Terms & Policies

California Consumer Privacy Act

Top

The California Consumer Privacy Act of 2018 (“CCPA”) provides certain rights to residents of California. If you are a California resident interacting with us through our provision of services to our Clients, your personal information is controlled by the applicable Client(s), and you should contact them to exercise your rights under the CCPA. This section applies to you if you are a resident of California about whom we collect personal information independent of the services we provide to Clients (“California Consumer”), such as if you provide us personal information on our Website.This section does not apply to personal information we collect from our employees and job applicants in their capacity as employees and job applicants, or personal information we collect from employees, owners, directors, officers, or contractors of businesses in the course of our provision or receipt of business-related services. This notice supplements the information in our Privacy Policy. Certain terms used below have the meanings given to them in the CCPA.

As described in our Privacy Policy, in the preceding twelve months, we may have collected the following categories of personal information about you for business or commercial purposes:

  • Identifiers, e.g., name, email address, Github ID
  • Device Information and Device Identifiers, e.g., IP address, browser type and device locale, operating system, mobile platform, device model
  • Financial Information, e.g., credit or debit card number, verification number, and expiration date
  • Commercial Information, e.g., delivery information and information about your transactions and purchases with us
  • Connection and Usage Data, e.g., web browsing activity on the Website
  • Geolocation, e.g., information inferred from IP addresses Inferences, e.g. information on your employer inferred from an IP address
  • Other Information, e.g., any other information you provide to us through the Website

We collect the categories of personal information identified above from the following sources: (1) directly from you; (2) through your use of the Website; and (3) third parties such as from social networking providers if you connect Branch to your use of those services.

As described above in our Privacy Policy, we collect the categories of personal information identified above for the following business and commercial purposes:

  • Communicate with you, such as (1) to respond to your requests for information and provide you with customer service and technical support; (2) to send communications or content that you have requested; (3) to provide you with transactional updates and information about the Services (e.g., inform you about updates to our Services, information about your account); and/or (4) in accordance with applicable legal requirements, contact you by email, postal mail, phone, advertising or SMS regarding Business and third-party products, services, surveys, promotions, special events and other subjects that we think may be of interest to you.
  • Transact with you if you use our products or services.
  • Provide the Services, such as (1) to process and fulfill your transactions or requests; (2) to engage in analysis, research, and reports to better understand how you use the Services, so we can improve them; (3) to administer entries into promotions or surveys; and/or (4) to understand and resolve technical issues with our Services.
  • Tell you about products and services offered by Branch and Branch’s selected partners.
  • Personalize your experience, such as (1) to customize the advertising and content on the Services based on your activities and interests; (2) to create and update audience segments that can be used for targeted advertising and marketing on the Services, third party services and platforms, and mobile apps; and/or (3) to create profiles about you, including adding and combining information we obtain from third parties, which may be used for analytics, marketing, and advertising.
  • Improve our offerings.
  • Secure our Services and fraud prevention, such as (1) to monitor, prevent, and detect fraud, such as through verifying your identity; (2) to combat spam or other malware or security risks; and/or (3) to monitor, enforce, and improve the security of our Services.
  • Defending our legal rights and complying with the law, such as (1) to comply with any applicable procedures, laws, and regulations where it is necessary for our legitimate interests or the legitimate interests of others; and/or (2) to establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others (e.g., to enforce compliance with our Terms and Conditions, Privacy Policy, or to protect our Services, Users, or others).

Additional information concerning the business and commercial purposes is set forth in the “How Does Branch Use the Information Collected through its Website?” section of our Privacy Policy. We may disclose the categories of personal information identified in this California Privacy Notice about our California Consumers for our operational purposes where the use of such personal information is reasonably necessary and proportionate to achieve the operational purpose for which the personal information was collected or processed or for another operational purpose that is compatible with the context in which the personal information was collected.

How We Share and Disclose Your Information


We share the information collected from and about you as discussed above for various business purposes. The chart below explains the categories of information that we may share with other parties and the categories of those parties.

