Privacy Policy

Submittable Privacy Policy

Last Updated: November 27, 2023

Submittable Holdings, Inc. and its affiliates (“Submittable,” “we,” “our,” and/or “us”) are committed to protecting the privacy of individuals who visit and use our websites (including https://www.submittable.com) or services that link to this privacy policy (collectively, our “Services”). This privacy policy (the “Privacy Policy”) explains how we collect, use, and disclose personal information from users of our Services (“Users”) or their devices. If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), “personal information” means any information relating to an identified or identifiable individual.

In addition to the practices described in this Privacy Policy, we process personal information that Users submit (“Submitters”) to forms created on our Services by our business and organization customers (“Organization Customers”). We process such personal information, including contact information, age, education, gender, interests, health information, and financial information, as a data processor and service provider on behalf and on the instructions of our Organization Customers, which are the entities responsible for the data processing. Please note that any personal information that a Submitter discloses to an Organization Customer will not be subject to this Privacy Policy. To understand how an Organization Customer processes your personal information submitted to their forms, please refer to that Organization Customer’s privacy policy.

By using or accessing our Services, you agree to the collection, use, disclosure, and procedures this Privacy Policy describes. Beyond the Privacy Policy, your use of our Services is also subject to our Submitter Terms of Use and Customer Terms of Service, as applicable.

If you are a California resident, please also review our California Resident Privacy Notice for more information about the types of personal information we collect and disclose, as well as how to exercise your rights under California law.

Information We Collect

We collect a variety of personal information from or about you or your devices from various sources, as described below.

If you do not provide your personal information when requested, you may not be able to use our Services if that information is necessary to provide our Services or if we are legally required to collect it.

A. Information You Provide to Us

Registration and Profile Information. If you sign up for an account on our Services, we will receive your first and last name and email address, and we will ask you to create a password. You also can add your mailing address, phone number, age, education, gender, interests, marketing preferences, cover letter template, and an avatar to an account.

Payment Information. When you add a credit card or payment method to your account, a third-party service provider that handles payments for us will receive your payment card information, such as your credit card number, security code, expiration date, and billing address.

Communications. If you contact us directly, we may receive additional personal information about you. For example, when you contact us for customer support, we may receive your first and last name, email address, the contents of a message or attachments that you may send to us, and other information you choose to provide. When you communicate with us online, third party vendors receive and store these communications on our behalf. If you sign up to receive emails or information about our Services, then we will collect certain personal information from you, such as your first and last name, email address, and your areas of interest. When we send you emails, we may track whether you open them to learn how to deliver a better customer experience and improve our Services.

Careers. If you decide to apply for a job with us, you may submit your contact information and your resume online. We will collect the information you choose to provide us as part of your job application, such as your contact information, current employment information, and other information you choose to submit with your application and on your resume. If you apply for a job with us through a third-party platform (such as LinkedIn or Greenhouse), we will collect the information you make available to us through such third-party platform.

B. Information We Collect When You Use Our Services

Device Information. We receive information about the device and software you use to access our Services, including internet protocol (“IP”) address, web browser type, operating system version, internet traffic data, and service usage data.

Usage Information. To help us understand how you use our Services and to help us improve them, when you use our Services, we automatically receive information about your interactions with our Services, like action history, information requested or rejected, selections made by you, log files, performance logs, diagnostic reports, the pages or other content you view, the searches you conduct, pages you request, the websites you visited before using our Services, and the dates, times, and durations of your visits.

Location Information. When you use our Services, we infer the general physical location of your device and the geographic regions our Users come from. For example, your IP address may indicate your general geographic region.

Information from Cookies and Similar Technologies. We and our third-party partners may collect personal information using Cookies. Cookies are small files of letters and numbers that we store on your browser or the hard drive of your computer. They contain information that is transferred to your computer’s hard drive. We use cookies, beacons, invisible tags, and similar technologies (collectively “Cookies”) to collect information about your browsing activities and to distinguish you from other Users of our Services. This aids your experience when you use our Services and also allows us to improve the functionality of our Services. Cookies can be used for performance management, collecting information on how our Services are being used for analytics purposes. They can also be used for functionality management, enabling us to make the User’s visit more efficient by, for example, remembering language preferences, passwords and log-in details. We may also use pixel tags and web beacons on our Services. These are tiny graphic images placed on web pages or in our emails that allow us to determine whether you have performed a specific action. Below is an overview of the types of Cookies we and third parties may use to collect personal information.

