Our Commitment to Your Privacy
Updated: February 24, 2021
Diffbot is a service that uses bots, algorithms, computer vision and artificial intelligence (AI) to process the content on the Internet thereby allowing websites to be broken down into different page types and the pages to be identified. Diffbot’s technology differentiates between a social network profile, a blog post, a website’s front page, a product page, an event page, and more. Diffbot’s machine learning and computer vision algorithms and APIs (application program interfaces) are used by Subscribers of our services to facilitate the discovery, identification, and extraction of data content from publicly accessible and available websites and services.
More details about the Diffbot products, and services offered can be found on our website at https://www.diffbot.com.
Diffbot is a data controller and is responsible for your personal data.
Our Contact information is:
Diffbot Technologies Corp.
333 Ravenswood Ave
Menlo Park, CA 94025
PHONE: 1 (855) 885-4800
Data Protection Officer
Diffbot Technologies Corp.
333 Ravenswood Ave
Menlo Park, CA 94025
Phone Number: 1-855-885-4800 Email: firstname.lastname@example.org
WHAT INFORMATION DO WE COLLECT? TRIAL SERVICES
When a Visitor registers to trial our Service, the Visitor becomes a Subscriber of our services for a trial period. We collect the following data in order to provide the Trial services:
We also issue each Subscriber a unique API key in order to access the Services during the trial period.
When a Subscriber commits to continue use of our Services on an ongoing basis following the trial period by purchasing our Services, we collect the same information as we do for a trial subscription, plus our payments processor collects Credit Card Information to facilitate monthly subscription payments. We collect and use the following data and associate it with your API key in order to provide you with our services. This includes:
During use of the Services (for Subscribers) we also collect
VISITOR(S) and SUBSCRIBER(S)
We collect non-personal information (i.e. information that on its own cannot be used to personally identify you as an individual) that includes:
anonymous usage data
referring/exit pages and URLs
Information collected from cookies
Our Site or Service may not be available in all areas.
We crawl the public web to collect and use different kinds of data, including data about Search Subjects that are publicly available. We allow our Subscribers to engage with the data supplied by Search Subjects in a strategic, meaningful, and targeted manner, to the extent it is available, and in accordance with the instructions of our Subscribers. This information includes but is not limited to:
Publicly available biographical information disclosed on webpages
Work Telephone Number
Public web page URLs and handles
Subject area expertise
We do not collect sensitive personal data about a Search Subject’s (race, ethnicity, religious or philosophical beliefs, sexual preferences or orientation, political opinions or memberships, trade union memberships, health information; genetic or biometric data) unless the Search Subject published such data to the public domain him/herself (i.e. you have made such information available to the public by writing about it or posting it on your social media profile(s) and/or website).
HOW IS DATA COLLECTED?
The data collected from Subscribers (for both Trial and Ongoing usage) is provided by the subscribers at the time of sign up in order for us to provide the service. Usage data is collected whenever Subscribers use the services.
Diffbot may collect information automatically using web tracking technologies such as cookies, web beacons, pixel tags, clear GIFs, and third party tracking services in order to ensure that the Sites and Services operate efficiently and to collect data related to usage of the Site and Service such as, but not limited to, the browser type, language preference, referring site, and the date and time of each visitor request (“Tracking Information”).
COOKIES AND TRACKING
VISITORS and SUBSCRIBERS
We use both session-based and persistent cookies.
Session-based cookies last only while your browser is open and are automatically deleted when you close your browser.
Persistent cookies last until you or your browser delete them or until they expire. They are unique and allow us to collect site analytics and to customize a Subscriber’s experience. If you access our Site through your browser, you can manage your cookie settings.
Diffbot does not link Tracking Information to individual user Personal Information; nor does it include the Personal Information with the Tracking Information that Diffbot shares with the web tracking companies that use and process the Tracking Information, except as strictly necessary to provide and improve the Services (including customer support services). Some Tracking Information may include log or other data, such as IP address data, that is unique to you. You may be able to modify your browser settings to alter which web tracking technologies are permitted when you use the Site(s) and Services, but this may affect the performance of the Sites and Services.
