Privacy Policy

Effective date: January 30, 2017

Gigya, Inc. (“Gigya”) values the privacy of visitors to our website and individuals whose personal information we receive through the use of our Customer Identity Management Platform and related services. This privacy policy explains how we collect personal information on our website, and how we use and disclose that personal information. This privacy policy also describes our collection and use of personal information on behalf of our customers (“Clients”) who subscribe to our Customer Identity Management Platform and related services.

By providing your personal information to our website, you consent to the information handling practices described in this privacy policy. We encourage you to read the section titled “Your Choices” below to understand the choices you have with regard to your personal information.

This Privacy Policy also applies to personal information that we collect by other means, which we combine with personal information collected on the IDENTIFIED Website or through our Services.

This Privacy Policy is incorporated into and is subject to the Gigya Terms of Service. Any capitalized terms not defined herein have the meaning set forth in the Gigya Terms of Service.

Quick Reference

  1. Websites Covered
  2. Information We Collect
  3. Use of Collected Information
  4. Disclosure of Collected Information
  5. Your Choices
  6. Communications and Unsolicited Marketing Communications
  7. Client Data
  8. International Users
  9. EU and the Data Privacy Shield Framework
  10. U.S. – Swiss Safe Harbor Framework
  11. Security
  12. Children
  13. Analytics
  14. Third Party Ad Networks
  15. Updates to this Privacy Policy
  16. Contact Us

1. Websites Covered

This privacy policy covers the information practices of websites that link to this privacy policy, including, but not limited to, Gigya’s websites may contain links to websites operated by third parties. Gigya is not responsible for the privacy practices or the content of such other websites. We encourage you to learn about such third parties’ privacy and security policies before providing them with personal information.

2. Information We Collect

We collect the following data about users: (1) information that you voluntarily submit to us (“User- Supplied Information”); (2) technical data automatically collected from all visitors to the IDENTIFIED Website (described below under “Passive Data Collection”); (3) information we collect through our Services; and (4) information we collect from third party sources.

User-Supplied Information. We may collect user-supplied information when you choose to provide us with your Personal information via the IDENTIFIED Website, including when you send us an email asking a question, register to attend seminars, submit a form to receive marketing materials or email newsletters.

Passive Data Collection. Like most web-based services, we automatically receive and record information on our server logs from your browser when you use the IDENTIFIED Website and Services. We may use a variety of methods, including clear GIFs (also known as “web beacons”) and “cookies”, to collect this information. We use both session and persistent cookies. The information that we may collect with these automated methods may include, for example, your IP address, cookie information, a unique device or user ID, browser type, system type, the content and pages that you access on the IDENTIFIED Website or Services, the frequency and duration of your visits to the IDENTIFIED Website or Services, and the “referring URL” (i.e., the page from which you navigated to the IDENTIFIED Website). We may also use cookies on the IDENTIFIED Website and Services to store session validators on your hard drive. If we directly combine any information gathered through passive means with Personal information, we treat the combined information as Personal information under this Privacy Policy. Otherwise, we use information collected by passive means in aggregated forms.

For additional information about the technologies that we use and how they operate, please see our Cookie Policy.

Information Received From Third Party Sources. We may also obtain information, including Personal information, from third party sources. This may include aggregated anonymous information or certain Personal information that may be provided to us, including, but not limited to, through third party surveys conducted on our behalf, companies that publish and disseminate press releases on our behalf, social networks providing information about our fans and followers on their platform, and analytics from companies that perform email marketing on our behalf. If we receive personal information from third parties we will handle it in accordance with this Privacy Policy. If we directly combine information from other third parties with personal information that we collect on the IDENTIFIED Websites or Services, we will treat the combined information as personal information and handle it in accordance with this Privacy Policy. Additionally, we may use any aggregated anonymous information received by third parties as set forth below under the heading “Aggregate Information and Non-Identifying Information”.

3. Use of Collected Information

We use personal information to establish and enhance our relationship with you. We may use personal information to operate, provide, improve, and maintain the IDENTIFIED Website and Services, and to develop new products and Services; to prevent abusive and fraudulent use of the IDENTIFIED Website and Services; to personalize and display content on the IDENTIFIED Website; where permitted by applicable law, to send you information, including via email, about our products and Services in which we believe you may be interested; to respond to your inquiries and for other customer service purposes; and for other administrative and internal business purposes.