  • Functional Cookies. Functional Cookies are used to recognize you when you return to our Services. This enables us to adapt our content for you and remember your preferences. For example, we use functional Cookies to remember your choice of language or region. We use the following functional Cookies:

  • redirect_www_to. Purpose: Identifies current submitter/org users for the marketing site to improve experience. Retention period: Session.

  • intercom-id-b4tmmu4q. Purpose: In-app messages, onboarding tours, alerts. Retention period: Session.

  • Intercom-session. Purpose: In-app messages, onboarding tours, alerts. Retention period: Session.

  • Analytical or Performance Cookies. We also use Cookies for website analytics purposes in order to operate, maintain and improve our Services. We may use our own analytics Cookies or use third-party analytics providers such as Google Analytics to collect and process certain analytics data on our behalf. These providers may also collect information about your use of other websites, apps, and online resources. We also use the following analytical or performance Cookies:

  • SID. Purpose: Google Analytics. Retention period: 2 years.

  • SIDCC. Purpose: Google Analytics. Retention period: 6 months.

  • __Secure-3PAPISID. Purpose: Google Analytics. Retention period: 2 years.

  • __Secure-1PAPISID. Purpose: Google Analytics. Retention period: 2 years.

  • APISID. Purpose: Google Analytics. Retention period: 2 years.

  • HSID. Purpose: Google Analytics - Fraud Prevention. Retention period: 2 years.

  • __Secure-3PSID. Purpose: Google Analytics. Retention period: 2 years.

  • SSID. Purpose: Google Analytics. Retention period: 2 years

  • SAPISID. Purpose: Google Analytics. Retention period: 2 years

  • __Secure-1PSIDCC. Purpose: Google Analytics. Retention period: 1 year.

  • __Secure-1PSID. Purpose: Google Analytics. Retention period: 2 years.

  • __Secure-1PSID. Purpose: Google Analytics. Retention period: 1 year.

  • presence. Purpose: Facebook: contains user’s chat state. Retention period: Session

  • sb. Purpose: Facebook Ads. Retention period: 2 years.

  • _gid. Purpose: Google Analytics - page analytics. Retention period: 1 day.

Where required by applicable law, we will obtain your consent to use Cookies. You can find more information about your rights and choices, and how to block the use of certain Cookies in the section Your Rights and Choices below.

C. Information We Receive from Third Parties

Third-Party Services. You may also post photos, comments, or reviews on our pages available through third-party platforms, including Facebook, Twitter, Instagram, YouTube, or LinkedIn. If you do so, we and other users on those third-party platforms may be able to view the personal information you make available through these third-party platforms. 

Partners. We may receive additional personal information about you from third parties such as data or marketing partners and combine it with other personal information we have about you.

How We Use the Information We Collect

We use the personal information we collect:

  • To provide, maintain, improve, and enhance our Services, including by authenticating your access to our Services and your information stored by us, fulfilling your account or order, and administering your account;

  • To communicate with you, provide you with updates and other information relating to our Services, provide information that you request, respond to comments and questions, and otherwise provide customer service and support;

  • For marketing purposes, such as developing and providing promotional and advertising materials and suitable products that may be useful, relevant, valuable or otherwise of interest to you;

  • To personalize your experience on our Services such as presenting tailored content;

  • To conduct research to understand and analyze how you use our Services and develop new products, services, and features;

  • To de-identify and aggregate information collected through our Services and use and disclose it to third parties for our business purposes;

  • To facilitate transactions and payments;

  • To find and prevent fraud, and respond to trust and safety issues that may arise;

  • For compliance purposes, including enforcing our Submitter Terms of Use, Customer Terms of Service, and other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency; and

  • For other purposes for which we provide specific notice at the time the personal information is collected.

Legal Bases for Processing European Information

If you are located in the EEA or the UK, we only process your personal information when we have a valid “legal basis,” including as set forth below.

  • Consent. You have consented to the use of your personal information. For example, we may process your personal information to send you marketing communications or to use Cookies where you have consented to such use.

  • Contractual Necessity. We need your personal information to provide you with our Services. For example, we may need to process your personal information to respond to your inquiries or requests.

  • Compliance with a Legal Obligation. We have a legal obligation to use your personal information. For example, we may process your personal information to comply with tax, labor and accounting obligations.

