(ARCHIVED) Privacy Policy

We are a linking and analytics platform for app and website developers. And we are proud of our commitment to providing our services in a privacy-first way. So we thought it would be helpful to lay out, in plain English, the Branch Guiding Privacy Principles that drive how we’ve chosen to design our services with privacy as a top priority. You’ll find our official Privacy Policy below this section, but we hope you’ll find this summary of our principles helpful.

• We limit the data we collect. We practice data minimization, which means that we avoid collecting or storing information that we don’t need to provide our services. The personal data that we collect is limited to data like advertising identifiers, IP address, and information derived from resettable cookies (the full list is below in our privacy policy). We do not collect or store information such as names, email addresses, physical addresses, or SSNs. Nor do we want to. In fact, our Terms & Conditions prohibit our customers from sharing with Branch any kind of sensitive end-user information. We will collect phone numbers if a customer uses our Text-Me-the-App feature—but in that case, we will collect and process end user phone numbers solely to enable the text message, and will delete it within 7 days afterwards.
• We will only provide you with data about actual end-user activity on your apps or websites. Our customers can only access “earned” cookies or identifiers. This means that an end user must visit a customer’s site before our customer can see the cookie; and an end user must download a customer’s app in order for Branch to collect the end user’s advertising identifier for that customer. In short, the Branch services benefit customers who already have seen an end user across their platforms and want to understand the relationship between those web visits and app sessions.
• We do not rent or sell personal data. No Branch customer can access another Branch customer’s end-user data. And we are not in the business of renting or selling any customer’s end-user data to anyone else. To enable customers to control their end-user personal data, they can request deletion here of that data at any time, whether in bulk or for a specific end user. These controls are available to customers worldwide, although we designed them to comply with GDPR requirements as well.

Beyond these principles stated above, Branch will continue to find ways to design our services to respect end user privacy. We’re committed to making sure our customers understand how we use data they entrust to us and how they can control it so that they can, in turn, be transparent with their end users.

Branch Metrics, Inc. ("Branch", "us" or "we") offers a linking and analytics platform enabling developers of applications (our "Clients")--whether those applications are websites or "apps," and across different types of devices--to improve their end users’ ("Users") cross-application experiences, and to derive additional insights into how their Users download and utilize those applications. Branch recognizes and believes that data privacy is important to all Internet users, and therefore we design and operate our services in a privacy-first manner.

This Privacy Policy is divided into three parts, and is intended to meet requirements globally, including those in North America, Europe, APAC, and other jurisdictions:

• Collection and Use of Information from Our Services: This section explains how information is collected about our Clients’ Users, and used, by Branch in connection with the provision of our products and services (the "Branch Services" or the "Services").
• Collection and Use of Information from Our Website: This section explains how information is collected and used by us from our website visitors through our website located at branch.io (the "Website"), which includes the dashboard provided to our Clients located at dashboard.branch.io. So, if you are a Client using our Branch dashboard, this section applies to the data we collect from you.
• Policies Applicable to Both Our Services & Our Website: This section lays out the parts of the Branch Privacy Policy that apply to both the Services and to the Website.

Below, we explain what information we collect on behalf of our Clients through the Services, and how we use it. We process information in a way that is relevant for the purpose for which it was collected as described below.

The Branch Services: Overview

Branch provides a variety of Services intended to help Clients bridge together the identity of their Users across a wide array of platforms, devices and applications. Branch helps Clients by connecting User interactions across siloed applications (email, SMS, web browsers, social platforms, native applications and others), so that Clients understand the multiple steps that a User took to ultimately complete a transaction with the business. This information is used by the Client to better inform marketing and product decisions as well as to provide improved user experiences by using their knowledge of continuity.

Branch has no direct relationship with Users. Branch’s Services are provided when Branch Clients install on their platforms “Branch Mechanisms” (including links, pixels, direct platform integrations, etc.) that capture the User action on behalf of the Client. By associating the information collected from these Mechanisms, Branch creates and stores identifiers unique to the Branch platform, and then uses a variety of techniques to connect these User actions and identifiers together. Some of these common connection techniques include a direct pass-through of identifiers from platform to platform, probabilistic matching using real time and historical parameters observed from each interaction, as well as using historical connections aggregated across the Branch platform. In some cases, these connections are made without the use of cookies. These techniques help Clients match Users with devices they use, including matching the same User across multiple devices.

The key use cases of Branch’s connection service are:

• To support Clients in implementing deep linking, which uses Branch’s connection information in real time to improve the User experience.
  • For example, if a User clicks on a link in an email or ad to a specific page in a Client’s app, Branch helps the User get to that page after they download the app.
• To report individualized and aggregated analytics metrics about the performance of the Client’s product and marketing initiatives to the Client directly.
  • For example, Branch can tell a Client how many Users that downloaded an app or that went to a specific page in an app came from clicking on a specific link, and provide corresponding advertising identifiers.
• To assist the Client by presenting real time, targeted messaging to their Users depending on past behavior observed across the tracked platforms with the purpose of driving more engagement to the Client.
  • For example, Branch can use Branch Mechanisms to provide a tailored message like a coupon code or special offer in your website to users who have interacted with your app and/or website in the past.

