Privacy & Security

This policy outlines the types of information we collect and how we use and protect that information. We may update this notice with or without notice. Please review regularly.

Looking for our compliance documentation? Click here.

Updated May 16, 2023

Customers & Website Visitors

To comply with the Children’s Online Privacy Protection Act (COPPA), Confection is only available to users who are at least 13 years old. If you are under 13, please do not use Confection.

When you visit our website and sign up for an account, we’ll ask for your name, email address, credit card information, and other details to improve your experience and enable us to fulfil our relationship with you For information on the ways we secure this information, please see the “Security” section below.

We may collect information about anyone who accesses the Confection site, whether they become a registered user or not. Example data-points include how often and for how long you are on the site, your search history, and other information related to your use of our service. We use this information internally to improve our service, but we will never publish personally-identifying data without written permission.

As a rule, we never sell the data we collect for ourselves or our customers — PII or non-PII — to third parties (eg., data brokers).

We also don’t share the data we collect except in certain limited circumstances. If we’re interested in testing new features, product enhancements, marketing stack improvements, &c., we may share limited amounts of NDA-protected data with third party partners. If we activate a long-term partnership of this nature, we will explicitly disclose it in our compliance documentation.

We store the data we collect for customers for twenty-four hours. During this time period, customer data is siloed from all other customer accounts. Routinely, we only share limited, non-PII CRM data with third-party licensors with whom we have active NDAs and/or confidentiality agreements. Examples of this kind of information would include company name, company URL, and deal status (open, won, &c).

At the moment, Confection uses first-party cookies to improve the quality of our services. A cookie is a small data file that we send to your computer when you first visit a website. Cookies usually include an identification number that is unique to the computer you are using. Such identifiers can help us better understand our users and how they are using our website and our service. Cookies can also improve the quality of the service (eg., recognizing a user when s/he visits the site, displaying the site according to the user’s chosen language settings, and maintaining security). If you’d prefer not to allow cookies, you can adjust your browser settings so that your browser refuses all cookies and/or or notifies you when a cookie is being sent by any site, including

While we never sell data to third parties, Confection does link to third-party websites and embedded elements from third-party web services such as Google and Facebook. Search queries might be relayed to third-party data feeds to improve the search result.

If you use Confection or follow links to third-party websites, some information about you and your query may be visible to these services. Even if the third-party website or service is affiliated with us, we have no control over their content, services, or data feeds, each of which relies on separate policies and data collection practices independent of Confection. As such, we are not responsible for, nor do we have any control over, the content or the privacy policies of those third-party websites or services. We encourage all users to read the privacy policies of each and every website linked to from or embedded in Confection. This privacy statement applies solely to information collected by Confection.

We reserve the right to disclose information to third parties if we believe we are required to do so by law or have a good-faith belief that such access or disclosure is reasonably necessary to:

  • satisfy any applicable law, regulation, legal process, or official governmental request;
  • enforce our terms of use, including the investigation of potential violations thereof;
  • detect, prevent, or otherwise address fraud, security, or technical issues;
  • respond to user support requests;
  • protect the rights, property, or safety of Confection, its users, and the public.

We may store and process the user information we collect in the United States or any other country in which Confection or its agents maintain facilities. By using Confection, you consent to such transfers. We also reserve the right to transfer information in the event of a transfer of ownership of Confection (acquisition, merger with another company, &c).

Opt-in Badge

Confection offers customers the ability to add an opt-in badge to site visitors. This helps our product and our customers stay compliant with major data privacy laws like CCPA, GDPR, and LGPD. Customers who don’t want this badge to appear have the option of setting a custom opt-in condition or action (eg., a form submission or button click) or, if they disable Confection’s banner, an entirely separate compliance management solution.

If our customer uses Confection’s native compliance feature, and a user doesn’t opt in to tracking, Confection just collects non-personally identifying information (NPII) from that user.

Data Handling

Confection’s scripts run locally, on the server level, and are substantially less invasive and risky than many existing marketing data integrations, pixels, scripts, cookies, &c. For example, when third-party scripts fail, they can negatively impact site performance, and customers and everyday users often don’t know where or with whom collected data will be shared. Confection’s scripts would only fail if the server couldn’t execute them, which would indicate a larger, unrelated server-level issue. And any data we collect only enters our siloed, closed-loop system and (if they wish) our customers’ existing endpoints (databases, CRMs, ad networks, &c).

