Published on: October 27, 2023
This privacy policy (this “Privacy Policy”) covers and describes how Fastly, Inc. and its subsidiaries (“Fastly”, “We” or “Us”) collect, use, share, secure and disclose the personal data we collect from individuals who interact with www.fastly.com and our websites that link to this Privacy Policy or who initiate communications with us (“Visitors”), individuals who sign-up for and register for products and services (“Customers”), individuals who register to use our products and services on behalf of a Customer (“Users”) individuals who register for or attend our marketing events or receive our marketing emails (“Attendees”) and individuals who submit an application for a career opportunity at Fastly (“Job Applicants”).
Our websites, apps, and services are designed for businesses and their representatives. We do not target consumers – individuals who seek to use products and services for their personal or household use. Accordingly, we treat all personal data we collect as pertaining to individuals in their business capacity and not their individual capacity.
Fastly as a Data Processor or Service Provider.
In their use of our products and services, Customers and their Users may submit content, configurations and credentials to Fastly to be processed. The security and privacy practices governing our Customers’ (and our Customers’ Internet clients’) use of our services and how we store, process, transmit and disclose the data submitted to the services by our Customers are described in and governed by our service contracts with our Customers. Our terms of service are available here. Our data processing terms are available here. To the extent a Customer submits to the services the personal data of European persons (including the United Kingdom and Switzerland) or other persons who are protected by similar data privacy laws, Fastly processes that personal data as a data processor or as the Customer’s sub-processor (as the case may be). Customers are solely responsible for establishing the policies governing, and ensuring compliance with all applicable laws and regulations related to, the Customer’s (and the Customer’s Internet client’s) collection and submission of personal data to our services. Any personal data about an individual (i.e., a “data subject”) hosted, stored, or published by a Customer is the responsibility of the Customer and is not covered by this Privacy Policy.
Fastly acknowledges that you may have the right to access your personal data. Fastly has no direct relationship with the data subjects whose personal data we process on behalf of our Customers. An individual who seeks to access, correct, amend, or delete personal data about them that we process on behalf of our Customers should direct their requests or queries to our Customer (i.e., the data controller). In addition, we will forward to the applicable Customer any request by a data subject received by Fastly regarding personal data processed on behalf of that Customer.
Fastly as a Data Controller
Please read this Privacy Policy carefully to understand the categories and specific pieces of personal data we collect and how we collect, use, disclose, and protect the personal data of our Visitors, Customers, Users, Attendees, and Job Applicants, as well as the choices available to you regarding that information.
International Data Transfers
When Fastly operates as a data controller (i.e., when we determine the manner, purposes and means of the processing of others’ personal information), Fastly may collect from, transfer to, or process, and store your personal information in the United States and other countries other than the country where you live. When we transfer personal data from the EU, Switzerland, or UK to any other country, we will do so according to an adequate mechanism of transfer as required by applicable laws or regulations.
Data Privacy Framework Notice
Fastly complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Fastly has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
Fastly has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
If you are located in the EU, UK or Switzerland, you have the right to request access to the personal data that we hold about you and request that we correct, amend or delete your personal data if it is inaccurate or processed in violation of the Frameworks' principles. We will give you an opportunity to opt out where personal data we control about you is to be disclosed to an independent third party or used for a purpose that is materially different from those set out in this Privacy Policy. If you would like to exercise any of your rights, please contact us via the details provided below.
In compliance with the Framework, Fastly commits to resolve DPF principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the DPFs should first contact us by emailing abuse@fastly.com or via mail to: Fastly, Inc. 475 Brennan St #300, San Francisco, CA 94107, Attn: Data Protection Officer. We will respond to your inquiry within 45 days of receipt and verification of your identity.
In addition Fastly commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to the EU DPA Panel, an alternative dispute resolution provider based in the European Union. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The services of EU DPA Panel are provided at no cost to you.
If your DFP complaint cannot be resolved through the above channels, you may invoke binding arbitration for residual claims not fully or partially resolved by other redress mechanisms. For more detailed information about binding arbitration, visit the Data Privacy Framework website, found here.
