Effective as of January 1, 2023
Depending on your country, province or state of residence certain rights may apply to you. Please refer below for disclosures that may be applicable to you:
- If you are located in the EU, UK or Switzerland, please see our Notice to European Users below.
- If you are a resident of the State of California, Colorado, Connecticut, Nevada, Utah, or Virginia in the United States, please see the Additional U.S. Privacy Disclosures below.
Table of Contents
What is Personal Data?
Personal Data We Collect
Personal data you provide to us through the Services, or we obtain from third party sources, includes:
- Business and personal contact information, such as your first and last name, email and mailing addresses, phone number, professional title and company name and information.
- Content you choose to upload to the Services, such as comments on our blog and survey responses.
- Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
- Registration information, such as information that may be related to a service or an event you register for.
- Usage information, such as information about how you use the Service and interact with us, including information associated with any content you submit to us, and information you provide when you use any interactive features of the Service.
- Information provided by job applicants, such as professional credentials and skills, educational and work history, and other information of the type that may be included on a resume or curriculum vitae.
- Marketing information, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications
Cookies and Other Information Collected by Automated Means
We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and activity occurring on or through the Service. A listing of potential types of cookies are described at https://support.squarespace.com/hc/en-us/articles/360001264507-About-the-cookies-Squarespace-uses . The information that may be collected automatically includes your computer or mobile device operating system type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, IP address, general location information such as city, state or geographic area; and information about your use of and actions on the Services, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access. Our service providers and business partners may collect this type of information over time and across third-party websites and mobile applications.
How We Use Personal Data
To operate the Services. We use your personal data to:
- provide, operate and improve the Services
- provide information about our products and services
- establish and maintain your user profile on the Services
- enable security features of the Services, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in
- communicate with you about the Services, including by sending you announcements, updates, security alerts, and support and administrative messages
- communicate with you about events or surveys in which you participate
- understand your needs and interests, and personalize your experience with the Services and our communications
- provide support and maintenance for the Services
- to respond to your requests, questions and feedback
For research and development. We analyze use of the Services to improve the Services and to develop new products and services, including by studying user demographics and use of the Services.
To send you marketing and promotional communications. We may send you EngageSmart-related marketing communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications as described in the Opt out of marketing section below.
To manage our recruiting and process employment applications. We use personal data, such as information submitted to us in a job application, to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity and monitoring recruitment statistics.
To comply with law. We use your personal data as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
For compliance, fraud prevention, and safety. We may use your personal data and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal data, such as when required by law.
To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal data and other individuals whose personal data we collect. We make personal data into anonymous, aggregated or de-identified data by removing or not utilizing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.
Data protection laws sometimes differentiate between “controllers” and “processors” of personal data. A “controller” determines the purposes and means (or the why and the how) of processing personal data. A “processor,” which is sometimes referred to as a “service provider,” processes personal data on behalf of a controller subject to contractual restrictions.
As part of our business relationship with our customers, we are often asked to receive, gather, store, analyze, or otherwise process information, which may include personal data, on behalf of our customers. We refer to this type of information and personal data as “customer data.” When we process customer data, we generally act as a processor. This means we process customer data on behalf of our customers subject to restrictions set forth in our contracts with them.
How We Disclose Personal Data
We may disclose your personal data in the following ways:
Customers. We may share your personal data to enforce or apply the terms of any of our customers’ service or license agreements.
Service providers. We may share your personal data with third party companies and individuals that provide services on our behalf or help us operate the Services (such as customer support, hosting, analytics, email delivery, marketing, and database management services).
Co-branded events. We may share your personal data with third party companies that partner with us on co-branded events (such as webinars we offer with a partner). These third parties may use your personal data consistent with their privacy policies.
Professional advisors. We may disclose your personal data to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
For compliance, fraud prevention and safety. We may share your personal data for the compliance, fraud prevention and safety purposes described above.
To comply with law. We may share your personal data as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
Law enforcement purposes. We may share your personal data with law enforcement officials for law enforcement purposes when we, in good faith, believed there was unlawful activity.
Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal data, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.
Aggregate/De-Identified information. We may share Aggregate/De-Identified data from your personal data and other individuals whose personal data we collect for our lawful business purposes, including to analyze and improve the Services and promote our business.
In this section, we describe the rights and choices available to all users. Users who are located within Europe can find additional information about their rights below. Individuals who are residents of the States of California, Colorado, Connecticut, Nevada, Utah, and Virginia in the United States can find additional information about their rights below.