Branch requires that each Client commit to share with Branch only information that it has lawfully obtained (including, where necessary, by obtaining consent from Users), and that it has the right to share with Branch. We strongly discourage Clients from sharing sensitive User information with us, as such information is not necessary for the provision of the Services, and we prohibit them from providing us with data relating to children under 13 (or, in certain jurisdictions, under 16).

In the charts below, we summarize the information collected automatically by the Services.

Information Collected By Branch Links and Pixels

Branch collects the following information from web URLs created by the Client and pixels placed on Client websites. Some of this information is considered personal data under applicable law (in other words, information that itself may identify a unique individual or can be linked back to an individual) (“Personal Data”).

Type of Information Collected	Purpose
IP Address	Standard web HTTP request; used for matching and to understand general location
Cookie	Standard web cookies, used for matching
Link Data	Metadata controlled by the Client, which may be used to interpret the data for reporting, or for analytics
User Agent	Standard web browser user agent metadata; used for matching
Referrer	Standard web browser HTTP referrer; may be used for reporting and analytics
Request	Standard web HTTP request
Phone Number	(Optional) used only to facilitate the “Text me the app” feature if used
Engagement Data	Information relating to the Client’s ad campaigns and User interactions, such as clicks on Client ads, Client ad impressions viewed, audiences or segments to which an ad campaign is attributed, type of ads and the webpage from which such ads were displayed, and webpages on Client’s website visited by a User. Other interactions, events and actions Clients choose to measure and analyze within their mobile website (e.g. add to cart, in-app purchases made, clicks, engagement time etc.).

Information Collected by Branch SDKs

SDKs are Software Development Kits that include code that allows Clients to use the Branch Services. The Branch Mobile App SDKs and Web SDKs collect the following information when Clients use these SDKs in their mobile applications or websites, some of which may be considered Personal Data under applicable law:

Type of Information Collected	Purpose
iOS Identifier for Advertising (IDFA)	Used for identification and matching
iOS Identifier for Vendors (IDFV)	Used for identification and matching
Android Advertising ID (GAID)	Used for identification and matching
Android ID	Used for identification and matching
Branch Cookie ID	Used for identification and matching
IP Address	Standard web HTTP request; used for matching and to understand general location
Application version	Metadata feature used for identification and matching
Device model	Metadata feature used for identification and matching
Manufacturer	Metadata feature used for identification and matching
Operating system	Metadata feature used for identification and matching
Operating system version	Metadata feature used for identification and matching
Screen size	Metadata feature used for identification and matching
Screen resolution	Metadata feature used for identification and matching
Session start/stop time	Metadata feature used for reporting and analytics
Mobile network status (WiFi, etc)	Metadata feature used for identification and matching
Application installed time	Metadata feature used for reporting and analytics
Application updated time	Metadata feature used for reporting and analytics
Device locale (country and language)	Metadata feature used for identification and matching
Local IP address	Metadata feature used for identification and matching
Mobile platform	Metadata feature used for identification and matching
Branch SDK version	Metadata feature used for identification and matching
Developer ID	(optional) Client-supplied unique identifier; metadata feature used for identification and matching
Carrier ID	Metadata feature used for identification and matching
Engagement Data	Information relating to the Client’s ad campaigns and User interactions, such as clicks on Client ads, Client ad impressions viewed, audiences or segments to which an ad campaign is attributed, type of ads and the mobile application page from which such ads were displayed, pages on Client’s application visited by a User, and downloads and installations of mobile applications. Other interactions, events and actions Clients choose to measure and analyze within their application (e.g. add to cart, in-app purchases made, clicks, engagement time etc.).

In addition to the information identified above, the Branch Desktop SDKs collect the following identifiers when Clients use these SDKs in their desktop applications, some of which may be considered Personal Data under applicable law:

Type of Information Collected	Purpose
MAC address	Used for identification and matching
Windows Advertising ID	Used for identification and matching
CPU ID	Used for identification and matching

If Clients use Branch’s China Features, please click here for additional information.

Information Collected By Third Parties

As part of Branch’s Services, Branch’s Clients may direct certain of their vendors or business partners (such as an ad network or vendor) to provide certain Engagement Data to Branch on the Client’s behalf.

Data Branch collects through the Services is processed:

• to better understand how and from where Users come to download certain apps, what types of apps are popular, or to infer that certain browsers and devices are operated by the same User based upon information collected across multiple non-affiliated apps and websites.
• to provide, maintain, optimize, research and improve the Branch Services.
• to fulfill Clients’ and prospective Clients’ requests for the Services including processing data at the Client’s direction and transferring User data to them. Branch does not control how Clients use information Branch shares with Clients and Users should read Clients’ Privacy Policies to understand how they use information they receive from Branch.
• to combine data from various sources, including data from various Customers or third parties.
• to use for Branch’s own internal and Customer business purposes, including to support other Branch products and services, develop new products and services, and market products or services; to support the products and services of our Customers; and as permitted or required by applicable law.
• to create reports based on aggregated information, which is information that cannot be linked back to any individual person or Client, and share these reports with the public.
• for anti-fraud protection and analysis relating to the Services to ensure more accurate attribution measurement, or where otherwise required by law.

