rule or regulation and/or respond to or defend against legal proceedings brought against us or our affiliates (xiii) analyze and use the Personal Data that we collect on an anonymized or aggregated basis for product development, to analyze the performance of our Services, to troubleshoot and to improve and optimize the Services and to ensure the best User experience for our users as a whole; (xix) to facilitate your candidacy to work for Company as further elaborated in Section ‎9 (“Job Candidates”) below.

6. SHARING INFORMATION WITH THIRD PARTIES

We keep the information processed by us in strict confidence and only share your information with third parties in very limited circumstances and for very specific purposes, as described below:

Internal Concerned Parties: We share your Personal Data with our family companies, as well as our employees, for the purposes described in this Privacy Policy and in accordance with the terms of this Privacy Policy. In addition, should Dragonfly or any of its affiliates undergo any change in control, including by means of merger, acquisition, or purchase of substantially all of its assets, your Personal Data may be shared with the parties involved in such event under strict security conditions, for the purpose of evaluating such event and in accordance with the terms of this Privacy Policy. If we believe that such a change in control might materially affect your Personal Data then stored with us, we will notify you of this event and the choices you may have via e-mail and/or prominent notice on our Services.

Third Party services: We are partnering with a number of selected service providers whose services and solutions complement, facilitate, and enhance our own (“Third Party Service Providers”). These Service Providers include among others, hosting, database and server co-location services (AWS, Google Cloud, Vercel), data analytics services (e.g. Google Analytics, SCARF, Hubspot, Grafana), security, compliance services (Scytale.ai), monitoring services (Sentry.io)), workflow, management, and communication services (e.g., Slack, Help Scout, Clarity, Temporal.io, Google Workspace), payment processing services (e.g., Stripe), authentication (Kinde), and other data analytics systems that analyze crashes, functionality, and usability, and our business, legal and financial advisors. Such Third-Party Service Providers may receive or otherwise have access to your Personal Information, depending on each of their particular roles and purposes in facilitating and enhancing the Services, and may only use your Personal Information for such purposes. Such disclosure or access is strictly subject to the recipient’s or user’s undertaking of confidentiality obligations, and the prevention of any independent right to use this data except as required to help us provide you with the Services. We remain responsible for any Personal Data processing done by a Third-Party Service Provider on our behalf, except for events outside of our and/or their reasonable control, and except with respect to Third Party Service Providers with whom you are contractually engaged, either through a prior separate contractual engagement and/or through acceptance of their privacy policy and terms of use

Law enforcement, legal proceedings, and as authorized by law: We may disclose or otherwise allow access to Personal Information pursuant to a legal requirement or request, such as a subpoena, search warrant or court order, or in compliance with applicable laws and regulations. Such disclosure or access may occur with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.

Protecting Rights and Safety: We may share your Personal Information with others, with or without notice to you, in cases of emergency or if we believe in good faith that this will help protect the rights, property or personal safety of our company, any of our Users, or any members of the general public.

For the avoidance of doubt, we may share your Personal Information in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so. Additionally, we may transfer, share or otherwise use Non-personal (including anonymized, statistical or aggregated) Information in our sole discretion and without the need for further approval.

7. STORING, TRANSFER AND RETENTION OF USERS PERSONAL INFORMATION

Information regarding the Users will be maintained, processed and stored by us and by our affiliates and service providers in the US and/or Europe (or with respect to Users of the Services in the region selected by you). Where Dragonfly processes Personal Data on behalf of a Customer (including without limitation, Personal Data of Customer End-Users), such Personal Data will be processed in the locations as permitted and required by the Customer (as further described below).

While the data protection laws in the above jurisdictions may be different than the laws of your residence or location, please know that we, our affiliates and our service providers that store or process your personal information on our behalf are each committed to keeping it protected and secured, pursuant to this Privacy Policy and industry standards, regardless of any lesser legal requirements that may apply in their jurisdiction.

Specifically, each of our Third Party Service Providers which store or process your Personal Information either: (i) assured us that they provide adequate safeguards to protect your rights to privacy including where applicable by undertaking to comply with the applicable laws; (ii) where applicable, hold and process such information on our behalf in jurisdictions which have been determined to ensure an adequate level protection by the EU Commission; (iii) perform such processing pursuant to your consent and acceptance of their privacy policy as further detailed in this Privacy Policy.

By providing your information, you expressly consent to the place of storage and transfer described above, including transfers outside of the jurisdiction in which the information was provided.

We retain the Personal Information we collect or receive from you only for as long as needed in order to provide you with the Services, maintain our records, and as otherwise necessary to comply with applicable laws and regulations. Please note that, unless you notify us otherwise in writing, we will retain your name and contact details following the termination of the provision of the Services and use such for our internal record-keeping purposes. If you withdraw your consent to us processing your Personal Information, we will delete your Personal Information from our systems within 90 days from the receipt of such request (except to the extent such data in whole or in part is required to comply with any applicable rule or regulation and/or to respond to or defend against legal proceeding bought against us or our affiliates), except where we process your information as a Processor on behalf of our Customer (such as your employer is a Customer who makes use of our Services, in which case data retention is subject to such Customer’s instructions).

8. MINORS AND THIRD-PARTY INFORMATION PROVIDED BY YOU

To accept this Privacy Policy, and access and use the Services, you must be over the age of eighteen (18). Dragonfly does not knowingly collect Personal Information from children under the age of eighteen (18) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of eighteen (18) are not using the Services. In the event that it comes to our attention that a person under the age of eighteen (18) is using the Services, we may prohibit and block such User from using the Services and will make all efforts to promptly delete any Personal Information with respect to such User.

