Stoplight Privacy Policy

Last updated: May 27, 2022

Stoplight understands that you care about how information about you is used. This Privacy Policy (the “Privacy Policy”) explains how we collect personal information, through our online services (the “Services”) and website (collectively with the Services, the “Site”); how we maintain, use, and share that information; and how you can manage the way information about you is handled.

Stoplight may collect information in a variety of ways:

Contact information. A user is required to provide basic contact information (e.g., name and business email address) to create an account for the Services and identify you when you sign in to your account.

Account information. To administer, manage or update a Stoplight account, you or a Customer (the entity purchasing the Services if not an individual) supply Stoplight with names and email addresses for authorized users of the account, a domain and/or similar account details with respect to its users. In addition, self-service Customers that purchase a paid version of the Services provide Stoplight (or its payment processors) with billing details such as credit card information, and/or a billing address.

Log data. As with most technology services delivered over the Internet, our servers automatically collect information when you access or use our Site and record it in log files. This log data may include the Internet Protocol (IP) address, browser type and settings, the date and time the Services were used, and information about browser configuration and plugins.

Automated information collection. We also collect information using cookies, as described below under the “Cookies and Similar Technologies” section.

When you submit information through our Site. Visitors to our Site may choose to submit their name, email address, phone number, and/or other information so that they can learn more about our Services, register to take part in a Stoplight-sponsored event, participate in a survey, contest, or sweepstakes, or apply to Stoplight’s open job positions, among other things. By accessing, using, and/or submitting information through the Site, you consent to the practices described in this Privacy Policy with regard to the information collected thereby as described herein. If you do not agree with this Privacy Policy, you should not submit any information through our Site and you must delete all cookies from your browser cache after visiting the Site and refrain from visiting or using the Site.

Stoplight uses information in furtherance of our legitimate interests in operating our Services, websites, and business. More specifically, Stoplight uses information:

  • To provide, update, maintain and protect our Services, websites, and business. This includes use of information to support delivery of the Services to Customers, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities, or at a user’s request.
  • To communicate with you by responding to your requests, comments, and questions.
  • To consider you for possible employment with Stoplight in connection with an application that you submit through the Site, and communicate with you about your application.
  • To investigate and help prevent security issues and abuse.
  • For billing, account management, and other administrative matters. Stoplight may need to contact you for invoicing, account management, and similar reasons and Stoplight uses account data to administer accounts and keep track of billing and payments.
  • To send emails and other communications. Stoplight may send you service, technical and other administrative emails, messages, and other types of communications. Stoplight may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices. These communications are considered part of the Services and you may not opt out of them. In addition, Stoplight sometimes sends emails about new product features, promotional communications, or other news about Stoplight. These are marketing messages so you can control whether you receive them. If you have additional questions about a message you have received from Stoplight please reach out through the contact mechanisms described below.
  • As required by applicable law, legal process, or regulation.

Disclosures to Service Providers. Stoplight may engage third parties as service providers or business partners to process information and support our business. These third parties may, for example, provide cloud computing and storage services. To the extent necessary and applicable, these third-party service providers and partners will be bound by appropriate and commercially reasonable confidentiality obligations.

Disclosures for Legal Reasons. We may disclose collected information to a third party if we believe in good faith that such disclosure is necessary or desirable: (i) to comply with lawful requests or orders by public authorities; (ii) to address a violation of the law; (iii) to protect the rights, property, or safety of Stoplight, its users, or the public; or (iv) to allow Stoplight to exercise its legal rights or respond to a legal claim.

Disclosures to a Buyer of the Company. If our company or substantially all of our assets are acquired, or in the event of a merger or bankruptcy, information about you and/or information you provide to Stoplight may be among the transferred assets. You will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

With consent. Stoplight may share information with third parties when we have your consent to do so.

Most websites, including our Site, use a feature of your browser to set a small text file called a “cookie” on your computer. The site placing the cookie on your computer can then recognize the computer when you revisit the site to allow auto log in and track how you are using the Site.

When you visit our Site, our servers and/or those of our service providers automatically record certain information that your web browser sends, such as your web request, Internet Protocol address, browser type, referring/exit pages and URLs, landing pages, pages viewed, time and date of use, and other information.

You are free to decline cookies. You can configure your browser to accept all cookies, reject all cookies, erase cookies, or notify you when a cookie is set. Electing to reject or disable cookies may substantially limit your ability to use our Site.

The use of cookies and similar technologies by our partners and service providers is not covered by this Privacy Policy. We do not have access to or control over these cookies. Our partners and service providers may use cookies in order to:

  • personalize your experience
  • analyze which pages our visitors visit
  • measure advertising effectiveness
  • track which areas of our site you visit; in order to remarket to you after you leave

To disable or reject third-party cookies generally, please refer to the third-party’s relevant website.

We use Google Analytics, a web analytics service provided by Google, Inc., on our Site. Google Analytics uses cookies or other tracking technologies to help us analyze how users interact with and use the Site, compile reports on the Site’s activity, and provide other services related to Site activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website. The Site does not use Google Analytics to gather information that personally identifies you. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies.

Our Site contains electronic images known as “web beacons” (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how our site is used and may be used in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our Customer communications and marketing campaigns.

Stoplight gives you the opportunity to “opt out” of having your information used for certain purposes. If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by following the instructions included in each newsletter or communication.

You may change any of your information in your account by editing your settings within your account or by sending an email to us at the address listed below. You may request deletion of your Personal Data by us, and we will use commercially reasonable efforts to honor your request, but please note that we may be required to keep such information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). We cannot delete your Personal Data except by also deleting your user account.