Opt out of marketing email communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at firstname.lastname@example.org. You may continue to receive service-related and other non-marketing emails.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit https://www.allaboutdnt.com.
Other Sites, Mobile Applications and Services
The Services may contain links to other websites, mobile applications, and other online services operated by third parties as well as our affiliates. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal data. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.
Additional U.S. Privacy Disclosures
These U.S. Privacy Disclosures provide additional information about how we collect, use, disclose and otherwise process personal data of individual residents of the State of California, Colorado, Connecticut, Nevada, Utah, and Virginia, either online or offline.
Personal Data Disclosures
In general, within the preceding 12 months:
- We have collected the categories of personal data listed in the “Personal Data We Collect” section above. These categories include: Identifiers, California Customer Records, Protected Classification Characteristics, Commercial Information, Internet/Network Information, Geolocation Data, Sensory Information, Professional/Employment Information, Non-Public Educational Information, Inferences, and Other Personal Data.
- We have collected these categories of personal data directly from you, when you use our Services, and from third parties for the purposes described in “Personal Data We Collect” section above.
- We have disclosed the following categories of personal data for business purposes: Identifiers and contact information; professional and employment-related information; commercial information; transactional information; and internet and network activity information. Please see the “How We Disclose Personal Data” section above for more information.
While we do not “sell” personal data in the traditional sense, we do, however, sell or share personal data for the purpose of displaying advertisements that are selected based on personal data obtained or inferred over time from an individual’s activities across businesses or distinctly-branded websites, applications, or other services (otherwise known as “targeted advertising” or “cross-context behavioral advertising”).
The following personal data elements we collect may be classified as “sensitive” under certain privacy laws (“sensitive information”):
- Account name and password;
- Credit/debit card number plus expiration data and security code (CVV).
We do not sell sensitive information, and we do not process or otherwise share sensitive information for the purpose of targeted advertising.
We may at times receive, or process personal data to create, deidentified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.
Your Privacy Rights
Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to exercise some or all of the following rights. Individuals who wish to exercise these rights with respect to customer data should direct their requests to the EngageSmart customer contact that controls their personal data.
|The Right to Know||
The right to confirm whether we are processing personal data about you and, under California law only, to obtain certain personalized details about the personal data we have collected about you, including:
|The Right to Access & Portability||The right to obtain access to the personal data we have collected about you and, where required by law, the right to obtain a copy of the personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.|
|The Right to Correction||The right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing of the personal data.|
|The Right to Request Deletion||The right to request the deletion of personal data that we maintain about you, subject to certain exceptions.|
|The Right to Control Over Sensitive Information||The right to exercise control over our collection and processing of certain sensitive information.|
|The Right to Opt Out of Sales or Sharing for Targeted Advertising Purposes||The right to direct us not to sell or share personal data for certain targeted or cross-context behavioral advertising purposes.|
|The Right to Non-Discrimination||
The right not to receive retaliatory or discriminatory treatment for exercising any of the rights described above.
However, please note that if the exercise of the rights described above limits our ability to process personal data (such as in the case of a deletion request), we may no longer be able to provide you our products or services or engage with you in the same manner.
In addition, the exercise of the rights described above may result in a different price, rate, or quality level of product or service where that difference is reasonably related to the impact the right has on our relationship or is otherwise permitted by law.
How to Exercise Your Privacy Rights
To Exercise Your Privacy Rights
Please submit a request by:
- Filling out our online form;
- Emailing us at email@example.com with the subject line, “Privacy Rights Request”; or
- Calling us at 888-354-6412
We will take steps to verify your identity and confirm you are a resident of a state that offers the requested right(s) before processing your request. We will not fulfill your request unless you have provided sufficient information for us to verify you are the individual about whom we collected personal data. If you have a customer account with us, we will use our existing customer account authentication practices to verify your identity. If you do not have a customer account with us, we may request additional information about you to verify your identity, including your name, email address, and state of residency. We will only use the personal data provided in the verification process to verify your identity or authority to make a request and to track and document request responses unless you initially provided the information for another purpose.
To Exercise the Right to Opt Out of the Selling or Sharing of Personal Data for Targeted Advertising Purposes
Unless you have exercised your Right to Opt Out, we may “sell” or “share” your personal data to third parties for targeted or cross-context behavioral advertising purposes. The third parties to whom we sell or share personal data may use such information for their own purposes in accordance with their own privacy statements, which may include reselling or sharing this information to additional third parties.
