This Privacy Statement is effective August 29, 2016.
Heroku, Inc. (“Heroku” or the “Company”) is committed to protecting the privacy of individuals who visit the Company’s Web sites (“Visitors”) and individuals who register to use the Services as defined below (“Customers”). This Privacy Statement describes Heroku’s Web site privacy practices in relation to the use of the Company’s Web sites and the related applications and services offered by Heroku (the “Services”).
Heroku's products are certified under the EU-U.S. Privacy Shield framework set forth by the U.S. Department of Commerce and the European Union. To view a description of how Heroku complies with the Privacy Shield Principles please visit: http://www.salesforce.com/assets/pdf/misc/privacy-shield-notice.pdf. For more information on the EU-U.S. Privacy Shield, please visit the U.S. Department of Commerce’s Privacy Shield website here: https://www.privacyshield.gov/welcome.
Heroku abides by the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce. Heroku has certified that it adheres to the Safe Harbor Principles. For more information on the U.S.-Swiss Safe Harbor Framework, including the Safe Harbor Principles, and to view the scope of Heroku’s certification, please visit http://www.export.gov/safeharbor/. As part of our participation in this Safe Harbor Framework, we have agreed to dispute resolution by TRUSTe for disputes relating to our compliance. If you have any questions or complaints regarding our compliance with the U.S.-SwissSafe Harbor Framework, please contact us at email@example.com. If contacting us does not resolve the issue, you may raise the issue with TRUSTe here.
1. Web sites covered
This Privacy Statement covers the information practices of Web sites that link to this Privacy Statement, including http://heroku.com and other Heroku Web sites linked from http://www.heroku.com/policy/sites (referred to as “Heroku’s Web sites” or “the Company’s Web sites”) as well as Heroku CLI, a command line tool downloadable from https://cli.heroku.com. Some Web sites hosted on the heroku.com domain may be created and managed by Heroku’s customers, rather than Heroku. Those Web sites do not link to this Privacy Statement, and are instead governed by the privacy statement of the Heroku customer that creates and manages the Web site.
Heroku enables its customers to create Web sites and applications that run natively on the Heroku platform. When Heroku Web sites are posted by Heroku, the site will link to this Privacy Statement, and this Privacy Statement applies. When Heroku Web sites are posted by third parties, the privacy statement of the third party applies, and this Privacy Statement does not apply.
Heroku also enables its customers to use third-party services (referred to as “add-ons”) as part of running Web applications on the Company’s platform. When you share information with these third-party add-on services, the privacy statement of the third party applies. Heroku’s Web sites may contain links to other Web sites. The information practices or content of such other Web sites is governed by the privacy statements of such other Web sites. The Company encourages you to review the privacy statements of other Web sites to understand their information practices.
2. Information collected
When expressing an interest in obtaining additional information about the Services or registering to use the Services, Heroku may require you to provide the Company with personal contact information, such as name, company name, address, phone number, and email address (“Required Contact Information”). When purchasing the Services, Heroku requires you to provide the Company with financial qualification and billing information, such as billing name, billing address, and credit card number (“Billing Information”). Heroku may also ask you to provide additional information, such as company annual revenues, number of employees, or industry (“Optional Information”). Required Contact Information, Billing Information, and Optional Information about Customers are referred to collectively as “Data About Heroku Customers.”
As you navigate the Company’s Web site, Heroku may also collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons (“Web Site Navigational Information”). Web Site Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on the Company’s Web sites (such as the Web pages viewed and the links clicked). For additional information about the collection of Web Site Navigational Information by Heroku and others, please click here.
3. Use of information collected
The Company uses Data About Heroku Customers to perform the services requested. For example, if you fill out a “Contact Me” Web form, the Company will use the information provided to contact you about your interest in the Services. Also, Customers may elect to invite a friend to use Heroku’s Services in a collaborative manner (referred to as adding “collaborators”). Heroku must receive the email address of the friend, and sends the friend an invitation email.
The Company may also use Data About Heroku Customers for marketing purposes. For example, the Company may use information you provide to contact you to further discuss your interest in the Services and to send you information regarding the Company and its partners, such as information about promotions or events.