We may aggregate and/or de-identify the data we collect through the Services. After data has been aggregated and/or de-identified, Branch cannot use it to personally identify an individual. We may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including business partners, Customers, and/or others.

Our Clients use the information collected via the Services to improve their Users’ app experiences, customize their apps to Users, and to better understand their app marketing programs and how Users discover their apps. For example, a User may want to share information about a hotel that she found in a travel app with a friend. When that User sends her friend a Branch link to that hotel, after clicking the link the friend is brought directly to the content relating to that hotel within the app, rather than landing on the app’s homepage and having to search for the hotel. The travel app would also gain insights and analytics as to how the content is being shared from its app.

We require that our Clients utilize our Services responsibly and in accordance with our Terms & Conditions. Branch is not responsible for the data practices of any of our Clients through the Services or otherwise. Each Client’s practices are subject to each Client’s individual privacy policy. Users should review the privacy policy of each Client to understand how that Client uses User information collected through the Services.

Branch recognizes a number of consumer choice mechanisms. Due to the nature of the Services, some functionality may be degraded or no longer work as a result if you exercise certain of the opt-outs below.

Branch’s Browser Cookie Opt-Out: Our cookie-based opt-out can be accessed by clicking here. This will place a Branch opt-out cookie on your browser. Where Branch detects the presence of that opt-out cookie, we will no longer set cookies (beyond the opt-out cookie itself). Cookie-based opt-outs must be performed on each device and browser that you wish to have opted-out. For example, if you have opted-out on your computer browser, that opt-out will not be effective on your mobile device.

NAI Browser-Based Opt-Out: Branch is a member of the Network Advertising Initiative (“NAI”), and adheres to its Code of Conduct. NAI provides you with the opportunity to opt-out (on a browser-by-browser basis) from data collection by participating NAI members, including Branch. That opt-out is available here.

Device-Based Opt-Out: You can submit a request to opt-out of the Branch Services on a particular device by submitting a request here.

Mobile Device Identifier: To exercise the mobile device privacy settings controls, please visit the privacy settings of your Android or iOS device and select “Opt out of Ads Personalization” (Android) or “Limit Ad Tracking” (Apple iOS). Branch will only be able to collect information as permitted by these settings.

Client App Opt-out Controls: Branch‘s SDK Privacy Controls allow Clients to respect granular controls regarding User data privacy rights. Clients can flag in the Branch SDK that a particular User’s data should not be processed by Branch, in which case Branch will no longer process engagement data on behalf of the Client for that User.

Branch collects information from Website visitors (“you” or “Website Users”) located at www.branch.io (the “Website”), which includes the dashboard provided to our Clients located at dashboard.branch.io. The types of information we may collect and our privacy practices depend on the nature of the relationship you have with us and the requirements of applicable law. Below are the legal bases and some of the ways we collect information and how we use it. We process information in a way that is relevant for the purpose for which it was collected as described below.

What We Collect from Clients that Use the Website

Branch collects personal and non-personal data via the Website. Personal Data is information that itself may identify a unique individual or can be linked back to an individual. For example, when Clients register to use our Services, we ask them to provide us with Personal Data, including first and last name and email address.

Dashboard Information: Information we collect from visitors who register for an account on our dashboard includes the following, some of which is considered Personal Data under applicable law

Type of Information Collected	Purpose
IP Address	Standard web HTTP request; may be used for limited security login controls
Cookie (ours)	Standard web cookie used for dashboard session management
Cookie (third-party)	Third-party web tracking tools used for business intelligence
First, Last Name	Used for team user identification
Email	Used as the primary login identifier
User Agent	Standard web browser user agent metadata; may be used for limited security login controls
Referrer	Standard web browser HTTP referrer; may be used for general internal business analytics
Request	Standard web HTTP request; may be used for general internal business analytics
Github ID	(optional) Can be used as a login method

We also require Clients to set up a user ID and unique password for account security purposes. Clients must not share their passwords with anyone. Clients also have the option of adding other team members to their account. This account information enables us to set up an account for Clients, to provide the Services, and to otherwise manage Client accounts. We may also use this information to notify Clients about updates to our Services and provide them with promotional emails. We offer a mechanism to opt-out from promotional emails as described in the “Opt-out from Promotional Emails” section below.

Account and Billing Information: To the extent that we charge a fee for the Services, we may also collect billing, payment, and contract information from Clients through our third-party payment and contract processors.

