Welcome to CARTO, owned and operated by CartoDB Inc. (“CARTO”, “us,” or “we”), a New York corporation. The CARTO Privacy Policy explains the information collected and stored at CARTO and associated applications, web services, and other mechanisms associated with CARTO (collectively, the “Service”). The Privacy Policy also explains how we use the information collected on the Service.
By visiting the CARTO website (the “Site”) or using the Service, including by registering, or by otherwise providing us with personally identifiable information (such as an email address), you agree to the terms and conditions of this Privacy Policy.
We collect information that is not personally identifiable in connection with use of the Site or the Service, such as login and device-related information (examples are: browser type, your IP address, and the date and time of day of your use).
We may use collected information to enhance the visitor experience of the Service, to operate and maintain the Service, to investigate and understand how our Service is used, to monitor and protect the security and integrity of the Service, and to analyze our business.
We analyze traffic to the site in various ways, including using a service called Google Analytics. We use this information to generate statistics and to measure activity to improve the usefulness of the Site and the Service.
Google Analytics is subject to the privacy policy of Google. By visiting the Site or using the Service, you are agreeing to the terms of the Google Privacy Policy that apply to Google Analytics. These terms can be found at “How Google uses data when you use our partners’ sites or apps”, located at https://www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time.
We are not responsible for any changes made to the Google Privacy Policy or of advising you of such changes. We reserve the right to change analytical service providers at any time without notice.
We use cookies to make interactions with the Site easy and meaningful. When you visit the Site, our servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself by opening an account, or filling out a form, you remain anonymous to us.
If you choose our paid plan, personal information is collected (i.e. Name, address, email address, phone number, credit card information and organization information).
For customers that use the free version of CARTO we collect the following information: Name, email, password and some social media information (e.g. Twitter handle) that you may choose provide to us
We also may collect personal information if you contact us or otherwise give it to us (e.g., in an email).
We may use personal information to enhance the visitor experience of the Service, to operate and maintain the Service, to investigate and understand how the Service is used, to monitor and protect the security and integrity of the Service, and to analyze our business.
The Company may also use information you provide to contact you to further discuss your interest in the Services and to send you information regarding CARTO.
We may disclose personal information as required by law or in response to service of legal process, such as a court order, summons, subpoena, or the like.
We may share personal information with our corporate affiliates and with business partners who provide services related to the Service (such as website hosting or payment processing). These business partners do not have the right to use this personal information for any purpose other than those related to the Service.
Information about our users, including personal information, may be disclosed or transferred to entities now or in the future affiliated with CARTO or as part of any merger, acquisition, change of control, debt financing, insolvency, bankruptcy or sale of our assets. Such information may be used in the businesses of any entity so receiving it.
Except as provided above, we will not sell or transfer your personal information to third parties.
Currently, various browsers offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to Web sites' visited by the user about the user's browser DNT preference setting. We do not currently commit to responding to browsers' DNT signals with respect to the Site, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent. However, we will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
Once you have registered with us, you can access your profile, review the information that is stored, and revise that information. We may not immediately delete residual copies of outdated information from our active servers and may not remove information from our backup systems.
Customer data is all the information, including personal information, text, images, location data or any other files that the customers provide, or are provided on your behalf, to the Company through your use of the Service. We inform you that you will be the only responsible party of the provision of personal information. In regard to the compliance of the Privacy rules, you shall notify the provision of personal information to the Company through the address provided below.
The Company will not collect this personal information. We will only process the personal information for the provision of the Service and it will not be processed for any other purposes.
We do not target, market to, or knowingly collect personal information from children under the age of thirteen years.
We retain your personal information for 2 years after which it is destroyed.
We use industry standard physical, managerial, and technical safeguards to preserve the integrity and security of your personal information. We cannot, however, ensure the security of any information you transmit to the Service, and you do so at your own risk. Depending on where you live, you may have a legal right to receive notice of a security breach in writing or by emailing us at support@carto.com.
Residents of CA have the right to request from a business, with whom the CA resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for those third parties’ direct marketing purposes and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To exercise your rights, you may make one request each year by emailing us at support@carto.com. Your request should specify your full name and the email address you used when submitting personal information to us.
In conformity with the Notice Principle of the EU-U.S. Privacy Shield Framework, CARTO informs data subjects of the EU, Iceland, Liechtenstein, and Norway that:
In accordance with the Data Integrity and Purpose Limitation Principle of the EU-U.S. Privacy Shield, CARTO will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
In conformity with the Choice Principle of the EU-U.S. Privacy Shield, CARTO offers data subjects of the EU, Iceland, Liechtenstein, and Norway the opportunity to opt out when their personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized.
In accordance with the Security Principle of the EU-U.S. Privacy Shield, CARTO shall take reasonable and appropriate security measures, taking into account the risks involved in the processing and the nature of the data.
In accordance with the Recourse, Enforcement and Liability Principle of the EU-U.S. Privacy Shield, CARTO has robust mechanisms to ensure compliance with the Principles and provides recourse for EU data subjects whose personal information have been processed in a non-compliant manner, including effective remedies. CARTO complies with the Recourse, Enforcement and Liability Principle through a self-assessment system which includes internal procedures ensuring that employees receive training on the implementation of the organization’s privacy policies. Compliance is periodically reviewed in an objective manner. In conformity with the Accountability for Onward Transfer Principle of the EU-U.S. Privacy Shield, CARTO acknowledges that the onward transfer of the personal information of data subjects of the EU, Iceland, Liechtenstein, and Norway will only take place (i) for limited and specified purposes, (ii) on the basis of a contract or comparable arrangement within a corporate group and (iii) only if that contract provides the same level of protection as the one guaranteed by the Principles.
This Service is hosted in the United States. If you are an international visitor, you should note that by providing your personal information, you are: (i) permitting the transfer of your personal information to the United States which may not have the same data protection laws as the country in which you reside; and (ii) permitting the use of your personal information in accordance with this Privacy Policy.
Please contact us with any questions you may have at support@carto.com or at: CARTO, 201 Moore Street, Brooklyn, NY 11206.
Please fill out the below form and we'll be in touch real soon.