We may use your e-mail address provided through the IDENTIFIED Website as set forth in the “Communications and Unsolicited Marketing Communications” section. On the IDENTIFIED Website, we may use passively collected data to: (a) remember your information so that you will not have to re-enter it during your visit or the next time you visit the IDENTIFIED Website; (b) monitor your participation in various sections of the IDENTIFIED Website; (c) customize our Service to you, including by providing you with recommendations; (c) monitor aggregate website usage metrics such as total number of visitors and pages viewed; and (d) administer, operate, and improve the IDENTIFIED Website and our other Services and systems, and to provide Services and content that are tailored to you.

4. Disclosure of Collected Information

We do not sell or rent email addresses and other personal information that we collect directly through the IDENTIFIED Website. Please be aware, however, that any information that you voluntarily choose to display on any publicly available portion of the IDENTIFIED Website, or on any Service, becomes publicly available and may be collected and used by us or others without restriction. We share your information, including personal information, as follows:

Gigya Service Providers

We may provide personal information to third parties for their use in performing internal business functions (e.g., maintenance, security, data analysis, email transmission, CRM, database management services, email marketing, surveys, or data hosting) on our behalf. We require such third parties to agree to only use your personal information in accordance with this Privacy Policy and for no other purpose than to provide us with necessary services.

Gigya Subsidiaries

We may share some or all of your personal information with our subsidiaries for the purpose of customer support, in which case we will require those subsidiaries to honor this Privacy Policy.

Legal Requirements

We may disclose personal information if we have a good-faith belief that doing so is required by a subpoena or other judicial or administrative order or otherwise required by law. Additionally, we may disclose personal information where we, in good faith, deem it appropriate or necessary to prevent violation of the Gigya Terms of Service, or our other agreements; take precautions against liability; protect the rights, property, or safety of Gigya, any individual, or the general public; maintain and protect the security and integrity of our services or infrastructure; protect ourselves and our services from fraudulent, abusive, or unlawful uses; investigate and defend ourselves against third-party claims or allegations; or assist government enforcement agencies.

Aggregate Information and Non-Identifying Information.

We may share aggregated information with Clients, prospective Clients, partners or the press in order to demonstrate usage of the Service, identify industry and advertising trends, and to generate publicity for the Gigya Services.

5. Your Choices

On the IDENTIFIED Website

You may, as a visitor to our website, choose not to provide us with personal information. You may also, at any time, access your personal information to update, correct, or delete certain personal information about you by contacting us at or at the address set forth below in the “Contact Us” section.

In addition you may decide not to opt–in, either when you first provide Gigya with any personal information, to receive marketing information from Gigya about products and services (including our products and services and those of third parties). See also Section 6, “Communications and Unsolicited Marketing Communications”, for additional information regarding changing your preferences or opting out of receiving marketing information.

Please be aware that even if you update or remove personal information that you have provided to us, your personal information may be retained in our backup files and archives for a reasonable period of time for legal purposes.

6. Communications and Unsolicited Marketing Communications

If you opted in to receive communications from us, including through, we may send you administrative messages and updates regarding your account, updates regarding the IDENTIFIED Website or Services, and, where permitted by applicable law, information regarding our offer, products and services, including, without, limitation, through social media updates, by email and postal mail. If you no longer want to receive commercial email messages, you may indicate your preferences regarding commercial email messages by taking the steps described in such messages. Also, you may indicate your preferences regarding commercial email messages and postal mail messages by contacting us using the information in the “Contact Us” section below.

7. Client Data

We collect, use, and retain certain information at the direction and on behalf of our Clients from individuals (“End Users”) who use the Client website (Client Data). Gigya has no relationship with such End Users whose Client Data we process on behalf of our Clients. We also do not decide how the Clients use such Client Data. Gigya does not access and use the Client Data, except at directed by our Clients or required by law.

Information Collected Directly Through Use of the Services about End Users: We collect two types of data about End Users: (1) information that is passed through the Gigya Services as a result of use of the Services and (2) technical data automatically collected from all visitors to pages of your website that load the Gigya Services. The information that we collect on your behalf depends on the particular Services to which you subscribe and your preferences.

End User Information: We maintain no rights to use any End User Personal Information transmitted to us on your behalf through the Gigya Services or received from the social networks, except to make the Services available to you and/or End User.