Third Party Connection Information: Some features of the dashboard Services allow you to share your information through your accounts with other companies such as Facebook and Google. If you choose to connect Branch to such third-party services, we may collect information related to your use of those third-party services, such as authentication tokens that allow us to connect to your third-party service accounts. We will ask you for permission before you authorize our collection of this information. We may also collect information about how you are using the Services to interact with those connected third-party services.

Communications with Branch: Some Users may provide Personal Data to Branch by sending us an email or filling out an online form on the Website. We use this information to answer their question(s), and may store that information for our record keeping, marketing, and advertising purposes.

Research/Survey Solicitations: From time to time, we may perform research (online and offline) via surveys. We may engage third-party service providers to conduct such surveys on our behalf. All survey responses are voluntary, and the information collected will be used for research and reporting purposes to help us better serve individuals by learning more about their needs and the quality of the products and services we provide. The survey responses may be utilized to determine the effectiveness of our Website, various types of communications, advertising campaigns and/or promotional activities.

Cookies, Pixels and Web Beacons: We also collect other data via the Website from Website Users, including Website Users employed by or affiliated with Clients, through cookies and/or web beacons. Such information, some of which may be considered Personal Data under applicable law, may include IP address, pages viewed, browser type, Internet browsing and usage habits, Internet Service Provider, domain name, the time/date of your visit to the Website, the referring URL, and your computer’s operating system.

If you consent to the use of cookies and web beacons when you visit the Website, we will collect information through those tools. Cookies are small data files stored on your hard drive by a website and web beacons are electronic images that may be used on our Website or in our emails. Cookies help us improve your experience on the Website as well as our marketing activities. We use cookies to see which areas and features are popular and to count visits to our Website. For more information about cookies and web beacons, please visit http://www.allaboutcookies.org/. For more information about how to opt-out of cookies and web beacons after you have consented to their use, see the “Opt-out from Website Cookies/Web Beacons” section below.

Data Branch collects through the Website is processed:

• to provide, maintain, optimize, research and improve the Website;
• to fulfill your and prospective Clients’ requests for the Services;
• to send information about the Services including confirmations, invoices, payment processing, technical notices, updates, security alerts, and support and administrative messages;
• to communicate about products and services offered by Branch and Branch's selected partners. We receive opt-in consent to send promotional and marketing messages to users where required by applicable law. You can opt-out of receiving these messages at any time as described below in the section titled: “Opt-out from Promotional Emails”;
• to conduct research;
• to manage your information and account, to improve and administer our Website, to contact Website Users to answer questions or resolve problems, or to verify your identity;
• to conduct research to help us to optimally deliver our existing Services or develop new products, processes and services;
• for ad delivery and reporting purposes and to create data and analytics products and services;
• to make the Website easier to use by reducing the need for Clients and Users to enter information;
• for other purposes disclosed to you at the time you provide data to us;
• with your consent; or
• where Branch otherwise has a legitimate interest in collecting the data, such as direct marketing, individual or market research, product improvement, anti-fraud protection, or where required by law.

Where you have consented to Branch's processing of your Personal Data in connection with your use of the Website, you may withdraw that consent at any time by following the instructions below. Additionally, before we use Personal Data for any new purpose not originally authorized by you, we will provide information regarding the new purpose and give you the opportunity to opt out. Where your consent for the processing of Personal Data is otherwise required by law or contract, we will comply with the law or contract.

Opt-out from Promotional Emails

You can opt-out of receiving promotional emails from us by following the instructions in those emails, or by filling out this form. You can also opt-out of certain categories of emails using this form. If you opt-out using any of these tools, we may still send you non-promotional emails, such as certain updates about your account or updates to our Terms & Conditions and this Privacy Policy and/or use of the Services.

Opt-out from Website Cookies/Web Beacons

We will only use cookies with your permission. If you permit us to use cookies/web beacons as discussed above (“What Information Does Branch Collect from our Website”), but would like to opt-out:

• For dashboard users, visit https://dashboard.branch.io/account-settings/user, and toggle off “Cookie Consent”.
• For all other users, click on “Cookie Consent” at the bottom right-hand corner of our homepage (https://branch.io/), and click on the opt-out link.

Also, you can choose to set your browser to remove cookies and to reject cookies. To exercise the Do Not Track settings, please visit the privacy settings of your browser. Where Branch is able to see that such a selection has been made, we will not use information collected from that device to target advertising on that browser. Dashboard users must use the “Cookie Consent” feature to revoke permission to place cookies.

Note that, even if you opt-out, we may still collect and use non-personal data regarding your activities on our Website. This also does not opt you out of being served advertising altogether; you will continue to receive generic advertisements.

The Website utilizes third-party tracking tools from third-party service providers, which may enable these third parties to analyze our Website traffic for analytics purposes. Some of these third-party service providers may collect information from this Website for retargeting and interest-based advertising purposes. For more information about these forms of ad targeting and to understand your right to opt-out from these practices, please visit http://www.aboutads.info/choices/. All of these tools are hosted by the third parties who provide them, and your interactions with these features are governed by the privacy policies of the third parties providing them. These tools include, but are not limited to, those below.