Other Parties with which we share information and why Categories of information shared
Our Affiliates. We may share information we collect within our family of companies to deliver products and services to you, and enhance our products, services, and your customer experience. All categories of information we collect may be shared with our affiliates
Service Providers that perform services on our behalf: including billing and payment processing, sales, marketing, advertising, data analysis and insight, research, technical support and customer service, data storage, security, fraud prevention, and legal services. All categories of information we collect may be shared with our service providers
Other Individuals, Services, and Vendors at Your Request. We will share your information with other businesses and services at your request. For example, if you direct us to communicate information to one of your vendors.
  • Contact and account registration
  • Demographic and statistical information
  • Communications with event vendors
  • Geolocation
  • Other Information
  • Third Party Partners for Marketing Purposes. We may share your information with partners whose offerings we think may interest you. For example, if you participate in co-sponsored promotions, then we may share information with our affiliates and other third parties for their marketing and other purposes.
  • Contact and account registration
  • Demographic and statistical information
  • Third Party Partners to Provide Co-Branded Products and Services. In some cases, we may share information with third-party partners to provide co-branded products or services (e.g., co-sponsored promotions).
  • Contact and account registration
  • Demographic and statistical information
  • Geolocation
  • Other Parties for Legal Purposes. By using the Services, you acknowledge and agree that we may access, retain, and disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such access, retention or disclosure is reasonably necessary to: (a) comply with legal process or a regulatory investigation (e.g. a subpoena or court order); (b) enforce our Terms and Conditions, this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect our rights, property or personal safety, or that of our agents and affiliates, our users and/or the public. This includes exchanging information with other companies and organizations for information security, fraud protection, spam/malware prevention, and similar purposes. All categories of information we collect may be shared as necessary
    Other Parties in a Business Transaction. We may disclose information in connection with an actual or contemplated corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets. All categories of information we collect may be shared as necessary
    Third-Party Online Advertisers and Ad Networks. As discussed in the “Third Party Tools / Analytics on the Website” Section of our Privacy Policy, the Services may rely on third-party advertising technologies that allow for the delivery of relevant content and advertising on the Services, as well as on other websites you visit and other applications you use, and these technologies will collect certain information from your use of the Services to assist in delivering such ads.
  • Identifiers
  • Device information and device identifiers
  • Connection and usage data
  • Geolocation

  • The CCPA sets forth certain obligations for businesses that “sell” personal information. Based on the definition of “sell” under the CCPA and under current regulatory guidance, we do not believe we engage in such activity and have not engaged in such activity in the past twelve months. Instead, we limit our sharing of information as set forth in the “How does Branch Share Information?” section of this Privacy Policy, and to allow third parties to collect certain information about your activity for limited purposes, for example through cookies, as explained in the “Third-Party Tools / Analytics on the Website” section of our Privacy Policy.

    California Rights and Choices


    Without being discriminated against for exercising these rights, California residents have the right to request that we disclose what personal information we collect about you and to delete that information, subject to certain restrictions. You also have the right to designate an agent to exercise these rights on your behalf. This section describes how to exercise those rights and our process for handling those requests. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

    Right to request access to your personal information
    California residents have the right to request that we disclose what categories of your personal information that we collect, use, or sell. You may also request the specific pieces of personal information that we have collected from you. However, we may withhold some personal information as permitted under applicable law. For example, to protect your security, we may withhold your account password from the information provided in response to a request for the specific pieces of personal information that we have collected about you.

    Right to request deletion of your personal information
    You may also request that we delete any personal information that we collected from you. However, we may retain personal information necessary to (a) protect our business, systems, and users from fraudulent activity, (b) to address technical issues that impair existing functionality, (c) necessary for us, or others, to exercise their free speech or other rights, (d) comply with law enforcement requests pursuant to lawful process, (e) for our own internal purposes reasonably related to your relationship with us, or to comply with legal obligations. Additionally, we need certain types of information so that we can provide our Services to you. If you ask us to delete it, you may no longer be able to access or use our Services.

    How to exercise your access and deletion rights
    Subject to restrictions under applicable law, California residents may exercise their California privacy rights by submitting your request to us, or by contacting us at privacy@branch.io.

    For security purposes, when you request to exercise your California privacy rights we will verify your identity. Once we have verified your identity (and your agent, as applicable), we will respond to your request as appropriate:

    • Transparency. Where you have requested the categories of personal information that we have collected about you, we will direct you to the sections of our Privacy Policy relevant to your request.
    • Access. Where you have requested specific pieces of personal information, we will provide the information you have requested, except where not permitted under applicable law or otherwise exempted by the CCPA.
    • Deletion. Where you have requested that we delete personal information that we have collected from you, we will delete any information about you that is not necessary for the purposes indicated above. Upon completion, we will send you a notice confirming that we deleted the information we collected from you. Certain information may be exempt from such requests under applicable law.
    If we are unable to complete your requests fully for any of the reasons above, we will provide you additional information about the reasons that we could not comply with your request.

