Privacy Statement

This Privacy Statement is effective July 31, 2014.

Heroku, Inc. (“Heroku” or the “Company”) is committed to protecting the privacy of individuals who visit the Company’s Web sites (“Visitors”) and individuals who register to use the Services as defined below (“Customers”). This Privacy Statement describes Heroku’s Web site privacy practices in relation to the use of the Company’s Web sites and the related applications and services offered by Heroku (the “Services”).

Heroku abides by the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce and the European Union. Heroku has certified that it adheres to the Safe Harbor Principles. For more information on the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework, including the Safe Harbor Principles, and to view the scope of Heroku's certification, please visit http://www.export.gov/safeharbor/. As part of our participation in these Safe Harbor Frameworks, we have agreed to dispute resolution by TRUSTe for disputes relating to our compliance. If you have any questions or complaints regarding our compliance with the U.S.-EU Safe Harbor Framework or the U.S.-Swiss Safe Harbor Framework, please contact us at privacy@heroku.com. If contacting us does not resolve the issue, you may raise the issue with TRUSTe here. Alternatively, please click here for TRUSTe fax and postal mail information. TRUSTe's Dispute Resolution process is only available in English.

1. Web sites covered

This Privacy Statement covers the information practices of Web sites that link to this Privacy Statement, including http://heroku.com and other Heroku Web sites linked from http://www.heroku.com/policy/sites (referred to as “Heroku’s Web sites” or “the Company’s Web sites”) as well as Heroku Toolbelt, a command line tool downloadable from https://toolbelt.heroku.com. Some Web sites hosted on the heroku.com domain may be created and managed by Heroku’s customers, rather than Heroku. Those Web sites do not link to this Privacy Statement, and are instead governed by the privacy statement of the Heroku customer that creates and manages the Web site.

Heroku enables its customers to create Web sites and applications that run natively on the Heroku platform. When Heroku Web sites are posted by Heroku, the site will link to this Privacy Statement, and this Privacy Statement applies. When Heroku Web sites are posted by third parties, the privacy statement of the third party applies, and this Privacy Statement does not apply.

Heroku also enables its customers to use third-party services (referred to as “add-ons”) as part of running Web applications on the Company’s platform. When you share information with these third-party add-on services, the privacy statement of the third party applies. Heroku’s Web sites may contain links to other Web sites. The information practices or content of such other Web sites is governed by the privacy statements of such other Web sites. The Company encourages you to review the privacy statements of other Web sites to understand their information practices.

2. Information collected

When expressing an interest in obtaining additional information about the Services or registering to use the Services, Heroku may require you to provide the Company with personal contact information, such as name, company name, address, phone number, and email address (“Required Contact Information”). When purchasing the Services, Heroku requires you to provide the Company with financial qualification and billing information, such as billing name, billing address, and credit card number (“Billing Information”). Heroku may also ask you to provide additional information, such as company annual revenues, number of employees, or industry (“Optional Information”). Required Contact Information, Billing Information, and Optional Information about Customers are referred to collectively as “Data About Heroku Customers.”

As you navigate the Company’s Web site, Heroku may also collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons (“Web Site Navigational Information”). Web Site Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on the Company’s Web sites (such as the Web pages viewed and the links clicked). For additional information about the collection of Web Site Navigational Information by Heroku and others, please click here.

3. Use of information collected

The Company uses Data About Heroku Customers to perform the services requested. For example, if you fill out a “Contact Me” Web form, the Company will use the information provided to contact you about your interest in the Services. Also, Customers may elect to invite a friend to use Heroku’s Services in a collaborative manner (referred to as adding “collaborators”). Heroku must receive the email address of the friend, and sends the friend an invitation email.

The Company may also use Data About Heroku Customers for marketing purposes. For example, the Company may use information you provide to contact you to further discuss your interest in the Services and to send you information regarding the Company and its partners, such as information about promotions or events.

Heroku uses credit card information solely to check the financial qualifications of prospective Customers and to collect payment for the Services.

Heroku uses Web Site Navigational Information to operate and improve the Company’s Web site. The Company may also use Web Site Navigational Information alone or in combination with Data About Heroku Customers to provide personalized information about the Company. For additional information about the use of Web Site Navigational Information, please click here.

4. Web Site Navigational Information

Cookies, Web Beacons and IP Addresses

Heroku uses commonly-used information-gathering tools, such as cookies and Web beacons, to collect information as you navigate the Company’s Web sites (“Web Site Navigational Information”). This section describes the types of Web Site Navigational Information that may be collected on the Company’s Web sites and how this information may be used.

Cookies - Heroku uses cookies to make interactions with the Company’s Web sites easy and meaningful. When you visit the Company’s Web site, Heroku’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to Heroku, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Me” or a “30 Day Free Trial” Web form), you remain anonymous to the Company.

