MoEngage, Inc. (“MoEngage,” or “Us” or “We”) provides SaaS (software as a service) (the “Service”) that enables the providers of mobile applications and websites (the “App Providers”) to understand how end users who download, access and/or interact with App Providers’ services (the “End Users”) interact with their services. Your privacy is important to us, and we are committed to protect your privacy.
If MoEngage is collecting information directly from You, then MoEngage will act as the Data Controller (defined hereunder). If MoEngage is receiving information from its Customer, MoEngage will act as a Data Processor (defined hereunder) and shall process data as per the instructions received by the Data Controller. If you have any questions related to handling Your Personal Data by MoEngage or to exercise Your rights to privacy You can contact us at [email protected].
This is a global Policy and shall apply wherever You reside. In this section, We describe our legal justifications (commonly referred to as “legal basis”) for the Use of Your Personal Information related to each of our main processing activities.
Please note: depending on the country where You reside, the law of Your country may not require that We use a specific legal basis to justify Using Your Personal Information, including transfers of Your Personal Information outside Your country of residence (Example : GDPR). If Your jurisdiction requires consent to Process Your Personal Information when You interact with Us, We will obtain Your consent prior to the Use of such Personal Information.
Below, We explain to You the MoEngage’s legal basis when processing Your Personal Information:
1. Based on our contract with You –
2. Based on Your prior consent (where permitted or required by law upon)
3. Based on your legitimate interest shared during the referral of your job application by employees of MoEngage as part of the ‘Talent Ambassador Program’ and also during sharing your details with recruiters reaching out on phone calls, LinkedIn or email.
4. To comply with applicable data protection laws and other legal statutes – In some limited instances, We may have to keep some limited Personal Information about You longer than needed such as for tax or accounting purposes.
As per global privacy laws and regulations, MoEngage gives its data subjects the right to withdraw their consent at any time.The process of withdrawing consent is as easy as it was to obtain consent and it is an easily accessible one-step process. MoEngage entities have a consent withdrawal mechanism in place to ensure the effective exercise of this right of the data subject.
Data Subjects can withdraw their consent by filling the ‘Data Subject Rights’ form available on the cookie banner or in the ‘Privacy Settings’ section at the footer of the website. The Data Subject will then be shared with a ‘Consent Withdrawal Form’ Template which needs to be filled and shared to [email protected].
We collect only the information needed for legitimate business purposes.
As a Data Controller, MoEngage collects such data from employees, contractors, vendors, interns and customers for various reasons, such as, product demonstrations, marketing purposes or for job vacancies/ career applications or for other purpose(s).
MoEngage collects Personal Data about employees through application, forms, intranet applications, physical copies, government authorities, vendors, emails and interviews as a part of their employment. Personal information with supporting documents is also collected during the MoEngage onboarding process and during the course of your employment. We may collect personal information directly from publicly available databases, social media sites or in collaboration with our partners from time to time.
This information would be collected by us in a number of ways through multiple channels while joining our organization and over time during our relationship with you, which have been informed through the ‘Employee Privacy Notice’ shared at the time of onboarding.
Types of Personal Data collected by MoEngage as Data Controller:
Types of Personal Data that is collected by MoEngage as Data Processor
When an App Provider embeds our tracking code into its Applications, we access or obtain Personally Identifiable Information (“PII”) such as an End User’s email address, name, and phone number, depending on the selections the applicable App Provider makes via the MoEngage Software Development Kits (the “SDKs”).
We also access or obtain additional information about End Users’ use of App Providers’ Applications and End Users’ devices, such as the following:
We gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information we collect about you. We do this to improve the services we offer you, to improve marketing, analytics, or site functionality.
We collect and use information from App Providers to provide our Service, improve our Service, administer your Account, and personalize the End User experience.
When you, as an App Provider, create an Account or when you request information about the MoEngage Service, we’ll collect certain information that can be used to identify you, such as your name and email address (“PII”). We may also collect information that cannot be used to identify you, such as Account preferences.
App Providers are able to send you, the End Users, push notifications, thought In-apps, or email communications through the MoEngage Service.
An End User who seeks to opt out must direct their query to their App provider (Data Controller). The App Providers may then request us to opt out of the said End User’s data, which we shall do so within 1 calendar month. Alternatively, the End User may contact us directly, by sending opt-out requests to [email protected], which we will then share with our customer (the App Provider).
Our partners may use non-cookie technologies (web tracking technologies) such as pixel tags, that may not be impacted by browser settings that block cookies. Your browser may not permit you to block such technologies. For this reason, you can use the following third-party tools to decline the collection and use of information for the purpose of serving you interest-based advertising:
We may engage third-party Service Providers or Sub-processors to work with us to administer and provide the MoEngage Service such as sending you emails, storing data, etc. These third-party Service Providers have access to PII only for the purpose of performing the MoEngage Service on our behalf and are expressly obligated not to disclose or use your PII for any other purpose.
Please find the list of sub-processors below:
|Sr. No.||Entity Name||Business Usecase|
|1||Amazon Web Services||Saas Infra Service Provider [laaS]|
|2||Sendgrid||MoEngage default message delivery service|
|3||Sentry||Error tracking platform used by the MoEngage Services to capture errors that occur in the MoEngage Services.|
|4||Logrocket||Logrocket is a session recording platform and may receive the dashboard user metadata. This is used for support and application troubleshooting and improving performance|
|5||Zendesk||Ticket management tool for support services|
Please Note: List of subprocessors may differ from customer-to-customer
We may share aggregated information and non-identifying information with third parties for industry analysis, demographic profiling, and other similar purposes. We will not share the End User PII collected from one App Provider with third parties.