If you do not wish to receive cookies, you may deactivate storing cookies on your computer by changing your browser settings accordingly. Please note that the functionality of the Site(s) and Services may be impaired, and the range of functionalities may be severely limited if you deactivate cookies.
The information we hold about Individuals is obtained from crawling publicly available sources on the Internet. This includes publicly available social media profiles and websites; information from articles the Search Subject may have written or was written about the Search Subject on the internet. This information is gathered by our technology using automation and machine learning algorithms.
We collect data directly from publicly available sources, including but not limited to:
Articles or blogs you may have written or may have written about you in the public domain
Vlogs you may have created in the public domain
Your own website
HOW DO WE USE YOUR DATA?
TO PROVIDE THE SERVICES
Subscriber data is used to provide the Service; process Service payments; facilitate support queries and requests. A Subscriber’s failure to provide the personal data we need, may result in our inability to complete the transaction or provide the service.
We do not control what information is collected by Subscribers or their purpose for use. To the extent any notices or consents are required, Subscribers are solely responsible for giving such notices or obtaining such consents. We do not use your personal data for activities where we believe that your interests are overridden by any unwarranted adverse impact on you.
Diffbot’s primary role is to discover, categorize, and organize information on the Internet on behalf of, and as directed by, our Subscriber(s). Diffbot subscribers can use our service and query functionality to create their own lists of Search Subjects; add their own data about Search Subjects (which only they can access); and monitor Search Subjects.
We allow our Subscribers access to search results via our online platform(s) and/or API service(s) to enable our subscribers to view information the Subscribers may be interested in.
A Subscriber can submit a query using the Diffbot UI or API to access data collected and indexed from the Internet. Diffbot then returns a list of items or subjects and a custom data set is created (a list of entities, related entities and facts) that matches the Subscriber’s search criteria. A Subscriber may also define the data to extract from a specific web page, a group of pages or domain by accessing a suite of extraction APIs, by extending an existing extraction API, or by creating a new API using custom rules which yields extracted data.
Please see Profiling and Tracking to see how your data is used for profiling and tracking.
Aggregation of Search Subject data is beneficial to you because it will allow the Subscriber to receive targeted information that may be of interest or use for due diligence, job search or other evaluation or research purposes;.
VALIDATING ACCESS TO CONTENT SUBSCRIBERS
For Subscribers, we use the Personal Data of Subscribers (i.e. login; passwords, API tokens) to validate their right to use our Services.
We will use Personal Data of Search Subjects to validate their identities in connection with the exercise of an EU, CCPA (or other applicable jurisdiction’s) data subject’s rights or in the case of non-EU, non-CCPA data subjects not subject to such legally required rights, to validate their identities prior to processing any removal or update requests.
DIRECT MARKETING SUBSCRIBERS
Customers can opt out of receiving marketing materials via email or mail at any time while receiving the Service. If you receive email, newsletter or marketing communications from us and no longer wish to receive them, please follow the removal instructions in the email or change your account settings.
We do not market to Search Subjects or commercially sell data not otherwise publicly available.
TRACKING AND PROFILING FOR CUSTOMER SERVICE PURPOSES, STATISTICAL AND TO FULFILL OBLIGATIONS TO OUR SUBSCRIBERS.
Subscriber tracking is used to improve the Services and Site and includes: length of use; time and date service was used; search queries; API requests; and how the service was accessed (app; desktop; phone).
We and third-party service providers may collect certain tracking information about your personal data for automated aggregation, indexing, and/or categorization purposes. The aggregation/categorization/indexing is limited and collected from the public domain; i.e. collected from information you publish on the internet and make public. For example, we catalog your subject matter expertise, interests, employments, education, and skills, and make this information available to our customers in response to Subscribers’ particular queries they make when using our service. While we do not have the means to contact the millions of Search Subjects indexed through crawling, we will honor applicable data subject rights requests subject to our confirmation of your identity.
DATA SUBJECT PROFILING
We combine the personal data and information from publicly available websites and present this information to our Subscribers via our Service. Our Subscribers are able to search publicly accessible sources using APIs or a search dashboard. This allows our Customers to do due diligence on Individuals with whom they wish to build a business relationship or collect and use data for other legitimate purposes.
