DataGrail has updated its Privacy Policy to reflect changes in how our sales team collects and processes information with respect to managing its marketing and sales outreach efforts. Consent to such collection shall be obtained as further disclosed in the DataGrail Privacy Policy.

California Consumer Privacy Rights Notice

Effective: January 1, 2021

This California Consumer Privacy Rights Notice (“Notice”) sets forth DataGrail, Inc.’s disclosure obligations under California law, including the California Consumer Privacy Act of 2018 (“CCPA”) and the California Civil Code section 1798.83. This Notice provides the additional details regarding the information defined as ‘personal information’ under applicable California law and related to a California resident or household (“Consumers” and “You”) further referred to as “Personal Information.”

1. Personal Information Collected and Disclosed

DataGrail collects, uses and/or discloses Personal Information as follows:

Personal Information Collected, Used and/or Disclosed for Business Purpose in Preceding 12 Months
CCPA Category Collected? Source of Collection Business Purpose Disclosed or Shared for Business Purpose? Purpose  of Disclosure
Category A Identifiers & B Personal Information

·       Name/Alias












·    Performing Services
·    Auditing
·    Data Security
·    Opt-In Marketing




Service Provider (opt-in service)




Performing Services;
Data Security;
Customer Support;

·       Email YES YOU ·    Performing Services

·    Data Security
·    Opt-In for DataGrail Newsletters or Marketing Communications


Service Provider

Performing Services; Auditing;
Customer Support;
·       Address YES YOU ·    Performing Services

·    Data Security
·    Auditing



Service Provider

Data Security;
·       Cell or Telephone # YES YOU ·    Performing Services

·    Data Security




Service Provider

Performing Services;
Data Security;
·       Unique/Online ID (cookies) YES YOU/DEVICE ·   Analytics

·   Auditing
·   Data Security

Service Provider
Performing Services; Data Security
(abuse prevention) ;
·       IP Address YES DEVICE ·   Debugging
·   Analytics

Service Provider

Performing Services; Customer Support;

Data Security;

·       Account Name YES YOU ·    Performing Services
·    Data Security
·       Social Security # NO N/A N/A N/A N/A
·       Driver’s License# NO N/A N/A N/A N/A
·       Passport # NO N/A N/A N/A N/A
·       Credit or Debit Card # /ACH YES*

*Token only

YOU ·    Payment Processing Yes;

Service Provider

Payment Processing*

Token only

·       Other: Medical/Financial/Health NO N/A N/A N/A
Category C: Protected Characteristics NO N/A N/A N/A N/A
Category D: Commercial Information

·       Personal Property Records

·       Products/Services Purchased-Obtained-Considered NO N/A N/A N/A N/A
·       Purchasing history/tendencies NO N/A N/A N/A N/A
Category E: Biometric Information Yes*

Audio/visual with consent only

You ·    Sales and Marketing Yes;
Service Provider
·     Sales and Marketing
Category F: Internet/Network Activity

·       Browsing/search history
·       Interaction with site/advertisement

YES Device ·    Marketing;
·    Analytics;

Service Provider

·        Marketing;
·        Analytics
Category G: Geolocation data NO N/A N/A


Category H:
·       Audio
with consent
You ·    Sales & Marketing Yes,
Service Provider
·     Sales & Marketing
·       Electronic NO N/A N/A N/A N/A
·       Visual Yes*

with consent

Device ·    Sales & Marketing Yes,

Service Provider

·     Sales & Marketing
·       Thermal NO N/A N/A N/A N/A
·       Olfactory NO N/A N/A N/A N/A
·       Other Similar NO N/A N/A N/A N/A
Category L: Professional/Employment-Related NO N/A N/A N/A N/A
Category J: Educational Information NO N/A N/A N/A N/A
Category K: Inferences from Data Collected
·       Preferences
·       Characteristics NO N/A N/A N/A N/A
·       Psychological Trends NO N/A N/A N/A N/A
·       Predispositions NO N/A N/A N/A N/A
·       Behavior NO N/A N/A N/A N/A
·       Attitudes NO N/A N/A N/A N/A
·       Intelligence/Abilities/Aptitudes NO N/A N/A N/A N/A


Other Potential Third Party Disclosures:  Personal Information may also be disclosed to third parties to serve our legitimate business interests as follows: (1) as required by law, such as to comply with a subpoena, or similar legal process, (2) as part of a merger, acquisition, bankruptcy or other transaction in which a third party assumes control of all or part of the business, (3) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies as required by law; (4) enforce our agreements with you, and/or (5) investigate and defend ourselves against any third-party claims or allegations.