Google. We may use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on our Website, and to develop website content. This analytics data is not tied to any Personal Data. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt-out of Google’s collection and processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout. Branch has implemented Google’s reCAPTCHA technology on our Website to protect it from abusive automated crawling and spam. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Use of the reCAPTCHA technology is subject to the Google Privacy Policy and Terms of Service.

Mixpanel. We use a service provided by Mixpanel, Inc. (“Mixpanel”) to provide us with analytics data regarding Website Users’ interactions with our Website and Services. You may opt-out of Mixpanel’s automatic retention of data that is collected while using the Services by visiting https://mixpanel.com/optout/. To track opt-outs, Mixpanel uses a persistent opt-out cookie placed on your device. Please note that if you get a new computer, install a new browser, erase or otherwise alter the browser’s cookie file (including upgrading certain browsers), you may delete the Mixpanel opt-out cookie.

Facebook. We may use certain tools offered by Facebook, Inc. (“Facebook”) that enable it to collect or receive information about actions Website Users take on our Website through use of cookies, web beacons and other storage technologies or in order to provide measurement services, targeted ads and other services. For more information regarding the collection and use of such information by Facebook, please see the Facebook Data Policy, available at: https://www.facebook.com/policy.php.

Intercom. We use Intercom (www.intercom.com) to facilitate communications with, maintain information about, and collect publicly available information about, our Website Users. For more information on Intercom’s services, please visit www.intercom.com.

The California Consumer Privacy Act of 2018 (“CCPA”) provides certain rights to residents of California. This section of our Privacy Policy applies if you are a natural person who is a resident of California (“California Consumer”) and uses our Website. Certain terms used below have the meanings given to them in the CCPA.

The following sets forth the categories of information we collect and purposes for which we may use California Consumers’ personal information:

Categories of Personal Information We Collect About You from Our Website

Categories of information collected	Purposes of use (see chart below for additional information).	Sources of personal information
Identifiers, e.g., name, email address, Github ID	Communicate with you Transact with you if you use our products or services Provide the Services Tell you about products and services offered by Branch and Branch’s selected partners Personalize your experience Improve our offerings Secure our Services and fraud prevention Defending our legal rights and compliance with the law	From you, either directly or through the use of the Website, or third parties
Device Information and Device Identifiers, e.g., IP address, browser type and device locale, operating system, mobile platform, device model	Provide the Services Tell you about products and services offered by Branch and Branch’s selected partners Personalize your experience Secure our Services and prevent fraud Defend our legal rights and comply with the law	From you, either directly or through the use of the Website, or third parties
Financial Information, e.g., credit or debit card number, verification number, and expiration date.	Provide the Services Transact with you if you use our products or services Secure our Services and prevent fraud Defend our legal rights and comply with the law	From you, either directly or through the use of the Website
Commercial Information, e.g., delivery information and information about your transactions and purchases with us	Provide the Services Transact with you if you use our products or services Secure our Services and prevent fraud Defend our legal rights and comply with the law	From you, either directly or through the use of the Website, and generate it internally during transactions with our customers
Connection and Usage Data, e.g., web browsing activity on the Website	Provide the Services Tell you about products and services offered by Branch and Branch’s selected partners Personalize your experience Secure our Services and prevent fraud Defend our legal rights and comply with the law	From you, either directly or through the use of the Website, or third parties
Geolocation, e.g., information inferred from IP addresses	Provide the Services Tell you about products and services offered by Branch and Branch’s selected partners Personalize your experience Secure our Services and prevent fraud Defend our legal rights and comply with the law	From you, either directly or through the use of the Website, or third parties
Other Information, e.g., any other information you provide to us through the Website	Communicate with you Provide the Services Secure our Services and prevent fraud Defend our legal rights and comply with the law	From you, either directly or through the use of the Website

The following chart provides additional information about the business or commercial purposes for collecting and using your information. Additional information concerning the business and commercial purposes is set forth in the “How Does Branch Use the Information Collected through its Website?” section of our Privacy Policy. We may disclose the categories of personal information identified in this California Privacy Notice about our California Consumers for our operational purposes where the use of such personal information is reasonably necessary and proportionate to achieve the operational purpose for which the personal information was collected or processed or for another operational purpose that is compatible with the context in which the personal information was collected.