Tactically, Confection offers its customers two choices. In both cases, we are a data processor and, for twenty-four hours, a joint controller.

  • 24-Hour Expiration: By default, Confection stores all customer account data (personally identifying or otherwise) for twenty-four hours. At that point, it’s entirely purged from our caching system.
  • Complete Zero/First-Party Data: We send all data to an endpoint the customer defines and store no data (personally identifying or otherwise) inside Confection beyond 24 hours.

To understand the way our system architecture preserves zero-/first-party relationships, it’s helpful to use a power-grid metaphor:

  1. The customer site is the primary power station (generator).
  2. Confection’s script is the “transmission line” that takes data from the site to the “substation” (our application infrastructure).
  3. The API is the “cable” that takes data from the substation to the customer’s “home” application.

Defining “zero” and “first party” data is as much philosophy as it is denotation. When we don’t store any PII, it’s easy to make the claim that, like an ISP, we’re transmitting information between a consumer (John Doe) and our customer (ABC Corp). Even when we store it, though, the PII we have on hand is siloed and lives in a closed loop.

That is, our customer accounts don’t share PII between them. ABC Corp. and XYZ Ltd. have no visibility into the other’s account. And we don’t send data out to third parties. When John Doe submits data through Confection, it goes to one zero/first party: our customer. Confection just acts as the transmission agent and/or the temporary repository.

Only our customer — ABC Corp. or XYZ Ltd, the first-party from John Doe’s POV — has access to his PII, which he knowingly submitted.

Whether a customer selects our “24-Hour Expiration” (default) or “Complete Zero/First-Party Data” data handling option, our system proceeds as follows:

  1. As soon as the customer installs Confection, we begin collecting and storing data on that company’s behalf. For twenty-four hours, we temporarily act as a joint controller of that information.
  2. If a customer defines a preferred endpoint (database, CRM, &c.), Confection transfers the data it has collected to that endpoint. Here, we act as a data processor. We make three attempts within twenty-four hours to do make this transfer. Whether the transmission is ultimately successful or unsuccessful, we purge the data from our system after twenty-four hours.

CCPA/CPRA Compliance

Anyone can opt out of Confection.

Send an email to [email protected]

We respect the right to be forgotten.

We store customer-generated data for twenty-four hours. After that, it’s purged forever.

Internally, we store account and CRM-style data (contact information, contract information, emails, call records, &c) indefinitely. Primarily, we do this for auditing purposes. When someone opts out, how else could we document that we respected this request, ensure we aren’t violating it, and demonstrate we aren’t using someone’s information in a way they’ve asked us not to?

"What kinds of info do you collect?"

Send an email to [email protected]

No third-party information sharing without protection and disclosure.

We never sell the data we collect for ourselves or our customers. When we store data for customers, we silo it from other customer accounts and purge it after twenty-four hours. When we share data with third parties, it’s limited in scope, NDA protected, and explicitly disclosed.

"What information do you have on me?"

Send an email to [email protected]

We don't discriminate.

Confection doesn’t discriminate against anyone who exercises his/her CCPA rights.

We have a documented incident response plan.

If there’s a data breach, we’ll fix it and let you know what’s happening within 48 hours.

We don't collect certain kinds of sensitive data.

We never knowingly collect the following kinds of personal information and sensitive data: government identifiers (such as Social Security Numbers); non-Confection account passwords, logins, and security codes; and, unless it’s necessary to process a customer transaction, credit card information. In fact, we have application-level technological restrictions in place to prevent collecting this type of information.

We don't use data in cross-context behavioral ads.

While our customers may use the data we collect on their behalf to manage cross-context behavioral ads, Confection doesn’t directly use the data it collects in this way. As such, we have no way to enforce do-not-sell requests.

We collect IP-based geolocation user data.

We collect IP-based geolocation user data if a customer enables the CCPA compliance option. This is true whether or not the customer’s site asks for this information, the user opts into Confection tracking, or willingly enters it (into a form, for example).

