Privacy & Security

Customers & Website Visitors

To comply with the Children’s Online Privacy Protection Act (COPPA), Confection is only available to users who are at least 13 years old. If you are under 13, please do not use Confection.

When you visit our website and sign up for an account, we’ll ask for your name, email address, credit card information, and other details to improve your experience and enable us to fulfil our relationship with you For information on the ways we secure this information, please see the “Security” section below.

We may collect information about anyone who accesses the Confection site, whether they become a registered user or not. Example data-points include how often and for how long you are on the site, your search history, and other information related to your use of our service. We use this information internally to improve our service, but we will never publish personally-identifying data without written permission. We never sell information — PII or non-PII — to third parties (eg., data brokers). We don’t share or sell the data we collect on behalf of customers. We store data for customers for twenty-four hours. During this time period, customer data is siloed from all other customer accounts. We only share limited, non-PII CRM data with third-party licensors with whom we have active NDAs and/or confidentiality agreements. Examples of this kind of information would include company name, company URL, and deal status (open, won, &c).

At the moment, Confection uses first-party cookies to improve the quality of our services. A cookie is a small data file that we send to your computer when you first visit a website. Cookies usually include an identification number that is unique to the computer you are using. Such identifiers can help us better understand our users and how they are using our website and our service. Cookies can also improve the quality of the service (eg., recognizing a user when s/he visits the site, displaying the site according to the user’s chosen language settings, and maintaining security). If you’d prefer not to allow cookies, you can adjust your browser settings so that your browser refuses all cookies and/or or notifies you when a cookie is being sent by any site, including confection.io

While we never sell data to third parties, Confection does link to third-party websites and embedded elements from third-party web services such as Google and Facebook. Search queries might be relayed to third-party data feeds to improve the search result.

If you use Confection or follow links to third-party websites, some information about you and your query may be visible to these services. Even if the third-party website or service is affiliated with us, we have no control over their content, services, or data feeds, each of which relies on separate policies and data collection practices independent of Confection. As such, we are not responsible for, nor do we have any control over, the content or the privacy policies of those third-party websites or services. We encourage all users to read the privacy policies of each and every website linked to from or embedded in Confection. This privacy statement applies solely to information collected by Confection.

We reserve the right to disclose information to third parties if we believe we are required to do so by law or have a good-faith belief that such access or disclosure is reasonably necessary to:

• satisfy any applicable law, regulation, legal process, or official governmental request;
• enforce our terms of use, including the investigation of potential violations thereof;
• detect, prevent, or otherwise address fraud, security, or technical issues;
• respond to user support requests;
• protect the rights, property, or safety of Confection, its users, and the public.

We may store and process the user information we collect in the United States or any other country in which Confection or its agents maintain facilities. By using Confection, you consent to such transfers. We also reserve the right to transfer information in the event of a transfer of ownership of Confection (acquisition, merger with another company, &c).

Opt-in Badge

Confection offers customers the ability to add an opt-in badge to site visitors. This helps our product and our customers stay compliant with major data privacy laws like CCPA, GDPR, and LGPD. Customers who don’t want this badge to appear have the option of setting a custom opt-in condition or action (eg., a form submission or button click) or, if they disable Confection’s banner, an entirely separate compliance management solution.

If our customer uses Confection’s native compliance feature, and a user doesn’t opt in to tracking, Confection just collects non-personally identifying information (NPII) from that user.

Data Handling

Confection’s scripts run locally, on the server level, and are substantially less invasive and risky than many existing marketing data integrations, pixels, scripts, cookies, &c. For example, when third-party scripts fail, they can negatively impact site performance, and customers and everyday users often don’t know where or with whom collected data will be shared. Confection’s scripts would only fail if the server couldn’t execute them, which would indicate a larger, unrelated server-level issue. And any data we collect only enters our siloed, closed-loop system and (if they wish) our customers’ existing endpoints (databases, CRMs, ad networks, &c).

Tactically, Confection offers its customers two choices. In both cases, we are a data processor and, for twenty-four hours, a joint controller.

• 24-Hour Expiration: By default, Confection stores all customer account data (personally identifying or otherwise) for twenty-four hours. At that point, it’s entirely purged from our caching system.
• Complete Zero/First-Party Data: We send all data to an endpoint the customer defines and store no data (personally identifying or otherwise) inside Confection beyond 24 hours.

To understand the way our system architecture preserves zero-/first-party relationships, it’s helpful to use a power-grid metaphor:

1. The customer site is the primary power station (generator).
2. Confection’s script is the “transmission line” that takes data from the site to the “substation” (our application infrastructure).
3. The API is the “cable” that takes data from the substation to the customer’s “home” application.

Defining “zero” and “first party” data is as much philosophy as it is denotation. When we don’t store any PII, it’s easy to make the claim that, like an ISP, we’re transmitting information between a consumer (John Doe) and our customer (ABC Corp). Even when we store it, though, the PII we have on hand is siloed and lives in a closed loop.

That is, our customer accounts don’t share PII between them. ABC Corp. and XYZ Ltd. have no visibility into the other’s account. And we don’t send data out to third parties. When John Doe submits data through Confection, it goes to one zero/first party: our customer. Confection just acts as the transmission agent and/or the temporary repository.

Only our customer — ABC Corp. or XYZ Ltd, the first-party from John Doe’s POV — has access to his PII, which he knowingly submitted.