Purposes of Use
Communicate with you, for example: Respond to your requests for information and provide you with customer service and technical support Sending communications or content that you have requested Provide you with transactional updates and information about the Services (e.g., inform you about updates to our Services, information about your account) In accordance with applicable legal requirements, contact you by email, postal mail, phone, or SMS regarding Business and third-party products, services, surveys, promotions, special events and other subjects that we think may be of interest to you
Provide the Services, for example: Processing and fulfilling your transactions or requests Engage in analysis, research, and reports to better understand how you use the Services, so we can improve them Administering entries into promotions or surveys Understanding and resolving technical issues with our Services
Personalize your experience, for example: Customizing the advertising and content on the Services based on your activities and interests Creating and updating audience segments that can be used for targeted advertising and marketing on the Services, third party services and platforms, and mobile apps Creating profiles about you, including adding and combining information we obtain from third parties, which may be used for analytics, marketing, and advertising
Secure our Services and Prevent Fraud, for example: Monitoring, preventing, and detecting fraud, such as through verifying your identity Combatting spam or other malware or security risks Monitoring, enforcing, and improving the security of our Services
Defend our legal rights and comply with the law Complying with any applicable procedures, laws, and regulations where it is necessary for our legitimate interests or the legitimate interests of others Establishing, exercising, or defending our legal rights where it is necessary for our legitimate interests or the legitimate interests of others (e.g., to enforce compliance with our Terms and Conditions, Privacy Policy, or to protect our Services, Users, or others)

How We Share and Disclose Your Information

We share the information collected from and about you as discussed above for various business purposes. The chart below explains the categories of information that we may share with third parties and the categories of those parties.

Third Parties with which we share information and why	Categories of information shared
Our Affiliates. We may share information we collect within our family of companies to deliver products and services to you, and enhance our products, services, and your customer experience.	All categories of information we collect may be shared with our affiliates
Service Providers that perform services on our behalf: including billing and payment processing, sales, marketing, advertising, data analysis and insight, research, technical support and customer service, data storage, security, fraud prevention, and legal services.	All categories of information we collect may be shared with our service providers
Other Individuals, Services, and Vendors at Your Request. We will share your information with other businesses and services at your request. For example, if you direct us to communicate information to one of your vendors.	Contact and account registration Demographic and statistical information Communications with event vendors Geolocation Other Information
Third Party Partners for Marketing Purposes. We may share your information with partners whose offerings we think may interest you. For example, if you participate in co-sponsored promotions, then we may share information with our affiliates and other third parties for their marketing and other purposes.	Contact and account registration Demographic and statistical information
Third Party Partners to Provide Co-Branded Products and Services. In some cases, we may share information with third-party partners to provide co-branded products or services (e.g., co-sponsored promotions).	Contact and account registration Demographic and statistical information Geolocation
Third Parties for Legal Purposes. By using the Services, you acknowledge and agree that we may access, retain, and disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such access, retention or disclosure is reasonably necessary to: (a) comply with legal process or a regulatory investigation (e.g. a subpoena or court order); (b) enforce our Terms and Conditions, this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect our rights, property or personal safety, or that of our agents and affiliates, our users and/or the public. This includes exchanging information with other companies and organizations for information security, fraud protection, spam/malware prevention, and similar purposes.	All categories of information we collect may be shared as necessary
Third Parties in a Business Transaction. We may disclose information in connection with an actual or contemplated corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets.	All categories of information we collect may be shared as necessary
Third-Party Online Advertisers and Ad Networks. As discussed in the “Third Party Tools / Analytics on the Website” Section of our Privacy Policy, the Services may rely on third-party advertising technologies that allow for the delivery of relevant content and advertising on the Services, as well as on other websites you visit and other applications you use, and these technologies will collect certain information from your use of the Services to assist in delivering such ads.	Identifiers Device information and device identifiers Connection and usage data Geolocation

The CCPA sets forth certain obligations for businesses that “sell” personal information. Based on the definition of “sell” under the CCPA and under current regulatory guidance, we do not believe we engage in such activity and have not engaged in such activity in the past twelve months. Instead, we limit our sharing of information as set forth in the “How does Branch Share Information?” section of this Privacy Policy, and to allow third parties to collect certain information about your activity for limited purposes, for example through cookies, as explained in the “Third-Party Tools / Analytics on the Website” section of our Privacy Policy.

California Rights and Choices

Without being discriminated against for exercising these rights, California residents have the right to request that we disclose what personal information we collect about you and to delete that information, subject to certain restrictions. You also have the right to designate an agent to exercise these rights on your behalf. This section describes how to exercise those rights and our process for handling those requests. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

Right to request access to your personal information
California residents have the right to request that we disclose what categories of your personal information that we collect, use, or sell. You may also request the specific pieces of personal information that we have collected from you. However, we may withhold some personal information where the risk to you or our business is too great to disclose the information.

Right to request deletion of your personal information
You may also request that we delete any personal information that we collected from you. However, we may retain personal information necessary to (a) protect our business, systems, and users from fraudulent activity, (b) to address technical issues that impair existing functionality, (c) necessary for us, or others, to exercise their free speech or other rights, (d) comply with law enforcement requests pursuant to lawful process, (e) for our own internal purposes reasonably related to your relationship with us, or to comply with legal obligations. Additionally, we need certain types of information so that we can provide our Services to you. If you ask us to delete it, you may no longer be able to access or use our Services.

How to exercise your access and deletion rights
Subject to restrictions under applicable law, California residents may exercise their California privacy rights by submitting your request to us, or by contacting us at privacy@branch.io.