The Federal Trade Commission has jurisdiction over Fastly’s compliance with the Frameworks. We may be required to disclose personal information we receive under the Frameworks in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Fastly is liable for the processing of personal information it receives under the Frameworks’ principles and subsequently transfers to a third party acting as an agent on its behalf. Fastly shall remain liable under the Frameworks' principles if its agent processes such personal information in a manner inconsistent with the Frameworks’ principles unless Fastly proves that it is not responsible for the event giving rise to the damage.
Information that we collect from or about you includes the following:
Categories of collected personal data | Description |
---|---|
Identification and Contact Information | Details such as name, postal address, e-mail address, or telephone number, either actively or passively, and billing information such as credit card number and tax address. |
Professional Information | Information that you provide when you fill in forms on our websites, such as your job title, credit card number, and other contact details. Information you provide as a contributing user that is published or displayed (hereafter, referred to as “posted”) on public areas of our websites, or transmitted to other users of our websites or third parties. Your user contributions are posted and may be accessed by others at your own risk. Information you provide when applying for a job with Fastly, including your résumé. |
Transactional Data | Details of financial transactions you carry out through our websites and applications, or related to orders of our services, such as credit card information, or in connection with planning and hosting corporate events, such as reservations and hospitality. |
Technical Data | Information about your Internet connection and Internet protocol (IP) address, your login data, the equipment you use to access our websites and applications, time zone settings and location, browser plug-in types and versions, operating system and other technology on the devices you use to access or use our websites. |
Marketing and Communications Data | Your preferences in receiving marketing from us and our partners and your communication preferences and consents. Your responses to surveys that we might ask you to complete for research purposes. Records and copies of your correspondence (including email addresses, IRC handles, and Twitter handles), if you contact us. This information may contain contact details you include within your correspondence. |
Behavioral Data | Inferred or assumed information relating to your behavior and interests, based on your online activity and your use of our websites. |
We do not collect any “Special Categories of Personal Data'' or Sensitive Information as defined by California Consumer Privacy Act about you. This includes details about your race or ethnicity, religious or philosophical beliefs, financial account information (other than credit card information that you submit in connection with your purchase of Fastly services), precise geo-locationation data, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offenses.
Legal Basis and Purpose for Processing Personal Data
Where we process personal data as a processor or a service provider pursuant to service contracts with our Customers, we only process personal data on the instructions of the Customer, and only as necessary, appropriate and customary to provide our services.
If you are an individual located in the European Economic Area (EEA) or an individual whose personal data is protected by laws similar to the General Data Protection Regulation (“GDPR”), our legal basis and purpose for collecting and using the personal data described above in this Section 2.1 will depend on the personal data concerned and the specific context in which we collect it. However, we will normally collect personal data from you only where: (a) we have your consent to do so, (b) where we need the personal data to perform a contract with you (e.g. to deliver the services you have requested), or (c) where the processing is in our or a third party’s legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms). In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.
Examples of Legitimate Basis and Purpose for Collecting Your Personal Data
In connection with your use of our services, we collect and process personal data to perform our contractual obligations related to the services that you have requested. Where we collect personal data in connection with operating our websites and services, we have a legitimate interest in ensuring our websites, services and associated networks and IT systems operate properly and securely. Where you have requested to receive information about our products, services and business or other marketing communications, then we process personal data based upon our legitimate interest in engaging in direct marketing with Visitors, Customers, Users, Attendees, individuals and companies that have requested to receive information from us.
Where you have responded to a job posting on our websites, we collect and process personal data as part of our consideration of your application. Where we rely on your consent to process the personal data, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.
Where we collect data about online behavior, including through the use of cookies, we have a legitimate interest in providing you with an optimal user experience and understanding and analyzing how Visitors interact with our website. You can find more about the use of cookies in our websites, please read and review our Cookie Policy found here.
Fastly collects your information both actively and passively (in accordance with our Cookie Policy) as you interact with our websites or contact us.
Fastly may directly collect personal data you provide us in the following ways:
When you complete forms on our websites, such as registering an account, subscribing to a service, posting a comment or applying for a job.
When you create an account to use our services or create a new user for that account.
When you complete transactions through our websites, such as fulfilling an order for our services.
When you perform search queries on our websites.
When you post messages on our websites, either in public areas or directly to other users or third parties.