Whether a customer selects our “24-Hour Expiration” (default) or “Complete Zero/First-Party Data” data handling option, our system proceeds as follows:

1. As soon as the customer installs Confection, we begin collecting and storing data on that company’s behalf. For twenty-four hours, we temporarily act as a joint controller of that information.
2. If a customer defines a preferred endpoint (database, CRM, &c.), Confection transfers the data it has collected to that endpoint. Here, we act as a data processor. We make three attempts within twenty-four hours to do make this transfer. Whether the transmission is ultimately successful or unsuccessful, we purge the data from our system after twenty-four hours.

LGPD focuses on three unique types of data:

• Non-Personally Identifying Information (NPII): any anonymous data or data related with companies (for example, your [email protected])
• Personally Identifying Information (PII): any data related to a person (eg., name, address, IP and cookies)
• Personally Sensitive Information (PSI): personal data that could be used for discrimination by race, religion, politics, health issues, sexual orientation, &c.

Confection has four key features:

• Cable & Substation: Confection’s core component. Collect input and event data in a way browsers cannot block, without cookies, third-party scripts, or persistent IDs. Confection captures data with the cable and transmits it to the substation where our predictive algorithms and machine learning unify different UUIDs into single, usable contact records.
• Input: Automatically replace broken forms. Capture data in real time from any local or third-party form. This feature relies on the cable to transmit data and the substation to make it useful.
• Transmission API: Structured first-party user data. Customers can use it anywhere: in a CRM, in marketing workflows, in apps, in ads, &c.
• Metrics: A reliable way to track events and user metrics. This product replaces data services, which will fail (or work less well) in privacy-first environments.

Below, we outline the ways each feature manages data in a LGPD compliant way.

Cable & Substation

Before Confection begins transmitting a user’s data, that user must opt in. A user can do this in one of two ways:

• by submitting a form on a site where Confection is installed
• by clicking the “Opt In” tab that appears on any site where Confection is installed

Either of these actions sends a “terms_approved” variable to Confection. Once received, user data will begin flowing to Confection. Specifically, Confection follows the following workflow:

1. Initially, Confection (a) stores user data locally in a soft cache with a non-personally identifying UUID and (b) with one of the following tags: NPII, PII or PSI.
2. Every few minutes, Confection puts the data into batches. If “terms_approved” has been sent, all data goes to Confection. If “terms_approved” has not been sent, only NPII data goes to Confection.
3. Confection then clears all data from the cache.

We’ve optimized this system so that we always know what data is sensitive before sending it elsewhere. Moreover, by the time data arrives on the Confection server, it’s safe to assume it’s LGPD compliant.

Input

Confection’s input capture feature follows the same basic rules and protocols as the Cable.

Transmission API

At the moment, any user can email us at [email protected] and request a list of (and the removal of) his/her PII. Longer term, we’ll allow users to do this on their own via browser.

If an element of PII isn’t used by Confection or a customer for one month, it’s automatically removed from the system.

Confection encrypts all PII and PSI. If there is a leak, we notify all affected users, customers, and government authorities within 48 hours.

Confection Metrics

Confection’s tracking and metrics feature follows the same basic rules and protocols as the Cable.

Security

Confection takes security very seriously. Our application uses a progressive, security-oriented stack that helps protect user information and other sensitive data. Here are a few highlights:

• We use a crowdsourced, always-on, bounty-oriented pen testing and vulnerability disclosure program.
• We store all data and host all application elements on Heroku.
• We use Salesforce and HubSpot to store and leverage sales and marketing data.
• We use Auth0 instead of traditional user accounts.
• We use Stripe to process payments.

At a high level, this means we incentivize developers around the world to discover vulnerabilities for us, use no local passwords or credit card numbers, and store all data on a world-class cloud PaaS with engineered security controls at every layer. It also means we rely on world-class PaaS and CRM vendors to secure our data. We’ve intentionally offloaded physical and digital security to these vendors because they have far more resources than we do and can do a far better job than we can. In addition to these relationships, we maintain a cyber liability insurance policy that covers us against a variety of network security and privacy injury liabilities.

We also place strict controls on our team’s access to application data. We’re committed to ensuring that sensitive data is not seen by anyone who should not have access to it. Routine operations require that some teammates have access to systems that store and process sensitive data (eg., to fix a bug). These individuals are prohibited from using these permissions to view sensitive data unless it is necessary to do so. Our technical controls and audit policies log any access to sensitive data.

We conduct background checks on all teammates before employment or contracting begins, and our team receives privacy and security training during onboarding as well as on an ongoing basis. All employees are required to read and sign our comprehensive information security policy covering the security, availability, and confidentiality of the Confection service.

We support the latest recommended secure cipher suites and protocols to encrypt all traffic in transit. Sensitive data is also encrypted at rest. We monitor the changing cryptographic landscape closely and work promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve. For encryption in transit, we do this while also balancing the need for compatibility for older clients.

We store data in redundant ways at multiple locations: in our stack partners’ data centers and elsewhere. In the event of a breach or a system malfunction, we have well-tested backup and restoration procedures, which allow recovery from a major disaster. All data is automatically and continuously backed up. Our team is alerted if this system ever fails. We review and fully test backups at least every 90 days to confirm that our processes and tools work as expected.

Contact

For all privacy-, user-, compliance-, and security-related questions, or to request a copy of Confection’s emergency response plan, please contact us using this information:

Confection, Inc.
attn: DPO
PO Box 2859
Fremont, CA 94536
United States of America
[email protected]