We collect some kinds of PII only under certain conditions.

We collect the following kinds of personal information and sensitive data: email addresses, names, racial or ethnic origin, religious or philosophical beliefs, union membership; contents of mail, email and text messages; genetic data, and certain sexual orientation, health and biometric information only under the following conditions: (a) a customer enables the CCPA compliance option, (b) that customer’s site asks for this personal information and sensitive data, (c) the user opts into Confection tracking, and (d) willingly enters it (into a form, for example).

Users can limit/minimize the collection and use of sensitive personal information.

When a customer enables the CCPA compliance option, users can limit/minimize the collection and use of sensitive personal information via the Confection banner that appears at the bottom of the screen. For more detailed requests, to correct inaccurate information, or find out which personal information Confection collected for twelve months on or after Jan. 1, 2022, send an email to [email protected]

We build aggregate, non-PII data sets.

We reserve the right to use the data we collect to build aggregate, non-personally-identifying analytics reports, KPIs, and other datasets.

GDPR Compliance

We know what we have.

We have a list of all types of personal information we hold, the source of that information, who we share it with, what we do with it, and how long we keep it.

We know where it is.

We have a list of places where we keep personal information and the way data flows between them.

We have a personal data privacy policy.

It’s publicly-accessible. You’re reading it right now.

We have an appointed Data Protection Officer (DPO).

You’ll find contact information at the bottom of this page.

We're aware of GDPR.

Our team is aware of GDPR requirements.

We're up to date.

Our technical stack and its security protocols are up to date.

We're trained.

Our staff is trained in data protection best practices.

We're thorough.

We have a list of sub-processes, and we mention them in our privacy policy.

We keep you posted.

We report all data breaches to our local authorities and to everyone in our database. The latter will include steps individuals can take to mitigate personal fallout.

"What information do you have on me?"

Send an email to [email protected]

You're in control.

Users can manage all their own personal information.

We auto delete most information and respect the right to be forgotten.

We store customer-generated data for twenty-four hours. After that, it’s purged forever.

Internally, we store account and CRM-style data (contact information, contract information, emails, call records, &c) indefinitely. Primarily, we do this for auditing purposes. When someone opts out, how else could we document that we respected this request, ensure we aren’t violating it, and demonstrate we aren’t using someone’s information in a way they’ve asked us not to?

Anyone can opt out of Confection.

Send an email to [email protected]

We're secure.

We store and process the information we collect in the United States and other countries in which our stack partners maintain facilities. To our knowledge, all countries involved offer appropriate levels of data protection.

We have an EU representative.

Pursuant to Article 27 of the GDPR, Rickert Rechtsanwaltsgesellschaft mbH has been designated as Confection’s European Union representative for data protection matters. To make an inquiry on matters related to the processing of personal data, please contact the representative using the following information:

Rickert Rechtsanwaltsgesellschaft mbH
Colmantstraße 15
53225 Bonn
[email protected]

LGPD Compliance

Brazil's LGPD is similar to the EU's GDPR. However, here are the ways we handle its unique requirements when a user selects Confection's native LGPD compliance option.

No full IP addresses.

We either truncate or avoid storing Brazilian IP addresses.

No data without user consent.

Unless a user opts in to Confection, we don’t collect or store the personally identifying information of Brazilians.

LGPD focuses on three unique types of data:

  • Non-Personally Identifying Information (NPII): any anonymous data or data related with companies (for example, your [email protected])
  • Personally Identifying Information (PII): any data related to a person (eg., name, address, IP and cookies)
  • Personally Sensitive Information (PSI): personal data that could be used for discrimination by race, religion, politics, health issues, sexual orientation, &c.

Confection has four key features:

  • Cable & Substation: Confection’s core component. Collect input and event data in a way browsers cannot block, without cookies, third-party scripts, or persistent IDs. Confection captures data with the cable and transmits it to the substation where our predictive algorithms and machine learning unify different UUIDs into single, usable contact records.
  • Input: Automatically replace broken forms. Capture data in real time from any local or third-party form. This feature relies on the cable to transmit data and the substation to make it useful.
  • Transmission API: Structured first-party user data. Customers can use it anywhere: in a CRM, in marketing workflows, in apps, in ads, &c.
  • Metrics: A reliable way to track events and user metrics. This product replaces data services, which will fail (or work less well) in privacy-first environments.