You do not need to create an account with us to exercise your Right to Opt Out. However, we may ask you to provide additional personal data so that we can properly identify you in our dataset and to track compliance with your opt out request. We will only use personal data provided in an opt out request to review and comply with the request. If you chose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.
Once you make an opt-out request, you may change your mind and opt at any time by returning to this section and clicking the above link or contacting us at firstname.lastname@example.org.
In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf through the designated methods set forth above where we can verify the authorized agent’s authority to act on your behalf. In order to verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided and your state of residency, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.
Appealing Privacy Rights Decisions
Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by emailing us at email@example.com with the subject line, “Privacy Request Appeal.”
Minor Under Age 16
We do not market and or sell the personal data of consumers we know to be less than 16 years of age. Please contact us at firstname.lastname@example.org to inform us if you, or your minor child, are under the age of 16.
We retain personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the personal data we have collected about you, unless prohibited by applicable law, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. If we anonymize your personal data (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.
Shine the Light
Our California customers are also entitled to request and obtain from EngageSmart once per calendar year information about any of your personal data shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information please contact us at email@example.com.
International Data Transfers
We are headquartered in the United States and have service providers in other countries, and your personal data may be transferred to the United States or other locations outside of your state, province, or country where privacy laws may not be as protective as those in your state, province, or country.
European Union users should read the important information provided below about transfer of personal data outside of the European Union.
The Services are not directed to, and we do not knowingly collect personal data from, anyone under the age of 16. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us. We will delete such information from our files as soon as reasonably practicable. We encourage parents with concerns to contact us.
Notice to European Users
The information provided in this “Notice to European Users” section applies only to individuals in Europe.
Details regarding each processing purpose listed below are provided in the section above titled “How we use personal data”.
|To operate the Services||Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services. If we have not entered into a contract with you, we process your personal data based on our legitimate interest in providing the Services you access and request.|
● For research and development
● To send you marketing and promotional communications
● To display advertisements
● To manage our recruiting and process employment applications
● For compliance, fraud prevention and safety
● To create anonymous data
|These activities constitute our legitimate interests. We do not use your personal data for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).|
|To comply with law||Processing is necessary to comply with our legal obligations.|
|With your consent||Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Services.|
Sensitive personal data. We ask that you not provide us with any sensitive personal data (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services, or otherwise to us.
Information for Visitors from Outside of the United States
We are located in the United States, where the laws may be different and, in some cases, less protective than the laws of other countries. By providing us with your Personal data and using the Services, you acknowledge that your Personal data will be transferred to and processed in the United States and other countries where we and our vendors operate. If we receive or transfer your personal data from Europe or Switzerland to a third country and are required to apply additional safeguards to your personal data under European data protection legislation, we use good faith efforts to do so.
How to Contact Us
30 Braintree Hill Office Park, Suite 101
Braintree, MA 02184
© 2023 EngageSmart, LLC. All Rights Reserved
EngageSmart and other service marks and trademarks are owned by EngageSmart, LLC.
What are Cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies serve different purposes, like helping us understand how a site is being used, letting you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience.
Our Sites may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them).
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our Sites; and (2) third party cookies, which are served by service providers or business partners on our Sites, and can be used by these parties to recognize your computer or mobile device when it visits other websites. Third party cookies can be used for a variety of purposes, including site analytics, advertising and social media features.
What Types of Cookies and Similar Data Collection Technologies does EngageSmart Use on the Sites?
|Type||Description||Who serves the cookies||How to control them|
|Analytics||These cookies are used by advertising companies to collect information about how you use our Sites and other websites over time. These companies use this information to show you ads they believe will be relevant to you within our Sites and elsewhere, and to measure how the ads perform.||See ‘your choices’ below|
|Advertising||These cookies help us understand how our Sites are performing and being used. These cookies may work with web beacons included in emails we send to track which emails are opened and which links are clicked by recipients.||
See ‘your choices’ below.
Google Analytics uses its own cookies. You can find out more information about Google Analytics cookies here and about how Google protects your data here. You can prevent the use of Google Analytics relating to your use of our Sites by downloading and installing a browser plugin available here.
You can prevent the use of Bizible tracking relating to your use of our Sites by visiting the Bizible opt-out site available here.
|Essential||These cookies are necessary to allow the technical operation of our Sites (e.g., they enable you to move around on a website and to use its features).||Google Tag Manager||See ‘your choices’ below.|
|Functionality/performance||These cookies enhance the performance and functionality of our Sites.||
||See ‘your choices’ below.|
In addition to cookies, our Sites may use other technologies, such as Flash technology and pixel tags to collect information automatically.