When you use our publicly accessible blogs.
When you contact us outside of our websites, such as via email or Twitter.
When you request assistance from our Support team.
When you respond to surveys we ask you to complete for research purposes.
When you provide information that will be posted or displayed on public areas of our websites.
When you transmit information to other users of our websites or third parties as a user contribution.
When you register for or attend our marketing activities.
When you submit an entry to a sweepstakes or contest that we sponsor.
As is true of most websites and services provided using the Internet, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), the referring page that you navigated to our websites from, the page that you navigated to from our websites, the files viewed on our site (e.g. HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
The information we collect automatically is statistical data, which we may associate with personal data we collect in other ways or receive from third parties. This information helps us to improve our websites and to deliver better and more personalized service.
Fastly and our partners use cookies or similar technologies (such as web beacons) to gather information, analyze trends, administer our websites, track users’ movements around our websites, and to gather demographic information about our user base as a whole. These technologies may provide us with personal data, information about devices and networks you utilize to access our websites, analytics information and other information regarding your interactions with our websites. Users can control the use of cookies at the individual browser level but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service. For detailed information about the use of cookies and related technologies in our websites, please read and review our Cookie Policy found here.
We partner with a third party to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on our websites and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union, click here). Please note that this does not opt you out of being served ads. You will continue to receive generic ads.
In connection with operating our global caching network’s general interaction with the Internet, Fastly collects client IP address information on a limited basis to provide and improve its services. Fastly also may collect and retain for its legitimate business purposes client or Customer IP addresses associated with suspicious activity that may pose a risk to the Fastly network or our Customers, or that are associated with administrative connections to the Fastly service.
We use your information to enhance your experience using our websites and services.
We use personal data that we collect about you or that you provide to us, including any personal data about Visitors, Customers, Users, and Attendees:
To present our websites and their content to you.
To provide you with access to our services and to maintain access controls over secured areas of our websites.
To provide you services for which you have engaged us.
To provide you with information, products, or services that you request from us, including technical instructions for implementing your service and responding to customer support and sales inquiries.
To fulfill any purpose for which you provide it.
To provide you with notices about your account and/or subscription, including expiration and renewal notices.
To notify you about changes to our websites or any products or services, which include changes to our documentation, other technical and administrative notices, security advisories and other alerts that you may subscribe for on our websites.
To provide you with information or services that you request from us.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing, collection and completing credit card transactions.
To save your preferences (including requests to not receive communications).
To allow you to participate in interactive features on our websites.
To personalize our websites to optimize your experience and match your preferences.
To send you promotional materials about our services and events, including newsletters, product updates, information about and invitations to marketing events.
To process and deliver contests or sweepstakes entries and rewards.
To plan and host marketing activities.
To communicate with you about corporate marketing events, which may include promotional information.
In any way we describe when you provide or we collect the information.
To comply with applicable legal and regulatory requirements.
To assure the safety of your account and our platform.
For any other purpose with your consent.
We retain your information for as long as your account is active or as needed to provide you our services or perform our contractual obligations, unless a longer retention period is required or permitted by law. The retention period shall not exceed the duration of our business relationship with you plus (7) years unless we have a legitimate business interest need to retain the information for a longer period, which include maintaining a record of your preferences, securing the integrity of databases, conducting audits, complying with our legal and contractual obligations, resolving disputes, and enforcing our agreements.
Third-Party Service Providers
We engage third-party service providers in the operation of our business or to support our business. We consequently share information, including personal data, with these contracted third-party service providers in connection with using their services. These include cloud-based productivity and collaboration tools, customer relations management, security tools, staffing service providers, backup, storage, payment processing, analytics and other services. We also engage and share information with third-party service providers for fraud protection, credit risk reduction and payment collection associated with our accounts. Our service providers may have access to, process or store your personal data for the purpose of providing us with their contracted-for services.
Our service providers are not authorized to process your personal data for purposes other than as necessary, appropriate or reasonable to provide the service we have purchased.
Affiliates
We share information, including personal data, with our subsidiaries and affiliates in the operation of our global business because our subsidiaries and affiliates may provide you services under our contracts or other functions, consistent with the purposes described in Section 2.4 above.