Below, we outline the ways each feature manages data in a LGPD compliant way.

Cable & Substation

Before Confection begins transmitting a user’s data, that user must opt in. A user can do this in one of two ways:

  • by submitting a form on a site where Confection is installed
  • by clicking the “Opt In” tab that appears on any site where Confection is installed

Either of these actions sends a “terms_approved” variable to Confection. Once received, user data will begin flowing to Confection. Specifically, Confection follows the following workflow:

  1. Initially, Confection (a) stores user data locally in a soft cache with a non-personally identifying UUID and (b) with one of the following tags: NPII, PII or PSI.
  2. Every few minutes, Confection puts the data into batches. If “terms_approved” has been sent, all data goes to Confection. If “terms_approved” has not been sent, only NPII data goes to Confection.
  3. Confection then clears all data from the cache.

We’ve optimized this system so that we always know what data is sensitive before sending it elsewhere. Moreover, by the time data arrives on the Confection server, it’s safe to assume it’s LGPD compliant.


Confection’s input capture feature follows the same basic rules and protocols as the Cable.

Transmission API

At the moment, any user can email us at [email protected] and request a list of (and the removal of) his/her PII. Longer term, we’ll allow users to do this on their own via browser.

If an element of PII isn’t used by Confection or a customer for one month, it’s automatically removed from the system.

Confection encrypts all PII and PSI. If there is a leak, we notify all affected users, customers, and government authorities within 48 hours.

Confection Metrics

Confection’s tracking and metrics feature follows the same basic rules and protocols as the Cable.


Confection takes security very seriously. Our application uses a progressive, security-oriented stack that helps protect user information and other sensitive data. Here are a few highlights:

  • We use a crowdsourced, always-on, bounty-oriented pen testing and vulnerability disclosure program.
  • We store all data and host all application elements on Heroku.
  • We use Salesforce and HubSpot to store and leverage sales and marketing data.
  • We use Auth0 instead of traditional user accounts.
  • We use Stripe to process payments.

At a high level, this means we incentivize developers around the world to discover vulnerabilities for us, use no local passwords or credit card numbers, and store all data on a world-class cloud PaaS with engineered security controls at every layer. It also means we rely on world-class PaaS and CRM vendors to secure our data. We’ve intentionally offloaded physical and digital security to these vendors because they have far more resources than we do and can do a far better job than we can. In addition to these relationships, we maintain a cyber liability insurance policy that covers us against a variety of network security and privacy injury liabilities.

We also place strict controls on our team’s access to application data. We’re committed to ensuring that sensitive data is not seen by anyone who should not have access to it. Routine operations require that some teammates have access to systems that store and process sensitive data (eg., to fix a bug). These individuals are prohibited from using these permissions to view sensitive data unless it is necessary to do so. Our technical controls and audit policies log any access to sensitive data.

We conduct background checks on all teammates before employment or contracting begins, and our team receives privacy and security training during onboarding as well as on an ongoing basis. All employees are required to read and sign our comprehensive information security policy covering the security, availability, and confidentiality of the Confection service.

We support the latest recommended secure cipher suites and protocols to encrypt all traffic in transit. Sensitive data is also encrypted at rest. We monitor the changing cryptographic landscape closely and work promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve. For encryption in transit, we do this while also balancing the need for compatibility for older clients.

We store data in redundant ways at multiple locations: in our stack partners’ data centers and elsewhere. In the event of a breach or a system malfunction, we have well-tested backup and restoration procedures, which allow recovery from a major disaster. All data is automatically and continuously backed up. Our team is alerted if this system ever fails. We review and fully test backups at least every 90 days to confirm that our processes and tools work as expected.


For all privacy-, user-, compliance-, and security-related questions, or to request a copy of Confection’s emergency response plan, please contact us using this information:

Confection, Inc.
attn: DPO
PO Box 2859
Fremont, CA 94536
United States of America
[email protected]

Get Started. Risk Free.

  • Hidden