Security is critical to Stoplight’s mission, and Stoplight takes security of data seriously. Stoplight uses industry-standard technical and organizational measures to protect information from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information Stoplight collects, processes, and stores, and the current state of technology. Given the nature of communications and information processing technology, Stoplight cannot guarantee that information in our care will be absolutely safe from intrusion by others during transmission through the Internet or while stored on our systems or otherwise. When you click a link to a third-party site, you will be leaving our site and Stoplight doesn’t control or endorse what is on third-party sites.

We will retain your information for a period of time consistent with the original purpose(s) for which we collected it, as described in this Privacy Policy. We will retain your information (i) for as long as we have an ongoing relationship with you and as needed to provide you Services; (ii) as necessary to comply with (and demonstrate compliance with) our legal obligations; (iii) as necessary to resolve disputes or to protect ourselves from potential future disputes; or (iv) as necessary to perform or enforce our agreements. Retention periods will be determined taking into account the amount, nature, and sensitivity of your information and the purposes for which it was collected. After the retention period ends, we will delete your information. Where we are unable to do so, we will ensure that appropriate measures are put in place to prevent any further use of your information.

If you use our Site outside of the United States, you understand that we may transfer your Personal Data to countries other than the one in which you live - generally, from locations outside the United States to the United States, as further described below. To the extent information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data.”

If you are a resident of the EEA, the UK, or Switzerland, the following information applies.

Purposes of processing and legal basis for processing: As explained above, we process Personal Data in various ways depending upon your use of our Sites. We process Personal Data on the following legal bases:

  1. with your consent;
  2. as necessary to perform our agreements to provide Services;
  3. as necessary for compliance with a legal obligation to which we are subject; and
  4. as necessary for our legitimate interests in providing the Site where those interests do not override your fundamental rights and freedom related to data privacy.

Right to lodge a complaint: Users that reside in the EEA, the UK, or Switzerland have the right to lodge a complaint about our data collection and processing actions with your local data protection authority.

Transfers: Personal Data we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our service providers maintain facilities. Per the applicable requirements of the General Data Protection Regulation (“GDPR”), we will ensure that transfers of Personal Data to a third country or an international organization are subject to appropriate safeguards as described in Article 46 of the GDPR, such as the EU Standard Contractual Clauses.

Individual Rights: If you are a resident of the EEA, the UK, or Switzerland, you are entitled to the following rights under the GDPR. Please note: In order to verify your identity, we may require you to provide us with Personal Data prior to accessing any records containing information about you.

  • The right to access, correction, and restriction of processing. You have the right to request access to, and a copy of, your Personal Data at no charge, as well as certain information about our processing activities with respect to your data. You have the right to request correction or completion of your Personal Data if it is inaccurate or incomplete. You have the right to restrict our processing if you contest the accuracy of the data we hold about you, for as long as it takes to verify its accuracy.
  • The right to data portability. To the extent relevant based on the limited Personal Data we maintain, you have the right to ask for a copy of your data in a machine-readable format. You can also request that we transmit your data to another entity where technically feasible.
  • The right to request data erasure. You have the right to have your data erased from our Site if the data is no longer necessary for the purpose for which it was collected, you withdraw consent and no other legal basis for processing exists, or your fundamental rights to data privacy and protection outweigh our legitimate interest in continuing the processing.
  • The right to object to our processing. You have the right to object to our processing if we are processing your data based on legitimate interests or the performance of a task in the public interest as an exercise of official authority (including profiling); using your data for direct marketing (including profiling); or processing your data for purposes of scientific or historical research and statistics.

In accordance with the Guidelines on the concepts of controller and processor in the GDPR promulgated by the European Data Protection Board (the “EDPB”) on 7 July, 2021, Stoplight is an independent controller of the Personal Data processed in conjunction with its provision of the Services, as it decides the purposes and means of the processing of this limited Personal Data (i.e. name and business email for purposes of authentication to the Services).

Stoplight complies with the provisions of the GDPR as to any information in its possession regarding data subjects (as such term is defined in the GDPR). As such, Stoplight only processes personal information on data subjects where it has a lawful basis to do so, which may include the consent of the person (especially in the case of website visitors who provide their information), performance of a contract, compliance with a legal obligation, or the legitimate interest as the controller with respect to the provision of the Services. Stoplight provides notice to all data subjects as required by GDPR Article 13 or 14, as appropriate, and honors the rights of data subjects provided in Articles 12-23, including the right to be forgotten. For any opt-out requests or other inquiries related to privacy, please email [email protected]

This Site contains links to other sites that are not owned or controlled by Stoplight. We are not responsible for the privacy practices of such other sites. When you leave our Site, we encourage you to be aware and to read the privacy statements of each and every website that collects personally identifiable information. This Privacy Policy applies only to information collected by this Site or in the method(s) otherwise discussed herein.

Your browser or device may include ‘Do Not Track’ functionality. Our information collection and disclosure practices, and the choices that we provide to visitors, will continue to operate as described in this Privacy Policy, whether or not a Do Not Track signal is received.

Our Site is not directed to or intended for individuals under the age of 16. We do not knowingly collect or use any Personal Data from users of our Site who are under the age of 16. No Personal Data should be submitted to our Site by individuals who are under 16 years of age. If we learn that we have collected information from someone who is under 16, we will take steps to delete the Personal Data as soon as possible. If you believe we may have collected Personal Data from someone under 16, please contact us at [email protected].

Stoplight keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 27 May 2022. Your continued use of the Site after any updates to this Privacy Policy constitutes your acceptance of the updated Privacy Policy.

Please also feel free to contact Stoplight if you have any questions about this Privacy Policy or Stoplight’s practices, or if you are seeking to exercise any of your statutory rights. Stoplight will respond within a timeframe that is compliant with all applicable regulations. You may contact us at [email protected] or at our mailing address below:

Stoplight, Inc. 411 W Monroe St, #31 Austin, TX 78704 Attn: Legal Department