Personal Data We Collect
The personal data we collect depends on how you interact with us and how you use our services. We collect information about you from different sources and in various ways when you use our services, including information you provide directly, information collected automatically, and third-party data sources.
Information you provide directly: You may provide us with personal data through day-to-day interactions, including registering for an event, posting a comment on our website, requesting information on our products and services, or requesting customer support. For example, we may request the following types of personal data as necessary to develop or support our business relationship:
• Business contact details, such as name, address, phone number, and email address.
• Credentials, such as user name and password when you create an account or in connection with any troubleshooting or support inquiry.
• Payment information, such as credit card numbers, financial account information, and other payment details as needed when you make a purchase.
• Communications and content, such as information you enter as ‘free text’ content on our forms, forums, websites and in any communications with us.
Information we collect automatically: When you interact with us or use our services, we may collect certain information automatically via technology. For example:
• Product usage data: Where available, to make our products and services more useful to you, we collect aggregated and individually identifiable product usage data, which includes product type, login date/time, pages and features used and other similar product metrics. We automatically log your activity on our website including the URL of the website from which you came to our site. Our emails may include links to open attachments, visit pages on our website, download content, launch surveys or take other actions. If you are in our customer or prospect contact database, or have previously interacted with us online, then we may be able to link this usage data to your identity.
• Video imagery: We employ video surveillance (CCTV) at our physical offices, for purposes of office access, safety and security.
Information we receive from other sources: Not all of the information that Couchbase holds about you will always come directly from you. For example, it may come from your employer if they are a customer using our products or services. Or it may come from someone who has written a reference for you in relation to a job application. We may also receive information about you from other sources, such as marketers, partners and service providers in order to offer services we think may be of interest to you. If you provide us personal data about others, or if others give us information about you, we will only use that information for the specific reason for which it was provided to us. For example, we may obtain marketing data from other sources such as data brokers and combine that data with information we already have about you, to create more tailored advertising, products or services.
Children’s personal data: Couchbase is committed to providing excellent products and services for enterprise customers. Couchbase does not provide services for purchase by children, and this website is not intended for children. If you’re under 18, you may use Couchbase services only with the involvement of a parent or guardian. We do not knowingly sell the personal information of minors under 16 years of age without affirmative authorization.
How We Use Personal Data
We use, store and process personal data to provide, improve and develop our services and comply with our legal obligations. Accordingly, we may use such information for the following business purposes:
1. Customer communication and administration: We use personal data, such as contact information, to respond to general inquiries, provide technical and customer support and training, verify your identity, and send important account, subscription and service information.
2. Marketing and events: We use personal data such as contact information and product usage data to provide you with news, promotions, marketing and event communications about our products and services which we think may be of interest to you. You can opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications or changing your notification settings in our marketing preference center.
3. Community and event forums: Any personal data you choose to post, share, upload, or make available is public and visible to others. We may use information you provide to personalize your experience, to make recommendations in respect of information about our products and services and to improve our website, products and services.
4. Products and Services: We use personal data, such as product usage data and electronic network activity, to improve our business offerings, including our products and services and this website.
5. Personalize, measure and improve our advertising: As further described in the Cookies and Similar Technologies section below, we may collect certain technical information about the computers or devices (including mobile devices) you use and your online activities to deliver targeted advertising.
6. Human resource management: We may use personal data for purposes of recruitment administration.
7. Support for hosted services: Some of our service offerings may provide database management and data storage as an integral part of the product or solution offering. Data stored by our customers may contain personal data. Any information stored by or on behalf of such customer is controlled and managed by and only made available to such customer and our access is limited to Couchbase personnel with a critical business reason only, such as technical support.
8. Legal obligations: We may use and retain personal data as necessary for legal and compliance reasons, including the prevention, detection or investigation of fraud, abuse, security incidents and any harmful activity.
For personal data collected in the EU/EEA, the UK and other relevant jurisdictions, we will process personal data on the basis of our legitimate interest in undertaking the above business related activities; where it is necessary for the adequate performance of any contract we may have with you or to comply with the law; and/or on the basis of your clear and informed consent (as applicable).
Sharing Personal Data
2. Third party service providers: We partner with and are supported by service providers around the world (for example, information technology and related infrastructure providers, customer service providers, professional advisers and other similar service providers). Personal data will be made available to these service providers only when necessary to fulfill the services they provide to us, such as system and platform support, advertising and marketing services, and recruiting services. Such service providers are prohibited from sharing or using personal data we make available to them for any other purpose than to provide services to us.