We also offer a service that uses APIs to structure hundreds or thousands of web pages into a single, searchable index. In doing so, the Subscriber may collect and create profiles containing Personal Data.
Our Subscribers can understand your subject matter expertise, areas of interest, services offered, or subjects you are interested in thereby allowing our Subscriber(s) to target Search Subjects or other search criteria.
View and Evaluate Your Content
Via our service, a Subscriber can search and categorize your content, which may be given an automatically generated “relevance” score or be categorized/labeled, by Diffbot’s technology; The Subscriber can extract data from the aggregated data that matches their query or create graphs based on the indexes they build.
We use automated techniques such as visual layout analysis and classification, computer vision, text analytics, machine learning, knowledge fusion to identify and classify data, and extract and understand data on webpages which can be used to develop algorithms for even more robust automation. Diffbot does not use the output of automated data processing as the sole basis for any decisions regarding a Search Subject.
HOW DO WE SHARE YOUR DATA?
We will not sell, rent, or share your personal data with third parties outside of Diffbot without your consent, except in the following ways:
Subscribers (Applicable to Search Subjects): Our subscribers are typically businesses or institutions and come from all sectors. We share your data with our subscribers by allowing them access to extract data from the internet through our online services.
SUBSCRIBERS AND SEARCH SUBJECTS:
Third Parties: We sometimes contract with other companies and individuals to perform functions or services on our behalf. Our categories of service providers include: software maintenance, data hosting, sending email messages, project management and customer service. We necessarily have to share your Personal Data with such third parties as may be required to perform their functions. We take steps to ensure that these parties take protecting your privacy as seriously as we do, including entering into Data Processing Addendums, EU Model Clauses and/or ensuring they have EU-U.S. and Swiss-US Privacy Shield certification since all of our service providers are in the United States.
THIRD PARTY SEVICE PROVIDERS
Third Parties that collect and share Personal Data with us regarding Search Subjects, Trial Users, or Subscribers:
Google Analytics and Adwords
Google Analytics collects information such as how often users visit our site, what pages they visit when they do so, and what other sites they used prior to coming to this site. We use the information we get from Google Analytics only to improve this site, but in an anonymous form. Google Analytics collects only the IP address assigned to you on the date you visit this site and assigns a user ID code, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.”
Facebook pixel is code that we place on our site to help us track conversions from Facebook ads, optimize ads based on collected data, build targeted audiences for future ads, and remarket to qualified leads—people who have already taken some kind of action on your website. Facebook is self-certified under the US-EU Privacy Shield and the Swiss-U.S. Privacy Shield framework to process data in the United States and data is only shared subject to a Data Protection Addendum. For more information, go their website.
MixMax is an online marketing platform. Mixmax provides robust tools and analytics to enhance users’ outbound, electronic communications via Gmail and Google Inbox. Features include: analytics regarding open and click-through rates of recipients, automated calendar scheduling from within an email, and easy-to-use email templates. We use MixMax to facilitate outreach to trial users and subscribers. For more information please refer to: https://www.mixmax.com/legal/privacy-policy
DATA AND INTEGRATION
Chilipiper provides qualifying, routing, and booking software, used by B2B revenue teams. We use Chilipiper services to schedule demo sessions and book Sales meetings. For more information please refer to: https://www.chilipiper.com/privacy-policy
YOUR DATA SUBJECT RIGHTS SUBSCRIBERS AND SEARCH SUBJECTS
If you are a California resident or a subject of the European Union (EU) or European Economic Area (EEA) and Switzerland, you are entitled to the full spectrum of the rights under the General Data Protection Regulation (GDPR) and we accommodate any valid request. Because we value privacy and your rights in your data, we also may offer similar choices to data subjects located in the United States or other countries, even though we are not required to by law. You can exercise your data subject rights by emailing our Data Protection Officers at email@example.com.