Third Party Cookies
As described in our Cookie Policy, we collect and share information through the use of cookies.
Consent
We may disclose your personal data to any third party with your consent and appropriate notice.
Compliance with Laws; Law Enforcement Requests; Protection of Our Rights
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet law enforcement requirements. We may disclose personal data to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary or appropriate in order to protect our rights, property, or safety of Fastly, our Visitors, Customers, Users, or Attendees, Job Applicants, our personnel or others, to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our contracts, or as otherwise required by law.
Corporate Events
We may share your personal data to a potential buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Fastly’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by Fastly about our websites users is among the assets transferred. We may also share your personal data with potential investors, financing sources, auditors or agents that may conduct due diligence of our business. You will be notified via email and/or a prominent notice on our websites of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
Referrals
Our services permit you to refer our services to other people, including, for instance, if you are a Customer, to add Users to your account. If you provide us with contact information for persons you would like to refer, we will communicate with the referred persons and may disclose you as the source of the referral. If you believe that one of your contacts has provided us with your personal data and you would like to request that it be removed from our databases, please contact us at abuse@fastly.com.
Community Forums
Our website includes a community forum and other interactive features. When interacting in the community form, your account is publicly accessible unless you change the privacy settings of your profile through your account portal.
Some content or applications are served by third parties, including advertisers, ad networks and servers, content providers, and application providers who may collect your information as you interact with those parties through our websites.
This collection can occur under the following circumstances:
When you log in to our websites using sign-in services such as Facebook Connect or an Open ID provider.
When you use social media features, such as the Facebook Like button, and widgets, such as the Share button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our websites, and may set a cookie to enable the feature to function properly. These social media features are either hosted by a third party or hosted directly on our websites.
You can log in to our websites using sign-in services such as Facebook Connect or an Open ID provider. These services authenticate your identity and provide you the option to share certain personal data with us such as your name and email address to pre-populate our sign up form. Services like Facebook Connect give you the option to post information about your activities on our websites to your profile page to share with others within your network.
These third parties may also use automatic data collection technologies such as cookies or beacons to collect information about you when you use our websites, your online activities, and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal data about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. If we receive personal data about you from a third party in order to engage in marketing of our services, then we will market to you only in your capacity as representatives of companies we wish to sell to and we will present you an opportunity to opt-out of future communications.
Examples of the types of personal data that may be obtained from public sources or purchased from third parties and combined with information we already have about you, may include:
Contact information about you, including your name, email address telephone number, from third party sources to verify your address so we can properly prevent fraud or communicate with you; or
Data purchased from third parties, such as social networking sites and conference attendee lists, that is combined with information we already have about you, to create more tailored advertising and products. If you receive a marketing communication or promotion from us, you may opt-out of these communications at any time by clicking the unsubscribe link provided in the email or by sending a request to abuse@fastly.com.
Our websites may include links to other websites whose privacy practices may differ from those of Fastly. If you submit personal data to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.
The following table explains your rights with respect to your Personal Data that Fastly controls:
Be informed | Be informed of the personal data we collect about you and how we process it | How Fastly informs you:
|
Know & Access | Request to know and access the personal data we collect about you | To request a copy of your personal data from Fastly please contact abuse@fastly.com |
Correction | Request that we amend, correct, or update your personal data. | You can request we delete your information by emailing abuse@fastly.com To remove your personal data from our blog, please follow the instructions to remove posts or delete your user account. If you want your personal data removed from other places on our websites, please contact us via the information supplied in the Contact Information section below. |
Right to Limit | Under California law, you may request that we limit the processing of sensitive personal data if we are using or disclosing it for purposes other than those specified in Section 7027(m) of the CCPA Regulations. | Currently, we are not using or disclosing any sensitive personal data for the purposes of providing our products and services to you. |
Restriction | Request that we stop processing all or some of your personal data.You can do this if:
You can request that we stop this processing temporarily or permanently. |
|
Object | Object to us processing your personal data.You can do this if:
| To exercise your right to object, you can contact abuse@fastly.com |
Data portability | Request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party ’s service. You can request us to transmit your data when we are processing your personal data on the legal basis of consent or performance of contract. | Upon request, we will provide you with information about whether we hold, or process on behalf of a third party, any of your personal data or if we have retained your personal data after the closure of your account. To request this information please contact us via the information supplied in the Contact Information section below. |
Not be subject to automated decision making | Not be subject to a decision based solely on automated decision making (decisions without human involvement), including profiling, where the decision would have a legal effect on you or produce a similarly significant effect. | Fastly does not employ automated decision making as part of providing its products or services to you where the decision would have a legal effect on you or produce a similarly significant effect. |
Withdrawal of consent | Withdraw your consent to us collecting or using your personal data or update your subscription preferences | You can modify the settings in your profile or by following the link at the bottom of any email communications. |
Withdraw or opt-out of sharing or selling data | Under California Law you have the right to withdraw or opt-out of consent to sell and/or share your data | Fastly does not sell your data to third-parties. Please see Section 3 on sharing data with third-parties. |
If we fulfill your request to close your account, we will remove your user account from our active database and your account will be archived as an inactive account. We retain your account information in accordance with our retention policy as described above in Section 2.5 and in order to maintain a record of your preferences, to secure the integrity of applicable databases, conduct audits, comply with our legal and contractual obligations, resolve disputes, and enforce our agreements.