Heroku uses cookies that are session-based and persistent-based. Session cookies exist only during one session. They disappear from your computer when you close your browser or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer. Please note that if you disable your Web browser’s ability to accept cookies, you will be able to navigate the Company’s Web sites, but the functionality and features of the Services may be affected, and you may not be able to successfully use the Services. Similarly, if you disable JavaScript, some features of the Company’s Web sites may not function properly, and some areas of the Company’s Web sites may not function at all.

If you have chosen to identify yourself to Heroku, the Company uses session cookies containing encrypted information to allow the Company to uniquely identify you. Each time you log into the Services, a session cookie containing an encrypted, unique identifier that is tied to your account is placed your browser. These session cookies allow the Company to uniquely identify you when you are logged into the Services and to process your online transactions and requests. Session cookies are required to use the Services.

Heroku uses persistent cookies that only the Company can read and use to identify browsers that have previously visited the Company’s Web site. When you purchase the Services or provide the Company with personal information, a unique identifier is assigned you. This unique identifier is associated with a persistent cookie that the Company places on your Web browser. The Company is especially careful about the security and confidentiality of the information stored in persistent cookies. For example, the Company does not store account numbers or passwords in persistent cookies. If you disable your Web browser’s ability to accept cookies, you will be able to navigate the Company’s Web site, but you will not be able to successfully use the Services.

Heroku may use information from session and persistent cookies in combination with Data About Heroku Customers to provide you with information about the Company and the Services.

The following sets out how Heroku uses different categories of cookies and your options for managing cookies’ settings:

Type of Cookies Description Managing Settings
Required cookies Required cookies enable you to navigate the Company’s Web sites and use their features, such as accessing secure areas of the Web sites and using Heroku Services. If you have chosen to identify yourself to Heroku, the Company uses cookies containing encrypted information to allow the Company to uniquely identify you. Each time you log into the Services, a cookie containing an encrypted, unique identifier that is tied to your account is placed on your browser. These cookies allow the Company to uniquely identify you when you are logged into the Services and to process your online transactions and requests. Because required cookies are essential to operate the Company’s Web sites and the Services, there is no option to opt out of these cookies.
Performance cookies These cookies collect information about how Visitors use our Web site, including which pages Visitors go to most often and if they receive error messages from certain pages. These cookies do not collect information that individually identifies a Visitor. All information these cookies collect is aggregated and anonymous. It is only used to improve how the Company’s Web sites function and perform. From time-to-time, Heroku engages third parties to track and analyze usage and volume statistical information from individuals who visit the Web site. Heroku may also utilize Flash cookies for these purposes. Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored. To learn how to opt out of performance cookies using your browser settings click here. To learn how to manage privacy and storage settings for Flash cookies click here.
Functionality cookies Functionality cookies allow the Company’s Web sites to remember information you have entered or choices you make (such as your username, language, or your region) and provide enhanced, more personal features. These cookies also enable you to optimize your use of the Services after logging in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. Heroku may use local shared objects, also known as Flash cookies, to store your preferences or display content based upon what you view on our Web sites to personalize your visit. To learn how to opt out of functionality cookies using your browser settings click here. Note that opting out may impact the functionality you receive when visiting the Company’s Web site. To learn how to manage privacy and storage settings for Flash cookies click here.
Analytics, Targeting and Advertising cookies From time-to-time, Heroku may engage third parties to track and analyze usage and volume statistical information from individuals who visit the Company’s Web site. For example, we may use Google Analytics and Omniture to improve our Web site performance, run tests on the effectiveness of our Web sites and marketing efforts, and improve user experience. Heroku may use cookies delivered by third parties to track the performance of Company’s advertisements. For example, these cookies remember which browsers have visited the Company’s Web sites. The information provided to third parties does not include personal information, but this information may be re-associated with personal information after the Company receives it. Heroku may also contract with third-party advertising networks that collect IP addresses and other information from the Company’s Web site, from emails, and on third-party Web sites. Ad networks follow your online activities over time by collecting Web Site Navigational Information through automated means, including through the use of cookies. They use this information to provide advertisements about products and services tailored to your interests. You may see these advertisements on other Web sites. This process also helps the Company manage and track the effectiveness of its marketing efforts. Third parties, with whom the Company may partner to provide certain features on our Company’s Web sites or to display advertising based upon your Web browsing activity, may use Flash cookies to collect and store information. To learn more about advertising networks and their opt out instructions, click here and here. To learn how to opt out of these cookies using your browser settings click here), and to learn how to manage privacy and storage settings for Flash cookies click here.

Web Beacons - Heroku uses Web beacons alone or in conjunction with cookies to compile information about Customers and Visitors’ usage of the Company’s Web sites and interaction with emails from the Company. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Web site tied to the Web beacon, and a description of a Web site tied to the Web beacon. For example, Heroku may place Web beacons in marketing emails that notify the Company when you click on a link in the email that directs you to the Company’s Web site. Heroku uses Web beacons to operate and improve the Company’s Web sites and email communications.