  • Legitimate Interests. We or a third party have a legitimate interest in using your personal information. Specifically, we have a legitimate interest in using your personal information for product development and internal analytics purposes, and otherwise to improve the safety, security, and performance of our Services. We only rely on our or a third party’s legitimate interests to process your personal information when these interests are not overridden by your rights and interests.

How We Disclose the Information We Collect

We may disclose the categories of personal information we collect from or about you to the entities and for the purposes as described below or otherwise disclosed to you at the time of collection.

Partners and Affiliates. We may disclose any personal information we receive with our partners, subsidiaries, and affiliates for any of the purposes described in this Privacy Policy.

Vendors and Service Providers. We may disclose any personal information we receive with contractors, vendors, service providers, and other third parties retained in connection with the provision of our Services.

Submitters. If you are a Submitter, our Services allow you to submit personal information to forms created by Organization Customers and otherwise connect and communicate with Organization Customers. Any information that you choose to submit to those forms created by those Organization Customers will be viewable by those Organization Customers. We are not responsible for Organization Customers’ or any other Users’ use of available personal information, so you should carefully consider whether and what to disclose and submit on our Services.

Marketing. We do not rent, sell, or disclose personal information about you with non-affiliated companies for their direct marketing purposes, unless we have your permission.

Analytics Partners. We use analytics services such as Google Analytics to collect and process certain analytics data. These services may also collect information about your use of other websites, apps, and online resources. You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/ and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

Advertising Partners. We work with third-party advertising partners to show you ads that we think may interest you. These advertising partners may set and access their own Cookies, pixel tags and similar technologies on our Services and they may otherwise collect or have access to information about you which they may collect over time and across different online services. Some of our advertising partners are members of the Network Advertising Initiative (http://optout.networkadvertising.org/?c=1#!/) or Digital Advertising Alliance (http://optout.aboutads.info/?c=2&lang=EN). If you do not wish to receive personalized ads, please visit their opt-out pages to learn about how you may opt out of receiving web-based personalized ads from member companies

As Required by Law and Similar Disclosures. We may access, preserve, and disclose personal information about you if we believe doing so is required or appropriate to: (a) comply with law enforcement requests and legal process, such as a court order or subpoena; (b) respond to your requests; or (c) protect your, our, or others’ rights, property, or safety.

Merger, Sale, or Other Asset Transfers. We may disclose and transfer your personal information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company, or we sell, liquidate, or transfer all or a portion of our business or assets.

Consent. We may also disclose personal information from or about you or your devices with your permission.

Your Rights and Choices

Marketing Communications. You can unsubscribe from our promotional emails via the link provided in the emails. Even if you opt-out of receiving promotional messages from us, you will continue to receive administrative messages from us.

Your European Privacy Rights. If you are located in the EEA or the UK, you have the additional rights described below:

  • You may request access to the personal information we maintain about you, update and correct inaccuracies in your personal information, restrict or object to the processing of your personal information, have your personal information anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your personal information to another company. In addition, you also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.

  • You may withdraw any consent you previously provided to us regarding the processing of your personal information at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent.

Your U.S. Privacy Rights. If you are located in the United States and depending on your U.S. state residency, you may, at any time, exercise certain rights, as described below: 

California Residents. If you are a California resident, subject to certain exceptions, you may exercise certain rights by submitting requests to know and access the personal information (as defined by the California Consumer Privacy Act) that we have collected about you, to delete personal information, to opt out of the sale of personal information and/or sharing of personal information for cross-context behavioral advertising purposes, to correct inaccurate personal information about you, and to limit the use or disclosure of your sensitive personal information. You have the right to not be discriminated against for exercising these rights, subject to certain exceptions. Please visit our California Resident Privacy Notice for supplemental information and disclosures regarding rights of California residents.

Colorado, Connecticut, Virginia, and Utah Residents.  If you are a Colorado, Connecticut, Virginia, or Utah resident, you may exercise the following rights by submitting by using the contact details at the end of this Privacy Policy. You may make a request to exercise the following rights with respect to your personal data (as defined in the privacy law applicable to your state of residence):

  • To confirm whether or not Submittable processes your personal data and request access to such data;

  • To delete personal data you have provided to Submittable; 

  • To opt out of the processing of your personal data for purposes of: (i) targeted advertising; and  (ii) the sale of personal data. To provide targeted advertising, we process information about you and your device, including your: Device Identifiers (such as your mobile advertising IDs); and Usage Information (such as information about your interactions within Submittable).  You may exercise your right to opt out of the processing of personal data for targeted advertising and sale of your personal data by using the contact details at the end of this Privacy Policy; and

  • To obtain a copy of your personal data in a portable and, to the extent technically feasible, readily usable format.

