CARTO Locations registration is now open, click here for all details!

Privacy Policy

Welcome to CARTO, owned and operated by CartoDB Inc. (“CARTO”, “us,” or “we”), a New York corporation. The CARTO Privacy Policy explains the information collected and stored at CARTO and associated applications, web services, and other mechanisms associated with CARTO (collectively, the “Service”). The Privacy Policy also explains how we use the information collected on the Service.

How you accept this Policy

By visiting the CARTO website (the “Site”) or using the Service, including by registering, or by otherwise providing us with personally identifiable information (such as an email address), you agree to the terms and conditions of this Privacy Policy.

Information we collect that is not personal information

We collect information that is not personally identifiable in connection with use of the Site or the Service, such as login and device-related information (examples are: browser type, your IP address, and the date and time of day of your use).

How we use information that is not personal information:

We may use collected information to enhance the visitor experience of the Service, to operate and maintain the Service, to investigate and understand how our Service is used, to monitor and protect the security and integrity of the Service, and to analyze our business.

We analyze traffic to the site in various ways, including using a service called Google Analytics. Google Analytics is subject to the privacy policy of Google which you can find on Google’s website. By visiting the Site or using the Service, you are agreeing to the terms of the Google Privacy Policy that apply to Google Analytics. (We are not responsible for any changes made to the Google Privacy Policy or of advising you of such changes.) We use this information to generate statistics and to measure activity to improve the usefulness of the Site and the Service. We reserve the right to change analytical service providers at any time without notice.

Cookies:

We use cookies to make interactions with the Site easy and meaningful. When you visit the Site, our servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself by opening an account, or filling out a form, you remain anonymous to us.

Personal information that is collected:

If you choose our paid plan, personal information is collected (i.e. Name, address, email address, phone number, credit card information and organization information).

For customers that use the free version of CARTO we collect the following information: Name, email, password and some social media information (e.g. Twitter handle) that you may choose provide to us

We also may collect personal information if you contact us or otherwise give it to us (e.g., in an email).

How we use and disclose personal information:

We may use personal information to enhance the visitor experience of the Service, to operate and maintain the Service, to investigate and understand how the Service is used, to monitor and protect the security and integrity of the Service, and to analyze our business.

The Company may also use information you provide to contact you to further discuss your interest in the Services and to send you information regarding CARTO.

We may disclose personal information as required by law or in response to service of legal process, such as a court order, summons, subpoena, or the like.

We may share personal information with our corporate affiliates and with business partners who provide services related to the Service (such as website hosting or payment processing). These business partners do not have the right to use this personal information for any purpose other than those related to the Service.

Information about our users, including personal information, may be disclosed or transferred to entities now or in the future affiliated with CARTO or as part of any merger, acquisition, change of control, debt financing, insolvency, bankruptcy or sale of our assets. Such information may be used in the businesses of any entity so receiving it.

Except as provided above, we will not sell or transfer your personal information to third parties.

Do Not Track

Currently, various browsers offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to Web sites' visited by the user about the user's browser DNT preference setting. We do not currently commit to responding to browsers' DNT signals with respect to the Site, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent. However, we will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.

How you can access or change the personal information that we have collected

Once you have registered with us, you can access your profile, review the information that is stored, and revise that information. We may not immediately delete residual copies of outdated information from our active servers and may not remove information from our backup systems.

Customer data

Customer data is all the information, including personal information, text, images, location data or any other files that the customers provide, or are provided on your behalf, to the Company through your use of the Service. We inform you that you will be the only responsible party of the provision of personal information. In regard to the compliance of the Privacy rules, you shall notify the provision of personal information to the Company through the address provided below.

The Company will not collect this personal information. We will only process the personal information for the provision of the Service and it will not be processed for any other purposes.

Children

We do not target, market to, or knowingly collect personal information from children under the age of thirteen years.

Data Retention

We retain your personal information for 2 years after which it is destroyed.

Data Security

We use industry standard physical, managerial, and technical safeguards to preserve the integrity and security of your personal information. We cannot, however, ensure the security of any information you transmit to the Service, and you do so at your own risk. Depending on where you live, you may have a legal right to receive notice of a security breach in writing or by emailing us at support@carto.com.

Your California (CA) Privacy Rights

Residents of CA have the right to request from a business, with whom the CA resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for those third parties’ direct marketing purposes and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To exercise your rights, you may make one request each year by emailing us at support@carto.com. Your request should specify your full name and the email address you used when submitting personal information to us.