Heroku uses credit card information solely to check the financial qualifications of prospective Customers and to collect payment for the Services.
Heroku uses Web Site Navigational Information to operate and improve the Company’s Web site. The Company may also use Web Site Navigational Information alone or in combination with Data About Heroku Customers to provide personalized information about the Company. For additional information about the use of Web Site Navigational Information, please click here.
4. Web Site Navigational Information
Cookies, Web Beacons and IP Addresses
Heroku uses commonly-used information-gathering tools, such as cookies and Web beacons, to collect information as you navigate the Company’s Web sites (“Web Site Navigational Information”). This section describes the types of Web Site Navigational Information that may be collected on the Company’s Web sites and how this information may be used.
If you have chosen to identify yourself to Heroku, the Company uses session cookies containing encrypted information to allow the Company to uniquely identify you. Each time you log into the Services, a session cookie containing an encrypted, unique identifier that is tied to your account is placed your browser. These session cookies allow the Company to uniquely identify you when you are logged into the Services and to process your online transactions and requests. Session cookies are required to use the Services.
Heroku uses persistent cookies that only the Company can read and use to identify browsers that have previously visited the Company’s Web site. When you purchase the Services or provide the Company with personal information, a unique identifier is assigned you. This unique identifier is associated with a persistent cookie that the Company places on your Web browser. The Company is especially careful about the security and confidentiality of the information stored in persistent cookies. For example, the Company does not store account numbers or passwords in persistent cookies. If you disable your Web browser’s ability to accept cookies, you will be able to navigate the Company’s Web site, but you will not be able to successfully use the Services.
Heroku may use information from session and persistent cookies in combination with Data About Heroku Customers to provide you with information about the Company and the Services.
The following sets out how Heroku uses different categories of cookies and your options for managing cookies’ settings:
|Type of Cookies||Description||Managing Settings|
|Performance cookies||These cookies collect information about how Visitors use our Web site, including which pages Visitors go to most often and if they receive error messages from certain pages. These cookies do not collect information that individually identifies a Visitor. All information these cookies collect is aggregated and anonymous. It is only used to improve how the Company’s Web sites function and perform. From time-to-time, Heroku engages third parties to track and analyze usage and volume statistical information from individuals who visit the Web site. Heroku may also utilize Flash cookies for these purposes. Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored.||To learn how to opt out of performance cookies using your browser settings click here. To learn how to manage privacy and storage settings for Flash cookies click here.|
|Functionality cookies||Functionality cookies allow the Company’s Web sites to remember information you have entered or choices you make (such as your username, language, or your region) and provide enhanced, more personal features. These cookies also enable you to optimize your use of the Services after logging in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. Heroku may use local shared objects, also known as Flash cookies, to store your preferences or display content based upon what you view on our Web sites to personalize your visit.||To learn how to opt out of functionality cookies using your browser settings click here. Note that opting out may impact the functionality you receive when visiting the Company’s Web site. To learn how to manage privacy and storage settings for Flash cookies click here.|
Web Beacons - Heroku uses Web beacons alone or in conjunction with cookies to compile information about Customers and Visitors’ usage of the Company’s Web sites and interaction with emails from the Company. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Web site tied to the Web beacon, and a description of a Web site tied to the Web beacon. For example, Heroku may place Web beacons in marketing emails that notify the Company when you click on a link in the email that directs you to the Company’s Web site. Heroku uses Web beacons to operate and improve the Company’s Web sites and email communications.
Heroku may use information from Web beacons in combination with Data About Heroku Customers to provide you with information about the Company and the Services.
IP Addresses - When you visit Heroku’s Web site, the Company collects your Internet Protocol (“IP”) addresses to track and aggregate non-personal information. For example, Heroku uses IP addresses to monitor the regions from which Customers and Visitors navigate the Company’s Web site.
Do Not Track - Currently, various browsers – including Internet Explorer, Firefox, and Safari – offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to Web sites visited by the user about the user's browser DNT preference setting. Heroku does not currently commit to responding to browsers' DNT signals with respect to the Company's Web sites, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent. Heroku takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
5. Public forums and customer testimonials
Heroku may provide bulletin boards, blogs, or chat rooms on the Company’s Web site. Any personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. Heroku is not responsible for the personal information you choose to submit in these forums.