Residents of Virginia, Colorado, and Connecticut may additionally:

  • Request to delete personal data obtained about you from sources other than Submittable; 

  • Request to exercise your right to correct inaccuracies in your personal data; 

  • Opt out of the processing of your personal data for certain types of profiling in furtherance of decisions that produce legal or similarly significant effects. Please note that we do not engage in such profiling; and

  • Appeal any decision with regard to your privacy request by contacting us using the details provided in the “Contact Information” section below.

You may exercise these rights by contacting us using the contact details at the end of this Privacy Policy. Before fulfilling your request, we may ask you to provide reasonable information to verify your identity. Please note that there are exceptions and limitations to each of these rights, and that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain personal information for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

Do Not Track. There is no accepted standard on how to respond to Do Not Track signals, and we do not respond to such signals.

How to Block Cookies. You can block Cookies by setting your internet browser to block some or all Cookies. However, if you use your browser settings to block all Cookies (including essential Cookies) you may not be able to access all or parts of our Services. By using our Services, you consent to our use of Cookies and our processing of personal information collected through such Cookies, in accordance with this Privacy Policy. You can withdraw your consent at any time by deleting placed Cookies and disabling Cookies in your browser, or as explained below. You can change your browser settings to block or notify you when you receive a Cookie, delete Cookies or browse our Services using your browser’s anonymous usage setting. Please refer to your browser instructions or help screen to learn more about how to adjust or modify your browser settings. If you do not agree to our use of Cookies or similar technologies which store information on your device, you should change your browser settings accordingly. You should understand that some features of our Services may not function properly if you do not accept Cookies or these technologies. Where required by applicable law, you will be asked to consent to certain Cookies and similar technologies before we use or install them on your computer or other device.

Third Parties

Our Services may contain links to other websites, products, or services that we do not own or operate. We are not responsible for the privacy practices of these third parties. Please be aware that this Privacy Policy does not apply to your activities on these third-party services or any personal information you disclose to these third parties. We are not responsible for the privacy practices or the content of such sites. If you have any questions about how these other sites use your personal information, you should contact them directly. We encourage you to read their privacy policies before providing any personal information to them.

Retention

We take measures to delete your personal information or keep it in a form that does not permit identifying you when your personal information is no longer necessary for the purposes for which we process it unless we are required by law to keep your personal information for a longer period. When determining the specific retention period, we consider various factors, such as the type of service provided to you, the nature and length of our relationship with you, and mandatory retention periods provided by law and the statute of limitations.

Information Security

We make reasonable efforts to protect your personal information by using physical and electronic safeguards designed to improve the security of the personal information we maintain. However, as no electronic transmission or storage of information can be entirely secure, we can make no guarantees as to the security or privacy of your personal information.

Children’s Privacy

We do not knowingly collect, maintain, or use personal information from children under 13 years of age, and no part of our Services are directed to children. If you learn that a child has provided us with personal information in violation of this Privacy Policy, then you may alert us at privacy@submittable.com and we will take steps to delete such information.

International Visitors

Our Services are hosted in the United States and intended for visitors located within the United States (“U.S.”). If you choose to use our Services from the EEA, the UK or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal information outside of those regions to the U.S. for storage and processing. We may transfer personal information from the EEA or the UK to the United States and other third countries based on European Commission-approved Standard Contractual Clauses, as needed to perform our Services that you have requested from us, or with your consent. By providing any information, including personal information, on or to our Services, you consent to such transfer, storage, and processing. To obtain additional information on the transfers, please contact us using the contact information below.

Update Your Information

You can update your account and profile information through your profile settings or by writing or emailing us at our contact information provided below.

Changes to This Privacy Policy

This Privacy Policy may be revised from time to time. We will post any adjustments to the Privacy Policy on this page, and the revised version will be effective as of the last updated date. If we materially change the ways in which we use or disclose personal information previously collected from you through our Services, we will attempt to notify you of the changes through our Services, by email (sent to the email address specified in your account), or other means.

Contact Information

If you have any questions, comments, or concerns about our processing activities, please email us at privacy@submittable.com or write to us at Submittable Holdings, Inc. 111 N. Higgins Ave, #200 Missoula, Montana, United States 59802.