We use the information that we collect automatically about the use of our Services to facilitate delivery of the Service and, in some cases, for internal reports. Additionally, some of the information collected is used in the Client Reports. The Client Reports may contain both passively-collected information and End User Personal Information.

If you are a customer of one of our Client’s, and you want to edit or delete any information captured about you on that Client’s website, you should contact the Client directly.

The IDENTIFIED Website is hosted in the United States, and we may use service providers in the United States and elsewhere to process personal information on our behalf. If you use the IDENTIFIED Website outside the U.S., please note that your personal data may be transferred outside of your home jurisdiction to the United States and to other jurisdictions where our affiliates and service providers are located. Some of these jurisdictions, including the United States, do not have equivalent data protection laws as the European Union and other jurisdictions. By using our Website or Services, you are agreeing that your personal data may be transferred to the United States and other jurisdictions, as explained in this Section.

For EU residents, see Section 9, “EU and the Privacy Shield” below, for information regarding (i) Gigya’s participation in the EU-US Privacy Shield Program and (ii) Gigya’s handling of Personal information received from the European Union.

9. EU and the Data Privacy Shield Framework

Gigya complies with the U.S.-E.U. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information obtained from European Union member countries. Gigya has certified that its processing of personal information from E.U. member countries is in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement and Liability (the “Principles”). You may view our certification here Gigya and its subsidiaries are subject to the investigatory and enforcement authority of the Federal Trade Commission.

Information We Process. We collect, in accordance with the Privacy Shield principles, the categories of information described in sections 2 and 7 above. We process personal information about website users for the purposes described in section 3 above. Please note: additional information about Gigya’s participation in the Privacy Shield program, with regard to data collected in a capacity as a processor to our Clients, is available in the client portal.

Accessing Personal information. The Privacy Shield Principles provide individuals located in the E.U. whose personal information we process with the right to access their personal information in order to review, correct, amend or delete information processed under the Principles. E.U. individuals who use our Site and would like to access their personal information may contact Gigya at or at the address set forth in the “Contact Us” section. Additionally, anyone with a registered account on the Gigya Console may, at any time, review, update or correct the Personal information in their registration profile by logging into their account, clicking on dropdown next to their name in the upper right-hand corner, and clicking to the Account section.

E.U. End Users whose personal information we process on behalf of a Gigya Client (as a data processor) should first contact the Gigya Client, who is the controller of your personal information, to access their personal information; Gigya will work with its Clients to provide End Users the necessary access about what personal information is processed.

Transfers to Third Parties. As described in the “Disclosure of Collected Information” section above, we may transfer personal information from the E.U. to third parties. We contractually require third parties to whom we transfer personal information to provide the same level of protections as the Principles. Gigya remains responsible for the personal information we receive and transfer under Privacy Shield.

In accordance with our legal obligations, we may also transfer, subject to a lawful request, personal information to public authorities for law enforcement or national security purposes.

Contacting Us, Complaints and Dispute Resolution. E.U. individuals who have questions or complaints about how we process their personal information may contact us at We will work to resolve your issue and respond no later than 45 days of receipt.

If you are unable to resolve the issue directly with us, you may file, free of charge, a complaint with our independent dispute resolution provider JAMS, located in the United States. For more information about JAMS dispute resolution process or to file a complaint, please visit

E.U. individuals may also submit complaints through their local Data Protection Authority (DPA). We will work with the Department of Commerce to resolve any complaints forwarded by a DPA. Finally, if we are unable to resolve any complaints through any of the above methods, an E.U. individual may invoke binding arbitration in accordance with the Privacy Shield Framework.

10. U.S. – Swiss Safe Harbor Framework

Gigya complies with the U.S. – Swiss Safe Harbor Framework, as set forth the U.S. Department of Commerce regarding the collection, use and retention of personal data from Switzerland, Gigya has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data, integrity, access and enforcement. To view Giga’s certification see:

Please e-mail any comments or questions regarding our Safe Harbor compliance to If you have a complaint regarding the use of your personal information that cannot be resolved with us directly, you may contact the JAMS using the procedures at

11. Security

The security of your information is important to us, including, but not limited to, the personal information collected via the IDENTIFIED Website and Service. We use reasonable security measures to protect against the loss, misuse, and alteration of Personal information under our control, both during the transmission and once we receive it. This includes, but is not limited to, the use of firewalls and encryption. Although we make good faith efforts to maintain the security of such personal information, no method of transmission over the Internet or method of electronic storage, is 100% secure and we cannot guarantee that it will remain free from unauthorized access, use, disclosure, or alteration. Further, while we work hard to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent “hackers” or other unauthorized persons from illegally accessing or obtaining this information.

