This policy outlines the types of information we collect and how we use and protect that information. We may update this notice with or without notice. Please review regularly.
Updated December 4, 2020
To comply with the Children’s Online Privacy Protection Act (COPPA), Confection is only available to users who are at least 13 years old. If you are under 13, please do not use Confection.
When you visit our website and sign up for an account, we’ll ask for your name, email address, credit card information, and other details to improve your experience and enable us to fulfil our relationship with you For information on the ways we secure this information, please see the “Security” section below.
We may collect information about anyone who accesses the Confection site, whether they become a registered user or not. Example data-points include how often and for how long you are on the site, your search history, and other information related to your use of our service. We use this information internally to improve our service, but we will never publish this data or share it with (or sell it to) a third party.
While we never sell data to third parties, or share or sell data we collect on behalf of customers, Confection does link to third-party websites and embedded elements from third-party web services such as Google and Facebook. Search queries might be relayed to third-party data feeds to improve the search result.
If you use Confection or follow links to third-party websites, some information about you and your query may be visible to these services. Even if the third-party website or service is affiliated with us, we have no control over their content, services, or data feeds, each of which relies on separate policies and data collection practices independent of Confection. As such, we are not responsible for, nor do we have any control over, the content or the privacy policies of those third-party websites or services. We encourage all users to read the privacy policies of each and every website linked to from or embedded in Confection. This privacy statement applies solely to information collected by Confection.
We reserve the right to disclose information to third parties if we believe we are required to do so by law or have a good-faith belief that such access or disclosure is reasonably necessary to:
We may store and process the user information we collect in the United States or any other country in which Confection or its agents maintain facilities. By using Confection, you consent to such transfers. We also reserve the right to transfer information in the event of a transfer of ownership of Confection (acquisition, merger with another company, &c).
Confection’s opt-in badge appears on any site where Confection is installed. It helps our product and our customers stay compliant with major data privacy laws like CCPA, GDPR, and LGPD. Customers who don’t want this badge to appear have the option of setting a custom opt-in condition or action (eg., a form submission or button click).
If a user doesn’t opt in to tracking using one of these methods, Confection just collects non-personally identifying information (NPII) from that user.
Confection offers its customers two choices:
To understand the way our system architecture preserves zero-/first-party relationships, it’s helpful to use a power-grid metaphor:
Defining “zero” and “first party” data is as much philosophy as it is denotation. When we don’t store any PII, it’s easy to make the claim that, like an ISP, we’re transmitting information between a consumer (John Doe) and our customer (ABC Corp). Even when we store it, though, the PII we have on hand is siloed and lives in a closed loop.
That is, our customer accounts don’t share PII between them. ABC Corp. and XYZ Ltd. have no visibility into the other’s account. And we don’t send data out to third parties. When John Doe submits data through Confection, it goes to one zero/first party: our customer. Confection just acts as the transmission agent and/or the repository.
Only our customer — ABC Corp. or XYZ Ltd, the first-party from John Doe’s POV — has access to his PII, which he knowingly submitted.
If a customer selects the “Complete Zero/First-Party Data” option, our system proceeds as follows:
LGPD focuses on three unique types of data:
Confection has four key features:
Below, we outline the ways each feature manages data in a LGPD compliant way.
Before Confection begins transmitting a user’s data, that user must opt in. A user can do this in one of two ways:
Either of these actions sends a “terms_approved” variable to Confection. Once received, user data will begin flowing to Confection. Specifically, Confection follows the following workflow:
We’ve optimized this system so that we always know what data is sensitive before sending it elsewhere. Moreover, by the time data arrives on the Confection server, it’s safe to assume it’s LGPD compliant.
Confection’s input capture feature follows the same basic rules and protocols as the Cable.
At the moment, any user can email us at [email protected] and request a list of (and the removal of) his/her PII. Longer term, we’ll allow users to do this on their own via browser.
If an element of PII isn’t used by Confection or a customer for one month, it’s automatically removed from the system.
Confection encrypts all PII and PSI. If there is a leak, we notify all affected users, customers, and government authorities within 48 hours.
Confection’s tracking and metrics feature follows the same basic rules and protocols as the Cable.
Confection takes security very seriously. Our application uses a progressive, security-oriented stack that helps protect user information and other sensitive data. Here are a few highlights:
At a high level, this means we incentivize developers around the world to discover vulnerabilities for us, use no local passwords or credit card numbers, and store all data on a world-class cloud PaaS with engineered security controls at every layer. It also means we rely on world-class PaaS and CRM vendors to secure our data. We’ve intentionally offloaded physical and digital security to these vendors because they have far more resources than we do and can do a far better job than we can. In addition to these relationships, we maintain a cyber liability insurance policy that covers us against a variety of network security and privacy injury liabilities.
We also place strict controls on our team’s access to application data. We’re committed to ensuring that sensitive data is not seen by anyone who should not have access to it. Routine operations require that some teammates have access to systems that store and process sensitive data (eg., to fix a bug). These individuals are prohibited from using these permissions to view sensitive data unless it is necessary to do so. Our technical controls and audit policies log any access to sensitive data.
We conduct background checks on all teammates before employment or contracting begins, and our team receives privacy and security training during onboarding as well as on an ongoing basis. All employees are required to read and sign our comprehensive information security policy covering the security, availability, and confidentiality of the Confection service.
We support the latest recommended secure cipher suites and protocols to encrypt all traffic in transit. Sensitive data is also encrypted at rest. We monitor the changing cryptographic landscape closely and work promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve. For encryption in transit, we do this while also balancing the need for compatibility for older clients.
We store data in redundant ways at multiple locations: in our stack partners’ data centers and elsewhere. In the event of a breach or a system malfunction, we have well-tested backup and restoration procedures, which allow recovery from a major disaster. All data is automatically and continuously backed up. Our team is alerted if this system ever fails. We review and fully test backups at least every 90 days to confirm that our processes and tools work as expected.
For all privacy-, user-, compliance-, and security-related questions, or to request a copy of Confection’s emergency response plan, please contact us using this information:
PO Box 2859
Fremont, CA 94536
United States of America