If you need to report abuse, please contact us by email at abuse@fastly.com. Fastly’s language for official communications is English.
We have implemented measures designed to secure your personal data from accidental loss and from unauthorized access, use, alteration, and disclosure.
Information you provide to us is stored on our secure servers behind firewalls. Any sensitive information is encrypted using Transport Layer Security (TLS) (sometimes referred to as Secure Sockets Layer or SSL).
You must also make sure that your personal data is safe and secure. Even if we give you (or you have chosen) a password for access to certain parts of our websites, you are responsible for keeping this password confidential. Do not share your password with anyone. We urge you to be careful about giving out information in public areas of our websites, for example, message boards. The personal data you share in public areas may be viewed by any user of our websites.
Information that is transmitted via the Internet is not completely secure. We cannot guarantee the security of your personal data transmitted to our websites. Any transmission of personal data is at your own risk. We are not responsible if you circumvent any privacy settings or security measures on our websites.
We limit access to certain pages on our websites and allow you to set certain privacy settings via your account profile; however, be aware that no security measures are perfect or impenetrable.
Additionally, we cannot control the actions of other users of our websites with whom you may choose to share your user contributions. Given that, we cannot and do not guarantee that your user contributions will not be viewed by unauthorized persons.
Our websites are not intended for children under 16 years of age. No one under age 16 may provide any personal data to or on the websites.
We do not knowingly collect personal data from children under 16. If you are under 16, do not use or provide any information on our websites or on or through any of their features, register on the websites, make any purchases through the websites, use any of the interactive or public comment features of our websites or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If we learn we have collected or received personal data from a child under 16, we will delete that information immediately.
If you believe we might have any information from or about a child under 16, please contact us via the Contact Information section below.
California Civil Code Section § 1798.83 permits users of our websites that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an e-mail or write to us at our mailing address noted in the Contact Information section below.
If you have any questions or comments about this Privacy Policy and our privacy practices, contact us at: abuse@fastly.com.
or Fastly, Inc., Attn: General Counsel, 475 Brannan St, Suite 300 San Francisco, CA 94107.
Fastly’s language for official communications is English. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you may contact our U.S.-based third party dispute resolution provider (free of charge) at: https://feedback-form.truste.com/watchdog/request.
It is our policy to post any changes we make to this Privacy Policy on this page with a notice on http://docs.fastly.com/changes that this Privacy Policy has been updated. If we make material changes to how we treat our users’ personal data, we will notify you by e-mail to the primary e-mail address specified in your account and/or through a notice on http://docs.fastly.com/changes thirty (30) days prior to the change becoming effective. We reserve the right to change this Privacy Policy without thirty (30) days’ notice for the purpose of complying with applicable law. The date this Privacy Policy was last revised is identified at the top of the page and will be reviewed, and revised if required, in accordance with applicable law. You are responsible for ensuring we have an up-to-date active and deliverable email address for you and for periodically visiting http://docs.fastly.com/changes and this Privacy Policy to check for any changes.