Your European Union (EU) Privacy Rights

In conformity with the Notice Principle of the EU-U.S. Privacy Shield Framework, CARTO informs data subjects of the EU, Iceland, Liechtenstein, and Norway that:

  • CARTO is a company that participates in the Privacy Shield Framework and declares its commitment to comply with the Privacy Shield Principles. The Privacy Shield list is located at the following web address: https://www.privacyshield.gov/list
  • CARTO collects the following types of personal information:
    • From those paying customers who choose to purchase a paid plan, information that you provide to use for the purpose of registering with CARTO and/or subscribing to CARTO services and/or email notifications, including name, address, email address, phone number, credit card information and organization information.
    • For customers who choose to use the free version of CARTO: name, email address, password, and social media information (e.g. Twitter handle), if provided.
    • From those who contact us via email, over the phone, or in person: name, email address, and social media information, if provided.
  • CARTO is fully committed to subject to the Privacy Principles all personal information received from the EU in reliance on the Privacy Shield.
  • The purposes for which CARTO collects and uses personal information are to enhance the visitor experience of the Service; to operate and maintain the Service; to investigate and understand how the Service is used; to monitor and protect the security and integrity of the Service; and to analyze our business. CARTO may collect, store, and use non-personal information about your visits to and use of its websites, including information about your computer and your visits to its websites such as your IP address, geographical location, browser type, referral source, length of visit and number of page views.
  • CARTO may be contacted with any inquiries or complaints regarding non-compliance with the EU-U.S. Privacy Shield by writing to:

    CARTO
    Attention: Legal
    201 Moore Street
    Brooklyn, NY 11206
    United States of America
    privacyshield@carto.com
  • The type of third parties to which CARTO discloses PI are corporate affiliates and business partners, for the limited and specified purpose of providing services related to the Service (such as website hosting or payment processing). These business partners do not have the right to use this PI for any purpose other than those related to the Service, and onward transfers only occur on the basis of a contract. We may disclose PI about our users to entities now or in the future affiliated with CARTO for the purpose of enhancing the visitor experience of the Service; operating and maintaining the Service; investigating and understanding how the Service is used; monitoring and protecting the security and integrity of the Service; and analyzing our business. We may also disclose PI about our users as part of any merger, acquisition, change of control, debt financing, insolvency, bankruptcy or sale of our assets for the purpose of completing our contractual obligations. Except as provided above, we will not sell or transfer your PI to third parties.
  • Anyone in the EU whose personal information has been transferred to the United States has a right to access their personal information.
  • The choices and means CARTO offers individuals for limiting the use and disclosure of their personal information are the following: writing to us at any of the physical or email addresses indicated in v. and requesting the limitation or disclosure of their personal information.
  • The independent dispute resolution bodies CARTO designates to address individuals’ complaints regarding our non-compliance with the EU-U.S. Privacy Shield are the EU data protection authorities (DPAs); CARTO voluntarily commits to cooperate with EU DPAs.
  • CARTO is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
  • In cases where their complaints have not been resolved by any of these recourse or enforcement mechanisms, individuals in the EU also have a right to invoke binding arbitration under the Privacy Shield Panel.
  • CARTO is required to disclose personal information in response to lawful requests by public authorities, including to meet national security, law enforcement, or other public interest requirements.
  • CARTO is liable in cases of onward transfers to third parties. This privacy policy does not cover any applications, software, or web-based applications supported or created by CARTO or its partners.

In accordance with the Data Integrity and Purpose Limitation Principle of the EU-U.S. Privacy Shield, CARTO will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.

In conformity with the Choice Principle of the EU-U.S. Privacy Shield, CARTO offers data subjects of the EU, Iceland, Liechtenstein, and Norway the opportunity to opt out when their personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized.

In accordance with the Security Principle of the EU-U.S. Privacy Shield, CARTO shall take reasonable and appropriate security measures, taking into account the risks involved in the processing and the nature of the data.

In accordance with the Recourse, Enforcement and Liability Principle of the EU-U.S. Privacy Shield, CARTO has robust mechanisms to ensure compliance with the Principles and provides recourse for EU data subjects whose personal information have been processed in a non-compliant manner, including effective remedies. CARTO complies with the Recourse, Enforcement and Liability Principle through a self-assessment system which includes internal procedures ensuring that employees receive training on the implementation of the organization’s privacy policies. Compliance is periodically reviewed in an objective manner. In conformity with the Accountability for Onward Transfer Principle of the EU-U.S. Privacy Shield, CARTO acknowledges that the onward transfer of the personal information of data subjects of the EU, Iceland, Liechtenstein, and Norway will only take place (i) for limited and specified purposes, (ii) on the basis of a contract or comparable arrangement within a corporate group and (iii) only if that contract provides the same level of protection as the one guaranteed by the Principles.

International Visitors

This Service is hosted in the United States. If you are an international visitor, you should note that by providing your personal information, you are: (i) permitting the transfer of your personal information to the United States which may not have the same data protection laws as the country in which you reside; and (ii) permitting the use of your personal information in accordance with this Privacy Policy.

Contact

Please contact us with any questions you may have at support@carto.com or at: CARTO, 201 Moore Street, Brooklyn, NY 11206.

Contact us

Please fill out the below form and we'll be in touch real soon.