If we learn of a security breach involving your personal information, we may attempt to notify you electronically so that you can take appropriate protective steps. By using the IDENTIFIED Website or providing personal information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the IDENTIFIED Website. If a security systems breach occurs, we may post a notice on our homepage ( or elsewhere on the IDENTIFIED Website and may send an email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach, involving your personal information, in writing. This notice paragraph applies to users of the IDENTIFIED Website and our Clients who utilize our Services on their third party websites only. Should there be a breach that affects End Users of Clients, the Client will be responsible for disseminating notice of such a breach to those End Users.

12. Children

The Children’s Online Privacy Protection Act (“COPPA”) protects the online privacy of children under 13 years of age. IDENTIFIED’s Website is not directed toward individuals under the age of thirteen (13), and we request that such individuals do not provide personally identifying information through our websites. Additionally, we do not knowingly collect or maintain personal information from anyone under the age of 13, unless or except as permitted by law. If we learn that personal information has been collected from a user under 13 years of age on or through the IDENTIFIED Website, then we will take the appropriate steps to cause this information to be deleted. If you are the parent or legal guardian of a child under 13 who has registered on the IDENTIFIED Website or you believe has otherwise provided personal information to Gigya, please contact Gigya at to have that child’s account terminated and information deleted.

13. Analytics

In addition, we use Google Analytics to analyze our users’ use of the IDENTIFIED Website. Google Analytics is currently on Google Analytics provides us with aggregated data in order to help us make informed business decisions. Ultimately, Google, as a third party, controls information collected through Google Analytics and you should check and be comfortable with its privacy practices prior to using the IDENTIFIED Website. You may review information about Google’s privacy practices with respect to Google Analytics at

14. Third-Party Ad Networks

We use third parties such as network advertisers to assist us in displaying advertisements on third party websites, and to evaluate the success of our advertising campaigns. Network advertisers are third parties that display advertisements based on your visits to our Website as well as other websites. This enables us, and these third parties, to target advertisements by displaying ads for products and services in which you might be interested. Third party ad network providers, advertisers, sponsors and/or traffic measurement services may use cookies, JavaScript, web beacons (including clear GIFs), Flash LSOs and other technologies to measure the effectiveness of their ads and to personalize advertising content to you. These third party cookies and other technologies are governed by each third party’s specific privacy policy, not this one. We may provide these third-party advertisers with information about your usage of our Website and our services, as well as aggregate information about visitors to our Website and users of our service.

You may opt-out of many third-party ad networks, including those operated by members of the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”). For more information regarding this practice by NAI members and DAA members, and your choices regarding having this information used by these companies, including how to opt-out of third-party ad networks operated by NAI and DAA members, please visit their respective websites: (NAI) and (DAA).

Opting out of one or more NAI member or DAA member networks (many of which will be the same) only means that those members no longer will deliver targeted content or ads to you. It does not mean you will no longer receive any targeted content or ads on our Site or other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing. Also, if your browsers are configured to reject cookies when you visit this opt-out page, or you subsequently erase your cookies, use a different computer or change web browsers, your NAI or DAA opt-out may no longer be effective. Additional information is available on NAI’s and DAA’s websites accessible by the above links.

15. Updates to This Privacy Policy

We may occasionally update this privacy policy. If we do, we will change the “effective date” at the top of the privacy policy. Before making any update that would make this privacy policy materially less restrictive in our use or disclosure of personal information collected prior to the update, we will provide prior notice of the update by posting notice on our website at the top of the then-current privacy policy at least 30 days before the effective date of the update. We encourage you to periodically review this privacy policy to stay informed about our collection, use, and disclosure of personal information. Your continued use of our website constitutes your agreement to our then-current privacy policy.

16. Contact Us

If you have questions about this privacy policy, you may contact us at You may also write to us at:

Gigya, Inc.
Attn: Privacy
2513 E. Charleston Rd. Suite #200
Mountain View, CA 94043

/* */