Heroku may post a list of Customers and testimonials on the Company’s Web sites that contain information such as Customer names and titles. Heroku obtains the consent of each Customer prior to posting any information on such a list or posting testimonials.
6. Sharing of Information Collected
Heroku may share Data About Heroku Customers with the Company’s contracted service providers so that these service providers can provide services on our behalf. Without limiting the foregoing, Heroku may also share Data About Heroku Customers with the Company’s service providers to ensure the quality of information provided, and with third-party social networking and media Web sites, such as Facebook, for marketing and advertising on those Web sites. Unless described in this Privacy Statement, Heroku does not share, sell, rent, or trade any information provided with third parties for their promotional purposes.
The Company may share Data About Heroku Customers with other companies in order to work with them, including affiliates of the salesforce.com corporate group. For example, the Company may need to share Data About Heroku Customers for customer relationship management purposes.
From time to time, Heroku may partner with other companies to jointly offer products or services. If you purchase or specifically express interest in a jointly-offered product or service from Heroku, the Company may share Data About Heroku Customers collected in connection with your purchase or expression of interest with our joint promotion partner(s). Heroku does not control our business partners’ use of the Data About Heroku Customers we collect, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to purchase or specifically express interest in a jointly offered product or service.
Heroku uses a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing on the Company’s behalf.
Heroku reserves the right to use or disclose information provided if required by law or if the Company reasonably believes that use or disclosure is necessary to protect the Company’s rights and/or to comply with a judicial proceeding, court order, or legal process.
7. International transfer of information collected
To facilitate Heroku’s global operations, the Company may store, transfer and access Data About Heroku Customers around the world, including the United States and other countries in which the Company has operations. This Privacy Statement shall apply even if Heroku transfers Data About Heroku Customers to other countries.
8. Communications preferences
Heroku offers Customers and Visitors who provide contact information a means to choose how the Company uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of the Company’s marketing emails. Additionally, you may send a request specifying your communications preferences to firstname.lastname@example.org. Customers cannot opt out of receiving transactional emails related to their account with Heroku or the Services.
9. Correcting and updating your information
Customers may update or change their registration information by editing their user or organization record. You can update your information on the accounts page. For additional information not accessible from the accounts page, you can make a request to email@example.com. Requests to access, change, or delete this information will be handled within 30 days.
10. Data retention
Heroku retains the information we receive as described in this Privacy Statement above for reasonable duration, for example, as the case may be, for as long as needed to provide our Services, comply with our legal obligations, resolve disputes, establish legal defenses, to conduct audits, pursue legitimate business purposes, and enforce our agreements.
11. Customer Data
As part of using our Services, Customers may submit electronic data or information to the Services (“Customer Data”) which may include personal information. The Company generally has no direct relationship with the individuals to whom Customer Data may pertain, which we process on the behalf of our Customers. Any uses of Customer Data by the Company are done so pursuant to the Company’s Terms of Service or a subscription agreement in place between the Company and the relevant Customer (or his/her organization), which exclusively govern the Company’s treatment of Customer Data and supersede this Privacy Statement in case of conflict, or as required by law. If personal information pertaining to you as an individual has been submitted to us by a Customer as Customer Data and you wish to exercise any rights you may have to access, correct, amend, or delete such data, please inquire with the Customer (or his/her organization) directly. If an authorized Customer requests that we update or remove the data in question and the Customer has no ability to do so via use of the Services, we will acknowledge their request within 30 days. Additional information about the Company’s privacy and security practices with respect to Customer Data is available here.
Heroku uses appropriate administrative, technical, and physical security measures to protect Data About Heroku Customers.
13. Changes to this Privacy Statement
Heroku reserves the right to change this Privacy Statement. Heroku will provide notification of the material changes to this Privacy Statement through the Company’s Web sites at least thirty (30) business days prior to the change taking effect.
14. Contacting Us
Questions regarding this Privacy Statement or the information practices of the Company’s Web sites should be directed to firstname.lastname@example.org or by mailing Heroku Privacy, 650 7th St, San Francisco, CA 94103.