Heroku may use information from Web beacons in combination with Data About Heroku Customers to provide you with information about the Company and the Services.

IP Addresses - When you visit Heroku’s Web site, the Company collects your Internet Protocol (“IP”) addresses to track and aggregate non-personal information. For example, Heroku uses IP addresses to monitor the regions from which Customers and Visitors navigate the Company’s Web site.

Do Not Track - Currently, various browsers – including Internet Explorer, Firefox, and Safari – offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to Web sites visited by the user about the user's browser DNT preference setting. Heroku does not currently commit to responding to browsers' DNT signals with respect to the Company's Web sites, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent. Heroku takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.

5. Public forums and customer testimonials

Heroku may provide bulletin boards, blogs, or chat rooms on the Company’s Web site. Any personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. Heroku is not responsible for the personal information you choose to submit in these forums.

Heroku may post a list of Customers and testimonials on the Company’s Web sites that contain information such as Customer names and titles. Heroku obtains the consent of each Customer prior to posting any information on such a list or posting testimonials.

6. Sharing of Information Collected

Service Providers

Heroku may share Data About Heroku Customers with the Company’s contracted service providers so that these service providers can provide services on our behalf. Without limiting the foregoing, Heroku may also share Data About Heroku Customers with the Company’s service providers to ensure the quality of information provided, and with third-party social networking and media Web sites, such as Facebook, for marketing and advertising on those Web sites. Unless described in this Privacy Statement, Heroku does not share, sell, rent, or trade any information provided with third parties for their promotional purposes.

Heroku Affiliates

The Company may share Data About Heroku Customers with other companies in order to work with them, including affiliates of the salesforce.com corporate group. For example, the Company may need to share Data About Heroku Customers for customer relationship management purposes.

Business Partners

From time to time, Heroku may partner with other companies to jointly offer products or services. If you purchase or specifically express interest in a jointly-offered product or service from Heroku, the Company may share Data About Heroku Customers collected in connection with your purchase or expression of interest with our joint promotion partner(s). Heroku does not control our business partners’ use of the Data About Heroku Customers we collect, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to purchase or specifically express interest in a jointly offered product or service.

Billing

Heroku uses a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing on the Company’s behalf.

Compelled Disclosure

Heroku reserves the right to use or disclose information provided if required by law or if the Company reasonably believes that use or disclosure is necessary to protect the Company’s rights and/or to comply with a judicial proceeding, court order, or legal process.

7. International transfer of information collected

To facilitate Heroku’s global operations, the Company may store, transfer and access Data About Heroku Customers around the world, including the United States and other countries in which the Company has operations. This Privacy Statement shall apply even if Heroku transfers Data About Heroku Customers to other countries.

8. Communications preferences

Heroku offers Customers and Visitors who provide contact information a means to choose how the Company uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of the Company’s marketing emails. Additionally, you may send a request specifying your communications preferences to support@heroku.com. Customers cannot opt out of receiving transactional emails related to their account with Heroku or the Services.

9. Correcting and updating your information

Customers may update or change their registration information by editing their user or organization record. You can update your information on the accounts page. For additional information not accessible from the accounts page, you can make a request to support@heroku.com. Requests to access, change, or delete this information will be handled within 30 days.

10. Data retention

Heroku retains the information we receive as described in this Privacy Statement above for reasonable duration, for example, as the case may be, for as long as needed to provide our Services, comply with our legal obligations, resolve disputes, establish legal defenses, to conduct audits, pursue legitimate business purposes, and enforce our agreements.

11. Customer Data

As part of using our Services, Customers may submit electronic data or information to the Services (“Customer Data”) which may include personal information. The Company generally has no direct relationship with the individuals to whom Customer Data may pertain, which we process on the behalf of our Customers. Any uses of Customer Data by the Company are done so pursuant to the Company’s Terms of Service or a subscription agreement in place between the Company and the relevant Customer (or his/her organization), which exclusively govern the Company’s treatment of Customer Data and supersede this Privacy Statement in case of conflict, or as required by law. If personal information pertaining to you as an individual has been submitted to us by a Customer as Customer Data and you wish to exercise any rights you may have to access, correct, amend, or delete such data, please inquire with the Customer (or his/her organization) directly. If an authorized Customer requests that we update or remove the data in question and the Customer has no ability to do so via use of the Services, we will acknowledge their request within 30 days. Additional information about the Company’s privacy and security practices with respect to Customer Data is available here.

12. Security

Heroku uses appropriate administrative, technical, and physical security measures to protect Data About Heroku Customers.

13. Changes to this Privacy Statement

Heroku reserves the right to change this Privacy Statement. Heroku will provide notification of the material changes to this Privacy Statement through the Company’s Web sites at least thirty (30) business days prior to the change taking effect.

14. Contacting Us

Questions regarding this Privacy Statement or the information practices of the Company’s Web sites should be directed to privacy@heroku.com or by mailing Heroku Privacy, 650 7th St, San Francisco, CA 94103.