For security purposes, when you request to exercise your California privacy rights we will verify your identity. Once we have verified your identity (and your agent, as applicable), we will respond to your request as appropriate:

• Transparency. Where you have requested the categories of personal information that we have collected about you, we will direct you to the sections of our Privacy Policy relevant to your request.
• Access. Where you have requested specific pieces of personal information, we will provide the information you have requested, except where not permitted under applicable law or otherwise exempted by the CCPA.
• Deletion. Where you have requested that we delete personal information that we have collected from you, we will delete any information about you that is not necessary for the purposes indicated above. Upon completion, we will send you a notice confirming that we deleted the information we collected from you. Certain information may be exempt from such requests under applicable law.

If we are unable to complete your requests fully for any of the reasons above, we will provide you additional information about the reasons that we could not comply with your request.

Right to nondiscrimination
We will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights.

Authorized Agents
You may also designate an agent to make requests to exercise your rights under CCPA as described above. We will take steps both to verify the identity of the person seeking to exercise their rights as listed above, and to verify that your agent has been authorized to make a request on your behalf (e.g. through providing us with a signed written authorization or a copy of a power of attorney).

Submitting CCPA Requests

For our Website: If you are a California Consumer, please submit a CCPA request here, or contact us at privacy@branch.io. To protect your privacy and maintain security, we take steps to verify your identity before granting you access to your personal information or complying with your request. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

Requests from Our Client’s Users: Because Branch is a service provider that processes data on behalf of its Clients, any requests from Users who are California residents seeking to exercise their rights of access and deletion under the CCPA must be provided to Branch by a Client. Clients can notify Branch of these requests here.

In addition to the ways described in our Terms & Conditions and this Privacy Policy, Branch may also share information with others under the following circumstances:

• With third-party vendors, consultants and other service providers who work for us and need access to information we collect to do that work.
• With our Clients and their agents, as described in this Policy.
• To third parties (such as advertising networks or vendors used by our Clients), as directed by our Clients.
• To comply with laws or to respond to lawful requests and legal process including to meet national security or law enforcement requirements, and in order to investigate, prevent, or take action regarding suspected, or actual, prohibited activities, including but not limited to fraud and situations involving potential threats to the physical safety of any person.
• To protect the rights and property of Branch, our agents, Clients, Users, Website Users, and others including to enforce our agreements, policies, and Terms & Conditions.
• To Branch’s subsidiaries and affiliates as necessary to help us provide, support, and maintain the Services.
• In connection with or during negotiation of any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

We provide Clients with a mechanism to access, review and update information via the dashboard. If you wish to review or update your information, please visit branch.io and login using the username and password you created. Next, please select “Account Settings” which can be found in the lower left corner of the dashboard screen, then select the “User” tab near the top. If you would like to delete your account, please email support@branch.io.  

Under California law, California residents who have an established business relationship with us may choose to opt-out of the disclosure of Personal Data about them to third parties for such third parties’ direct marketing purposes. Our policy is not to disclose Personal Data collected through our Website to a third party for direct marketing purposes without your approval. If you choose to opt-out at any time after granting approval, email privacy@branch.io.  

California residents who have provided us with Personal Data can also request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Data (if any) for such third parties’ direct marketing purposes in the prior calendar year, as well as the type of Personal Data disclosed to those parties.  If you are a California resident and would like such a list, please email privacy@branch.io.  

Securing the information provided by our Clients and collected through our Website is important to us. Branch has implemented industry-standard technical, administrative, and physical safeguards to help protect the information on our servers against unauthorized access, alteration, disclosure or destruction. You are responsible for maintaining the secrecy of your own passwords. If you have reason to believe that your passwords or Personal Data are no longer secure, please promptly notify us at privacy@branch.io.

For our Services: Branch stores the information collected by our Services (see the “What Information Does Branch Collect from our Services?” section above) so long as our systems continue to encounter that User. After that User has been inactive for 30 days (or 90 days for specific attribution products), identifiers collected from that User will be deleted unless otherwise required by applicable law or otherwise agreed between Branch and the Client.

Usage activity logs, which are used for the purpose of reporting and analytics, are stored in an identifiable form for no more than 7 days (or up to 60 days as determined by the Client), after which these logs are removed or pseudonymized. Any and all pseudonymized logs are deleted after 12 months, unless otherwise required by applicable law or otherwise agreed between Branch and the Client.

Aggregated reporting metrics shared with Clients are retained (in aggregate and anonymized form) for up to 24 months, unless otherwise required by applicable law or otherwise agreed between Branch and the Client.

Branch may retain information collected by our Services beyond these periods for fraud prevention, analysis, or response, or to protect the safety of Branch, its Clients, Users or the public.

For the Website: We store Personal Data such as email address or billing details for so long as you continue to have a business relationship with Branch and for a reasonable time thereafter for record-keeping purposes. If applicable to you, you may ask us to delete that information by following the instructions above or pursuant to your right of erasure as described in the “Rights of Access, Rectification, Erasure and Restriction” section below.