2. Sale of Personal Information

DataGrail does not sell and will not sell your Personal Information —we are not data brokers, and we don’t put your personal data on the open market. However, under the CCPA regulations, some sharing of personal information necessary to provide you with personalized ads may be considered a “sale,” even if no money is exchanged. We aren’t changing how we share your data, but we want to make sure you have choices under the new definition of “sale.”

When you opt out via this link, DataGrail will stop sharing your information with some of its advertising partners. As a result, you may no longer receive personalized offers from DataGrail on some sites or services. We will use the data gathered here only to process your request and for record-keeping as required by the CCPA.

3. Your Consumer Rights Under CCPA – Right to Know About Personal Information Collected, Disclosed, or Sold

California Consumers may contact DataGrail to exercise the following California Privacy Rights:

A. Request DataGrail Disclose at No Charge

      • Specific pieces of personal information it has collected about you;
      • categories of Personal Information collected, used, and/or disclosed about you;
      • categories of sources from which Personal Information is collected;
      • business and/or commercial purposes for collecting and disclosing your Personal Information;
      • categories of third parties with whom your Personal Information has been disclosed/shared; and

Right to Know Requests can be submitted to DataGrail by email at  or through this webform

B. Request DataGrail Delete At No Charge:

Except as exempted pursuant to CCPA 1798.105, to request DataGrail delete Personal Information.

Deletion Requests can be submitted to DataGrail be email at, through this webform

C. Verified Request Process

DataGrail will verify all consumer requests prior to taking any action in response to such request.  For consumers that maintain an account with DataGrail, it may verify the identity of the consumer making the request by either matching with the account information on file or through existing account authentication credentials.  For non-account holders, DataGrail shall verify to a reasonably high degree of certainty, including matching at least three pieces of consumer personal information with that maintained by DataGrail and/or if necessary, by a signed statement by consumer under penalty of perjury that the requestor is the consumer for which personal information is sought.

Under the CCPA, you may exercise these rights yourself or you may designate an authorized agent to make these requests on your behalf.  Authorized agents must demonstrate they have written authorization from you to make requests on your behalf. DataGrail may additionally require the consumer to confirm their identity and verify the authorized agent’s permission before complying with any request.

D. Consumer Request Limitations

Please note that these rights are not absolute and in certain cases are subject to conditions or limitations as specified in the CCPA, including, but not limited to:

      • DataGrail is obligated to disclose/delete only upon a verifiable Consumer request from the consumer or an authorized agent acting on behalf of Consumer.
      • Consumers may only make a personal information request twice in a 12-month period.
      • Deletion is not required because it is necessary for DataGrail to maintain the Personal Information to fulfill the purposes enumerated in CCPA Section 1798.105

DataGrail will confirm and respond to all requests within the timeframe required under the CCPA.  In responding to any request to disclose/delete, Company shall maintain a record of the requests as required under the CCPA.

4. Non-Discrimination Policy

You have the right not to receive discriminatory treatment for exercising any rights conferred by the CCPA.  DataGrail shall not discriminate against a consumer for exercising any rights under the CCPA, including, but not limited to, (a) denying goods or professional services, (b) charging different prices or rates (including discounts/penalties) that is not directly related to the value provided to DataGrail for the Personal Information, (c) suggesting Consumer will receive a different rate/price or different level of quality of goods/professional services

5. Your California Privacy Rights under California Civil Code Section 1798.83 & Business and Professions Code Section 22581

California law permits Consumers to request and obtain from once a year, free of charge, certain information about their Personally Identifiable Information (“PII”) (as defined by California law) disclosed to third parties for direct marketing purposes in the preceding calendar year (if any). If applicable, this information would include a list of the categories of PII that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year.

In addition, a business subject to California Business and Professions Code Section 22581 must allow any California resident under age 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted. Your request should include a detailed description of the specific content or information to be removed. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the data privacy law may not permit or require removal in certain circumstances.

6. Accessibility of this CCPA Policy

  • You can download and print a copy of this Notice here

7. Contact Us

Additional detail regarding our collection, use and disclosure of Personal Information, as well as general opt-out rights and other privacy disclosures, is set forth in our general Privacy Policy.

If you have any questions regarding your Personal Information or about our privacy practices, please contact us at:

DataGrail, Inc.
Attention: Privacy Department
164 Townsend Street, Suite 12
San Francisco, CA 94107


This Notice was last updated: March 1, 2021