Privacy Policy

Effective: May 25, 2018 – You can see our previous Privacy Policy here.

We provide the following privacy policy (the “Policy”) to inform our customers how personal information is collected, used, disclosed, and protected with respect to your use of https://gemfury.com website, the services, and products available through the website (collectively, the “Services”). By using the Services, you consent to the practices described in the Policy.

Policy summary

We collect your personal information only with your consent. We only collect the information required for you to accomplish your purpose in using Gemfury, and for us to continue improving Gemfury for you. We don’t sell your personal information to third parties. We only use it as described in this Policy.

Information we collect about you

When you use the Services, we collect personal information from you and about you. Personal information refers to information that can be used to contact or identify you, and information on your use of the Services.

Account information: We collect personal information that you provide to us when you sign up for an account, or update your account settings. These include your name, username, email address, physical address, preferences, and settings.

Payment Information: We collect payment and billing information when you activate certain paid Services. You may provide credit card information, billing representative name, email address, phone number, and physical address, which we collect via secure payment processing service.

Content you provide: Our Services are designed to store your package files, repositories, with related content and metadata. To make this possible, we store and process your package files, repositories, other content, and metadata. Metadata includes versioning and compatibility information, file size, privacy settings, and usage information.

Contacts: You may choose to give us contact information of others to invite them to use the Services. Alternatively, one of your friends or colleagues may add your email address when inviting you to sign up. These contacts are stored on our servers for you to use.

Usage Information: We track certain information when you visit and interact with our Services. This information includes the links you click, features you use, the type and size of files you upload or download, the date and time of these interactions. We also collect information about your interactions with other customers of the service, such as team invitations, team membership and permission changes, and team account updates.

Device Information: We collect information about the the devices you use to access the Services. This includes the device type (laptop, tablet, etc), operating system, browser type, IP address, URLs of referring pages, and device-specific identifiers. The information we collect depends on the type and configuration of the device you use to access our Services.

Cookies and other technologies: We use a standard technology called “cookies” to collect and store information for record-keeping purposes in a part of your browser specifically designed for cookies. A cookie is a very small data file, which often includes an anonymized unique identifier. When you visit the website, the web server asks your browser for permission to store this data on your computer. If your browser does not accept cookies, you may not be able to use all functionality of the website. We use cookies to save your signed-in session identification for future visits to the website; and we use cookies to enable certain features of the website, to better understand how you interact with the website and to monitor aggregate usage and web traffic routing on the website. You may read more about how we use Cookies here.

Linked services information: You may use third-party services like Heroku or GitHub, to link to your account. We access those third-party services to collect your unique identifier, email address, API access token, and profile image.

Aggregate information: In addition to personal information, we also collect non-personally identifiable (“aggregate”) information. We collect anonymized customer and visitor interactions with our website and Services over a period of time to analyze broad trends and insights of Services usage. We may use third parties to collect and analyze such aggregate information, and we may share aggregate information that we collect with third parties for various purposes, including helping us better understand our customer base and to improve the Services.

How we use information we collect

How we use the information we collect depends on which parts of the Services you use, how you use them, and any settings you have specified in your account settings.

To provide the Services: We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you sign-in, and operate and maintain the Services. We also use your information to identify you to other customers, and to show your publicly shared information to visitors of the website. We also use your information to identify your activity on the Services to other customers. For example, each uploaded package identifies the individual who has uploaded that file. Where you use multiple devices to access the Services, we combine the information about you and your activities to provide an integrated experience.

To provide customer support: We use information about you to help you resolve technical and account issues, to respond to your requests for assistance, and to send you communication regarding your use of the Services.

For research and development: Significant part of our time is invested into making the Services better for you, our customers. We will use collected information to understand usage trends to help us improve existing features, and design new ones. We also test and analyze upcoming updates and changes with a subset of users before rolling it out to everyone.

For your safety and security: We use information about you and your use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.

To communicate with you about your account: From time to time, we send you information about account status and available upgrades when applicable. For your security, this communication cannot be disabled. If you do not wish to receive these account updates, you will need to cancel your Gemfury account.

For product updates and marketing: You may optionally receive marketing materials regarding various parts of the Services. If you do not wish to receive marketing materials, simply click the ‘unsubscribe’ link in any marketing email, or update your preferences in the Notifications section of your personal account.