If you are submitting to the Website and/or Services any personal information pertaining to any third party, you hereby represent and warrant and have received all the necessary legal consents or approvals and have the actual authority and legal right to upload, submit, disclose or otherwise share the Non-personal Information and/or Personal Information and/or any other form of sensitive information, on the third party’s behalf.

9. JOB CANDIDATES

We welcome qualified candidates (“Candidates”) to apply to any of the open positions posted on our Website by sending us your contact details and CV or resume (“Candidate Information”). Since privacy and discreetness are very important to our candidates, we are committed to keep Candidate Information private and will use it solely for our internal recruitment purposes (including for identifying candidates, evaluating their applications, making hiring and employment decisions, and contacting candidates by phone or in writing). Please note that we may retain Candidate Information submitted to us even after the applied position has been filled or closed for a reasonable time period. This is done so we could re-consider candidates for other suitable positions and opportunities at Dragonfly; so we could can use the Candidate Information as a reference for future applications; and in case the candidate is hired, for additional engagement and business purposes related to their engagement with us. If you previously submitted your Candidate Information to us, and now wish to access it, update it or have it deleted from our systems, please contact us at careers@dragonflydb.io.

10. DATA SECURITY

We take great care in implementing and maintaining the security of the Services and of your Personal Information. We employ industry standard procedures and policies to ensure the safety of your information, reduce the risks stemming from loss of information and prevent unauthorized use of any such information. Your Personal Data is stored on secure servers and is not publicly available. We limit access of your Personal Data only to those employees, third-party Service Providers or other partners on a “need to know” basis, and strictly in order to enable us to perform our agreement with you. However, we cannot guarantee absolute information security or eliminate all risks associated with Personal Data, and security breaches may happen. If there are any questions about security, please contact us at info@dragonflydb.io.

11. YOUR RIGHTS

If the law applicable to you grants you such rights, you may ask to access, correct, delete, or transfer your Personal Information that is stored in our systems. You may also ask for our confirmation as to whether or not we process your Personal Information. Subject to the limitations in law, you may request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any Personal Information whose accuracy you contest while we verify the status of that data. To the extent set forth in the applicable law, you may also be entitled to obtain the Personal Information you directly provided us (excluding data we obtained from other sources) in a structured, commonly used, and machine-readable format and may have the right to transmit such data to another party.

If you wish to exercise any of these rights, contact us with an explicit request at info@dragonflydb.io when handling these requests, we may ask for additional information to confirm your identity and your request.

Please note, upon request to delete your Personal Information, we may retain such data in whole or in part to comply with any applicable rule or regulation and/or to respond to or defend against legal proceedings brought against us or our affiliates.

To find out whether these rights apply to you and for any other privacy-related matters, you can contact your local data protection authority if you have concerns regarding your rights under local law.

12. CHANGES TO THE PRIVACY POLICY

Dragonfly reserves the right to change this Privacy Policy at any time, at its sole discretion, so please re-visit this page frequently. We will provide notice of substantial changes of this Privacy Policy on the homepage of our website and/or we will send you an e-mail regarding such changes to the e-mail address that you may have provided to us. Such substantial changes will take effect seven (7) days after such notice was provided on our website or sent by email. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of the Website after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.

13. DATA CONTROLLER/PROCESSOR

Under various privacy, data protection or similar laws, regulations, or additional legal frameworks, such as the GDPR or the CCPA, two separate roles for parties involved in the processing Personal Data typically apply:

  • the “data controller” (or under the CCPA, a “Business”), who determines the purposes and means of processing; and
  • the “data processor” (or under the CCPA, a “Service Provider” or “Contractor”), who processes such data on behalf of the data controller (or business). Below we provide additional information into how these roles apply to our Services, and where such laws and regulations apply.

Dragonfly is the “data controller” of its Visitors and Candidates’ Personal Data, as detailed above. Accordingly, we assume the responsibilities of a data controller (solely to the extent applicable under law), as set forth in this Privacy Policy.

Dragonfly is the “data processor” of personal data contained in Customer End-Users’ Personal Data, as submitted or otherwise provided to us by our Customers and/or Customer End-Users. We process such data on behalf of our Customer (who, in turn, is the “data controller” of such data) and in accordance with its reasonable instructions, and our commercial agreements with such Customer.

Our Customers are solely responsible for determining whether and how they wish to use our Services, and for ensuring that all individuals using the Services on the Customer’s behalf or at their request, as well as all individuals whose personal data may be included in any Personal data processed through the Services, have been provided with adequate notice and given informed consent to the processing of their personal data, where such consent is necessary or advised, and that all legal requirements applicable to the collection, use or other processing of data through our Services are fully met by the Customer. Our Customers are also responsible for handling data subject rights requests under applicable law, by their Customer End-Users and other individuals whose data they process through the Services (and accordingly, if you are a Customer End-User or other individual whose Personal Data was provided to us in connection with Customer’s use of the Services, Dragonfly does not provide to you the rights set forth in Section ‎11 above).

If you would like to make any requests or queries regarding personal data we process as a data processor on our Customer’s behalf, including accessing, correcting, or deleting your data, please contact the Customer and/or an applicable Customer End-User directly.

14. GENERAL

This Privacy Policy, its interpretation, and any claims and disputes related hereto shall be governed by the laws of the State of Israel without respect to its criminal law principles. Any and all such claims and disputes shall be brought in, and you hereby consent to them being litigated in and decided exclusively by a court of competent jurisdiction located in Tel Aviv, Israel.

If you have any questions or comments concerning this Privacy Policy, you are welcome to send us an email at info@dragonflydb.io and we will make an effort to reply within a reasonable timeframe.