Among those, the right to:
Require access to the personal data we collect, upon request to firstname.lastname@example.org and validation of your identity; Require rectification of your personal data we have collected, upon request to email@example.com and validation of your identity; Require erasure of your personal data (right to be forgotten) in cases where we no longer have a legitimate business purpose to collect and store such data, are not required to retain such interest for legitimate business purposes or to defend ourselves against legal claims (we may retain anonymized, de-identified data); Withdraw consent to processing of your personal data, where applicable; Lodge a complaint with your national supervisory authority (in the EEA) if you believe that your privacy rights have been breached. We only retain such information that is necessary to protect our legitimate interests or to comply with a legal obligation; If required by law, to exercise or defend legal claims, or contractual obligations with you or our customers. We may de-identify and anonymize some data for purposes of retaining it.
MINORS UNDER 18 YEARS OF AGE
Diffbot does not knowingly collect or solicit any information from anyone 18 years and younger. The Site and Service are not directed at nor made to appeal to such persons. Parents or guardians that believe that we hold information about their children aged 18 and under may contact us at firstname.lastname@example.org to have their children’s information deleted from our records.
DO NOT TRACK (DNT)
“Do Not Track” or DNT is a feature enabled on some browsers that sends a signal to request that a web application disable its tracking or cross-site user tracking. At present, our Site does not respond to or alter its practices when a DNT signal is received.
If you are providing your Personal Information to us directly to use our Services, we will transmit your data, including your Personal Data, to the United States in order to fulfill our contractual obligations to you.
HOW IS MY DATA PROTECTED?
We have implemented reasonable administrative, technical and physical security measures to protect Visitor, Subscriber and Search Subject personal information against unauthorized access, destruction or alteration. For example:
SSL encryption (https) everywhere where we deal with personal data except API calls that rely on http without encryption. Data that is stored by us is kept on secure encrypted services, located in the US. Restricting staff access to personal data protected by password logins. Regular staff privacy and security training. Payments services are tokenized. However, because no security system can be 100% effective, we cannot completely guarantee the security of any information we store, process or transmit. We are committed to protecting your personal data. We put in place safeguards including robust and appropriate technologies, processes, and contractual arrangements, so that the data we have about you is protected from unauthorized access and improper use, and we will also not keep your personal data for longer than is necessary.
Diffbot utilizes only PCI-DSS compliant third-party payment processors to ensure the security of your personal information.
HOW LONG WILL WE USE YOUR PERSONAL DATA?
We will keep Subscriber Personnel and Search Subject personal data only for as long as is necessary for the purposes set out in this privacy notice and to fulfill our legal obligations, but not longer than 30 days after we become aware that you wish to stop receiving communications or sharing your data and have verified your identity. We will not keep more data than we need.
PROCESSING SEARCH SUBJECT DATA FOR SUBSCRIBERS
Our Services may involve the processing of Search Subject Personal Data on behalf of our Subscribers. When we do so, we are acting as processors for the controllers of such data. As such, we take steps to ensure that personal data subject to GDPR is processed in accordance with controller instructions and GDPR such as entering into a Data Processing Addendum(s) incorporating EU Standard Contractual Clauses governing the processing, transmission and use of such personal data.
If you wish to exercise your data subject rights to review, rectify, delete or port your personal data please contact the controller to make such request. If you make the request to us, we will work with the controller to process and evaluate such request to confirm whether deletion is required by GDPR.
YOUR CALIFORNIA PRIVACY RIGHTS
SUBSCRIBERS AND SEARCH SUBJECTS
California residents who have an established business relationship with Diffbot may make a written request to the Diffbot about whether the Diffbot has disclosed any Personal Information to any third parties for the third parties’ direct marketing purposes during the prior calendar year. To make such a request, please send an email to: email@example.com or write us at:
c/o Data Protection Officer
Diffbot Technologies Corp.
333 Ravenswood Ave
Menlo Park, CA 94025
Phone Number: 1 (855) 885-4800
THIRD PARTY WEBSITES
We may link to other websites. When you click on one of these links, you are ‘clicking’ to another website. Diffbot does not control the data collection or privacy practices of such third party sites. We encourage you to read the privacy policies of any third party sites, as their collection, use and storage practices and policies may differ from ours.