To protect legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, audit functions, and disclosures in connection with the acquisition, merger or sale of a business.

With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer logos to promote the Services, with your permission.

How we share and disclose information we collect

With those working for and with Gemfury: We use certain trusted third parties to help us provide, improve, and promote the Services (e.g. customer support, computing platforms, database & storage providers, email delivery services, etc). With our permission or by our request, these third parties may access your information to perform tasks on our behalf in compliance with this Policy. We are responsible for the handling of your information with these third parties. For a list of trusted third parties that we use to process your personal information, please see our FAQ.

With other customers of Gemfury: When you choose to collaborate with other customers, we may display basic profile information like your username, profile image, and email address to colleagues and team members of shared accounts. You may also choose to share packages, repositories, and other content with other customers by uploading them into these shared accounts.

With Gemfury account admins and owners: We may reveal your personal information to the owners or to the billing contact of an account when you contact customer support with regard to that account. For example, if you email us to identify the owner of a particular username, we will forward your request to that account’s owner. Another example: if you contact us with regard to a particular credit card, we will forward your request to the contacts responsible for billing of the account using that card. We may share your name, email address, and identifying credit card details (i.e. brand, last 4 digits).

With visitors to our website: Our Services will display your public profile information like your username, profile image, and any packages, files, and other content that you’ve configured as “public” within the Services. This information will be accessible to anyone publicly, and not just to other registered customers.

In response to legal requests: We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or appropriate government request. We may also do so when your actions violate the Terms of Service.

Your right to control and access your information

You may review, modify, correct, or remove your personal information collected by us during your use of the Services by visiting the Account Settings page of the website. You can also delete your account and all associated information. You can also request to download a copy of your personal information in machine readable format. Learn more here about managing your personal information.

We will retain information you store on our Services for as long as your account is in existence, or as long as we need it to continue providing the Services to you. If you delete your account, we will initiate deletion of your information within 30 days. We may retain your information if necessary to comply with our legal obligations, resolve disputes, or enforce our policies and agreements.

Where your information is stored and transferred

To provide you with the Services, we store, process, and transmit information to the United States. Information may also be stored locally on the devices you use to access the Services.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield: Gemfury complies with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the European Economic Area, and Switzerland to the United States.

Third-party partners: We use certain trusted third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to operate the Service. We are responsible for the handling of your information with these third parties. For a list of trusted third parties that we use to process your personal information, please see our FAQ.

How your information is secured

At Gemfury we strive to implement reasonable measures to prevent unauthorized access, modification, destruction, or damage of your personal information and data stored using the Services. When transmitted over the network, your data is protected with SSL encryption. Our servers are running in a secure environment. Your information and data and our application and server data are backed up. While we have taken efforts to protect and secure your information and data, we cannot guarantee that your information and data will not be disclosed or accessed by accidental circumstances or by the unauthorized acts of others.

Your account, information, data, and access to the Services is authenticated only by the use of your correct sign-in ID, password, and/or API token. You must keep your password and API token confidential and not share it to any other person. You are responsible for the use of the Services by any other person using your sign-in credentials.

We don’t collect information on children

We do not intend or market the Services to be used by children under the age of 16, and we do not knowingly, directly or indirectly, collect personal information from children under the age of 16. If we become aware than an individual under the age of 16 has provided us with personal information, we will delete it. Please contact privacy@gemfury.com if you become aware that a child under 16 has provided us with personal information.

Changes to this Policy

We reserve the right to modify the Policy at any time. When we change the Policy, we will post the new policy on the website. New versions of this Policy will never apply retroactively. Continuing to use the Services after a change means you accept this Policy. You can review the effective version of the Privacy Policy at any time at https://gemfury.com/policies/privacy.

As we develop our business, we may be involved in reorganization, merger, acquisition, or sale of our business assets. Personal and aggregate information may be one of the transferred assets in these types of transactions. We will give you notice of any such transaction to the email address you have provided or through other means.

Handling disputes relating to our data protection practices

We hope we can resolve any disputes or questions relating to our data protection practices. You can raise your concern or dispute by emailing privacy@gemfury.com or by writing to us at:

Cloudfury, LLC
113 Cherry Street #44311
Seattle, WA 98104, USA