Browser Web Storage. We may use browser web storage (including via HTML5), also known as locally stored objects (“LSOs”), for similar purposes as cookies. Browser web storage enables the storage of a larger amount of data than cookies. Your web browser may provide functionality to clear your browser web storage.
Web Beacons. We may also use web beacons (which are also known as pixel tags and clear GIFs) on our Sites and in our HTML formatted emails to track the actions of users on our Sites and interactions with our emails. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages or within HTML formatted emails. Pixel tags are used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of the Sites, so that we can manage our content more effectively.
Third Party Data Collection and Online Advertising. We participate in interest-based advertising and use third-party advertising companies to serve you targeted advertisements based on your browsing history. We permit third-party online advertising networks, social media companies and other third-party services, to collect information about your use of our online Services over time so that they may play or display ads on the Services, on other websites, or services you may use, and on other devices you may use. Typically, though not always, the information used for interest-based advertising is collected through tracking technologies, such as cookies, web beacons, embedded scripts, location-identifying technologies, and similar technology (collectively, “tracking technologies”), which recognize the device you are using and collect information, including click stream information, browser type, time and date you visited the site, AdID, precise geolocation and other information. We may share a common account identifier (such as a hashed email address or user ID) with our third-party advertising partners to help identify you across devices. We and our third-party partners use this information to make the advertisements you see online more relevant to your interests, as well as to provide advertising-related services such as reporting, attribution, analytics and market research. We may also use services provided by third parties (such as social media platforms) to serve targeted ads to you and others on such platforms. We may do this by providing a hashed version of your email address or other information to the platform provider. See “Your Choices About Online Ads” below, to learn more about the choices you may have regarding interest-based advertising.
Google Analytics and Advertising. We use Google Analytics to recognize you and link the devices you use when you visit our websites or Services on your browser or mobile device, log in to your account on the Services, or otherwise engage with us. We share a unique identifier, like a user ID or hashed email address, with Google to facilitate the service. Google Analytics allows us to better understand how our users interact with the Services and to tailor our advertisements and content to you. For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google’s site “How Google uses data when you use our partners’ sites or apps” located at www.google.com/policies/privacy/partners/. You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Ad-On here https://tools.google.com/dlpage/gaoptout/.
Your Choices About Cookies
Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Sites may not work properly.
For more information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org. If you do not accept our cookies, you may experience some inconvenience in your use of our Sites. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Sites.
Your Choices About Online Ads
We support the self-regulatory principles for online behavioral advertising (Principles) published by the Digital Advertising Alliance (DAA). This means that we allow you to exercise choice regarding the collection of information about your online activities over time and across third-party websites for online interest-based advertising purposes. More information about these Principles can be found at www.aboutads.info. If you want to opt out of receiving online interest-based advertisements on your internet browser from advertisers and third parties that participate in the DAA program and perform advertising-related services for us and our partners, please follow the instructions at www.aboutads.info/choices or https://www.networkadvertising.org/choices/ to place an opt-out cookie on your device indicating that you do not want to receive interest-based advertisements. Opt-out cookies only work on the internet browser and device they are downloaded onto. If you want to opt out of interest-based advertisements across all your browsers and devices, you will need to opt out on each browser on each device you actively use. If you delete cookies on your device generally, you will need to opt out again. If you want to opt out of receiving online interest-based advertisements on mobile apps, please follow the instructions at https://www.aboutads.info/appchoices.
Cookie Management and the Right to Opt Out of the Sale or Sharing of Personal Data for Targeted Advertising Purposes
For California, Colorado, Connecticut, Nevada, Utah, and Virginia Residents: Unless you have exercised your Right to Opt Out (as described in the “Your Privacy Choices” section of our Additional U.S. Privacy Disclosures), we may “sell” or “share” your personal data to third parties for targeted or cross-context behavioral advertising purposes. The third parties to whom we sell or share personal data may use such information for their own purposes in accordance with their own privacy statements, which may include reselling or sharing this information to additional third parties.
You do not need to create an account with us to exercise your Right to Opt Out. However, we may ask you to provide additional personal data so that we can properly identify you in our dataset and to track compliance with your opt-out request. We will only use personal data provided in an opt-out request to review and comply with the request. If you chose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.
Information about the cookies we use may be updated from time to time, so please check back on a regular basis for any changes.