    Right to nondiscrimination
    We will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights.

    Authorized Agents
    You may also designate an agent to make requests to exercise your rights under CCPA as described above. We will take steps both to verify the identity of the person seeking to exercise their rights as listed above, and to verify that your agent has been authorized to make a request on your behalf (e.g. through providing us with a signed written authorization or a copy of a power of attorney).

    Submitting CCPA Requests

    For our Website: If you are a California Consumer, please submit a CCPA request here, or contact us at privacy@branch.io. To protect your privacy and maintain security, we take steps to verify your identity before granting you access to your personal information or complying with your request. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

    Requests from Our Client’s Users: Because Branch is a service provider that processes data on behalf of its Clients, any requests from Users who are California residents seeking to exercise their rights of access and deletion under the CCPA must be provided to Branch by a Client. Clients can notify Branch of these requests here.

    European General Data Protection Regulation

    Rights of Access, Rectification, Erasure and Restriction For EU Individuals Pursuant to GDPR
    Top

    Services: Because Branch is a service provider that processes data on behalf of its Clients, any requests relating to European Users’ exercise of their rights of access, rectification, erasure, or restriction under the European General Data Protection Regulation (“GDPR”) must be provided to Branch by a Client. Clients can notify Branch of these requests here.

    Moreover, Branch supports functionality to allow Clients to respect granular controls regarding User data privacy rights. Clients can flag in the Branch SDK that a particular User has requested that their data not be processed by Branch, in which case Branch will no longer process engagement data on behalf of the Client for that User.  

    Website and Business Contacts: Under applicable law, Branch is the data controller of Personal Data we collect from the Website and from offline sources and service providers for marketing purposes. Website Users and others who are residents of the European Economic Area may seek confirmation regarding whether Branch is processing Personal Data about you, request access to such data, and ask that we correct, amend, or delete it where it is inaccurate or has been processed in violation of the Privacy Shield Principles.

    You can submit such requests at https://privacy.branch.io/hc/en-us/requests/new, which will be processed in line with applicable law. Although we make good faith efforts to provide you with access to your Personal Data, there may be circumstances in which we are unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where it is commercially proprietary. To protect your privacy, we will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Data.

    European individuals have the right to file a GDPR complaint directly with the appropriate EU Data Authority. For information on who those parties are and how they can be reached please go to http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

    Lei Geral de Proteção de Dados

    Data Subject Rights under Lei Geral de Proteção de Dados (“LGPD”)
    Top

    This supplemental privacy notice applies to personal data processing activities in accordance with Brazilian data protection law. This notice supplements the information in our Privacy Policy. Certain terms used below have the meanings given to them in Lei Geral de Proteção de Dados (“LGPD”). If you have any questions about this supplemental privacy notice, you can contact our Data Protection Officer, Cathleen Hartge, at privacy@branch.io.

    Services: Because Branch is a service provider that processes data on behalf of its Clients, any requests relating to Brazilian Users’ exercise of their rights under LGPD must be provided to Branch by a Client. Clients can notify Branch of these requests here. Moreover, Branch supports functionality to allow Clients to respect granular controls regarding User data privacy rights. Clients can flag in the Branch SDK that a particular User has requested that their data not be processed by Branch, in which case Branch will no longer process engagement data on behalf of the Client for that User.

    Moreover, Branch supports functionality to allow Clients to respect granular controls regarding User data privacy rights. Clients can flag in the Branch SDK that a particular User has requested that their data not be processed by Branch, in which case Branch will no longer process engagement data on behalf of the Client for that User.  

    Website: Under applicable law, Branch is the data controller of Personal Data we collect from the Website. If you are a Website User who is a resident of Brazil, you may have certain rights under LGPD. Brazilian law may permit you to request that we: confirm whether we process your data; provide access to and/or a copy of certain information we hold about you; correct incomplete, inaccurate and outdated data; anonymize, block or delete data that is unnecessary, excessive or not being processed in accordance with Brazilian data protection law; port your personal data to another service or product vendor; delete personal data processed with your consent, when applicable; provide you with information regarding the public and private entities with which we share data; provide you with information about the possibility of withdrawing consent and the consequences of such withdrawal, where applicable; and / or withdraw your consent.

    You can submit such requests at https://privacy.branch.io/hc/en-us/requests/new, which will be processed in line with applicable law. To protect your privacy, we will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Data.