3. Advertising and analytics partners: We may share your personal data with third-party companies, including if you have followed our instructions to allow such disclosure, such as through registration for our events with notice that we share attendee information with third-party event sponsors. Third party analytics and advertising companies also collect personal data through our website identifiers and device information (such as cookie IDs, device IDs, and IP address) and usage data described in the Cookies and Similar Technologies section below.
6. Business transactions: We may disclose your personal data to any prospective seller or buyer of any business or assets. Additionally, if Couchbase is involved in a merger, acquisition, or sale of all or a portion of its assets, personal data may be among the transferred assets. If Couchbase or our assets are acquired by another company, that company would possess your personal data and that company would assume the rights and obligations regarding your personal data as described herein. In such event, we will notify you via email and/or a prominent notice on our website, of any change in ownership, use of personal data, and choices you may have regarding personal data.
Where We Store and Process Personal Data
Where we transfer personal data from the European Economic Area to other countries in which applicable laws do not offer the same level of data privacy protection, we rely on appropriate safeguards to help ensure an adequate level of data protection, such as ensuring any such transfer is subject to the terms of the applicable EU Model Clauses or other required and adequate transfer mechanism.
Additionally, Couchbase (and its subsidiary companies) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from European Union member countries, the United Kingdom and Switzerland to the United States. To learn more about the Privacy Shield Framework, please visit: https://www.privacyshield.gov.
If third-party agents process personal data on our behalf in a manner inconsistent with the principles of either Privacy Shield Framework, we remain liable unless we prove we are not responsible for the event giving rise to the damage.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Couchbase is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Couchbase may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
European Privacy Rights
If you are a resident of the EU, EEA or UK, you have the following rights under the General Data Protection Regulation (“GDPR”) with respect to our processing of personal data about you:
1. Right to access and rectification. You can request access to the personal data about you that we hold. For personal data that is inaccurate or incomplete, you have a right to request that we correct or amend such data. If any automated processing of personal data is based on your consent or a contract with you, you have a right to transfer or receive a copy of the personal data in a usable and portable format.
2. Right of erasure. Under certain circumstances, and subject to several exceptions, you have a right to request that we delete personal information about you.
3. Right to withdraw consent. If the processing of personal data is based on your consent, you can withdraw consent at any time for future processing.
4. Right to object. You can to object to, or obtain a restriction of, the processing of personal data under certain circumstances.
California Privacy Rights
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), you have certain rights with respect to that information.
2. Right to request deletion: You also have a right to request that we delete personal information under certain circumstances, subject to a number of exceptions.
Finally, you have a right to not be discriminated against for exercising these rights set out in the CCPA.
If you are a California resident, you or an authorized agent may exercise your rights under the CCPA by contacting us through one of the methods below, by calling us at +1-855-925-1356 or by submitting our webform available here.
How We Secure Personal Data
We take reasonable and appropriate administrative, technical and physical security measures to help protect personal data against unauthorized access, loss, destruction or alteration. Such safeguards are selected based on the level of sensitivity of the information we collect, process, and store and the current state of technology. Some of the safeguards we employ are firewalls, data encryption, and information access controls.
To help us protect personal data, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts.
How Long We Keep Personal Data
We retain personal data for as long as we reasonably require it for legal or business purposes, taking into consideration local laws, contractual obligations, and the expectations and requirements of our customers. When we no longer need personal data, we securely delete or destroy it.
We may create and use De-Identified Data from personal data about you by excluding elements of information that identify you from such data. We use this De-Identified Data to improve our website and our product offerings and for marketing and analytics purposes by analyzing search, traffic and usage. We may disclose De-Identified Data to third-party companies in our sole discretion. “De-Identified Data” means data that has been rendered anonymous in such a way that you are not or are no longer identifiable based on that data.
Your Right to Access and Control Personal Data
Upon request, Couchbase will provide you with information about whether we hold any personal data about you. You may access, correct, or request deletion of such personal data by logging into your account or contacting us at firstname.lastname@example.org. We will respond to your request within a reasonable timeframe, and no later than within one month of receipt of such request.
Where we may process data on behalf of another party that is the “data controller,” (such as a Couchbase customer), we may not have any ability to know to whom it relates, thus, you should direct any request to access, correct, amend, or delete such data to that party. You also have the right to lodge a complaint with the relevant supervisory authority, but we encourage you to first contact us with any questions or concerns.
In certain circumstances, we may be required by law to retain personal data or may need to retain personal data in order to continue providing a service.
Couchbase currently does not respond to Do Not Track (DNT) signals from browser or mobile application settings due to lack of standardization regarding how such signals should be interpreted. Couchbase will continue to monitor industry activity in this area and reassess our DNT practices as necessary.
How to Contact Us
Attn: Legal Department
3250 Olcott St.
Santa Clara, CA 95054
Last updated: May 2022