The Website and/or Services may contain links to other websites and other websites may reference or link to our Website and/or Services. These other domains and websites are not controlled by Branch, and we do not endorse or make any representations about third-party websites or social media platforms. We encourage you to read the privacy policies of each and every website and application that you interact with. We do not endorse, screen, or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

All information collected via the Website and Services is stored on servers located in the United States. In the process of providing the Services, we may transfer information across borders from other countries or jurisdictions into the United States. By using the Services, each Client and Website User consents to the transfer and processing of information to the U.S. in accordance with this Privacy Policy. Data transfers from the European Union, United Kingdom, and Switzerland are subject to our compliance with the Privacy Shield mechanism discussed in the “Privacy Shield For EU, UK, and Swiss Personal Data Transferred into the United States” section below.

Branch complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries, the United Kingdom, and Switzerland transferred to the United States pursuant to Privacy Shield.  Branch has certified to the US Department of Commerce that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.

Branch is subject to the investigatory and enforcement authority of the US Federal Trade Commission.

Pursuant to the Privacy Shield Frameworks we are obliged to inform EU, UK, and Swiss individuals whose data is being transferred into the United States that we may be required to release personal data in response to lawful requests by public authorities including to meet national security and law enforcement requirements.

Branch remains liable for the onward transfer of EU, UK, and Swiss personal data to agent third parties pursuant to the Privacy Shield unless we can prove we were not a party to the actions giving rise to the damages.

We acknowledge the right of EU, UK, and Swiss individuals to access their data pursuant to the Privacy Shield. EU, UK, and Swiss individuals wishing to exercise this right may do so by contacting privacy@branch.io.

In compliance with the Privacy Shield Principles, Branch commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union, UK, and Swiss individuals with Privacy Shield inquiries or complaints should first contact Branch at:

Branch Metrics, Inc.
1400 Seaport Blvd
Building B, 2nd Floor
Redwood City, CA 94063
or by email at info@branch.io

Branch has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Services: Because Branch is a service provider that processes data on behalf of its Clients, any requests relating to European Users’ exercise of their rights of access, rectification, erasure, or restriction under the European General Data Protection Regulation (“GDPR”) must be provided to Branch by a Client. Clients can notify Branch of these requests here.

Moreover, Branch supports functionality to allow Clients to respect granular controls regarding User data privacy rights. Clients can flag in the Branch SDK that a particular User has requested that their data not be processed by Branch, in which case Branch will no longer process engagement data on behalf of the Client for that User.  

Website: Website Users who are residents of the European Economic Area may seek confirmation regarding whether Branch is processing Personal Data about you, request access to such data, and ask that we correct, amend, or delete it where it is inaccurate or has been processed in violation of the Privacy Shield Principles. You can submit such requests at https://gdpr.branch.io/hc/en-us/requests/new, which will be processed in line with applicable law. Although we make good faith efforts to provide you with access to your Personal Data, there may be circumstances in which we are unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where it is commercially proprietary. To protect your privacy, we will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Data.

European individuals have the right to file a GDPR complaint directly with the appropriate EU Data Authority. For information on who those parties are and how they can be reached please go to http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

Services: The Branch Services are not directed to children. We require that Clients agree to not send to us data relating to any children under 13 (or, in certain jurisdictions, under 16). If you are a Client and want to learn more about Branch SDK Privacy Controls that you can use in your compliance with the U.S. Children’s Online Privacy Protection Act (COPPA), GDPR, or any other applicable law, please contact privacy@branch.io.

If you believe that we might have any information from or about a child under 13 (and in certain jurisdictions under 16) in violation of applicable law, please contact us at privacy@branch.io, so that Branch can promptly investigate and delete any information that it may have been provided inappropriately.

Website: The Branch Website is not directed to children. We do not knowingly collect through the Website Personal Data from anyone under the age of 13 (and in certain jurisdictions under the age of 16). If you are under 13 (and in certain jurisdictions under 16), please do not attempt to register or send any information about yourself to us, including your name, address, telephone number, or email address. No one under 13 (and in certain jurisdictions under 16) may provide any Personal Data to us. In the event that we learn that we have collected any such data from a child under 13 (and in certain jurisdictions under 16) through our Website, we will take reasonable steps to delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13 (and in certain jurisdictions under 16), please contact us at privacy@branch.io, so that Branch can promptly investigate and delete any inappropriately obtained information.

We may change this Policy at any time in our sole discretion. We will post all changes to this Policy on this page and will indicate at the top of the page the modified Policy’s effective date. If you have any questions or suggestions regarding this Policy, please contact us at:

Branch Metrics, Inc.
1400 Seaport Blvd
Building B, 2nd Floor
Redwood City, CA 94063
or by email at info@branch.io

This Privacy Policy shall be implemented by Branch and all its operating divisions, subsidiaries and affiliates. Branch has put in place mechanisms to verify ongoing compliance with Privacy Shield Principles and this Privacy Policy.