We may share and disclose Personal Data to the following types of third parties and for the following purposes:
It is our policy to protect App Providers and End Users from having their privacy violated through abuse of the legal systems, whether by individuals, entities or government and to contest claims that we believe to be invalid under applicable law. However, it is also our policy to cooperate with government and law enforcement officials and private parties. Accordingly, we reserve the right to disclose any information about App Providers or End Users to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary:
We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Transferring of personal data out of the European Economic Area (EEA) or US to countries not deemed by the European Commission or US State Laws to provide an adequate level of personal information protection, shall be governed by one of the following safeguards recognized by EU & US data protection legislation respectively.
Kindly note that MoEngage will follow appropriate level of protection and deploy all necessary safeguards for transfer of such data that constitutes confidential information and/or Personal Data, additionally such transfers, to any country(s) which do not ensure an adequate level of data protection, MoEngage will ensure that the transfer is through one of the following mechanisms:
For further details, see European Commission Model contracts for the transfer of personal information to third countries. The entity receiving the personal data shall comply with the principles of personal data processing set forth in the agreement.
We are fully committed to Information security and compliance with applicable regulations, by implementing strong security controls for the protection of personal data. We have designed and implemented information security programs in line with International Organization for Standardization (ISO) 27001:2013 standard and Service Organization Controls 2 (SOC). We have put in place appropriate measures to comply with the European Union (EU) General Data Protection Regulation (GDPR).
We take reasonable measures to protect the information that we collect from or receive from App Providers or End Users (including PII) from unauthorized access, use, or disclosure. When you enter sensitive information (such as login credentials) on our forms, we encrypt the transmission of that information using secure socket layer technology (SSL). Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of unencrypted electronically stored “personal data” (as defined in applicable state statutes on security breach notification) via email or conspicuous posting on our Platform in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
At any point, if you suspect any security issues or incidents, or you receive any suspicious mail from someone holding themselves out to be a MoEngage employee or from a fake website claiming to be affiliated with MoEngage, you may reach out to us at [email protected]
We have established a process to proactively embed privacy at the initial planning/design stages and throughout the complete development process of new processes/ services/ technologies and/or platforms that involve Processing of Personal Data.
Considerations have been made for technical and organizational measures to enhance privacy (e.g. optional data masking, optional data encryption, data minimization).
In addition, We shall take appropriate technical and organizational measures to ensure that Personal Data collected or Processed is adequate, relevant and limited to what is necessary in relation to the purposes for which they are Processed.
Our Service is not directed to children under the age of 13. MoEngage users must not be under the age of 13. We do not target any portion of our service to children under the age of 13, and we will delete any accounts or data of users that we believe to be under the age of 13 to be in compliance with the Children’s Online Privacy Protection Act. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without their consent, he or she should contact us at [email protected].
MoEngage processes the personal data of End Users on behalf of the App Providers (Our Customers) and acts as a Data Processor on behalf of App Providers, who act as Data Controller. Wherever MoEngage acts as Data Processor, it merely processes Personal Data under the direction of the Customers and has no direct control or ownership of the Personal Data We Process. It is the responsibility of the Customers for complying with any regulations or laws requiring notice, disclosure or obtaining consent prior to transferring the data to MoEngage for further processing purposes. Attendee’s of an event that seeks to access, correct or delete data, should direct their request to the Customer. MoEngage shall assist Customers by addressing the data subject requests received by them through the respective APIs. Please refer to the Developer Guide for more information on how we address data subject requests shared by the customer. If the Customer requests MoEngage to delete, rectify or access the Personal Data of an Attendee to comply with Applicable Data Protection Laws, MoEngage will process this request within the required time frame under the Applicable Data Protection Laws by using appropriate APIs.
MoEngage is a service provider that processes data on behalf of App Providers, any requests relating to European Users’ exercise of their rights of access, rectification, erasure, or restriction under the European General Data Protection Regulation (“GDPR”) must be provided to MoEngage by an App Provider. App Providers can notify MoEngage of these requests directly. You can refer to this article for more information. Moreover, MoEngage supports functionality to allow App Providers to respect granular controls regarding User data privacy rights. App Providers can flag in the MoEngage SDK that a particular User has requested that their data not be processed by MoEngage, in which case MoEngage will no longer process engagement data on behalf of the App Provider for that User.
App Providers who are users of MoEngage Service and who are residents of the European Union may request to get a confirmation that MoEngage is processing your data, access this information, or request to rectify, or delete or restrict the processing of this information. For any such request, you may send an email to us at [email protected]
Kindly note that MoEngage will not process a Data Subject request to change information that may cause the information to be incorrect, fraudulent, misrepresented or violates any law of land or legal statute. In such instances, We will inform the Customer about the legal obligations that prevent Us from fulfilling the request.
For MoEngage employees, candidates and visitors of the MoEngage website, MoEngage Inc. is the controller of your personal information for purposes of European data protection legislation.
Data Privacy and data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to the personal information that we hold as a Data Controller –
Opt-out: Once you opt-out, we shall stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing emails.
Data Subjects can opt-out or withdraw their consent by filling the ‘Data Subject Rights’ form available on the cookie banner or in the ‘Privacy Settings’ section at the footer of the website. The Data Subject will then be shared with a ‘Consent Withdrawal Form’ Template which needs to be filled and shared to [email protected].
MoEngage shall record any request to withdraw or change consent in a similar way to the recording of the consent itself.
You can submit your data subject rights requests by email to [email protected] or by filling out the ‘DSR form’ in the ‘Privacy Settings’ at the footer of our website and also at the cookie banner. We may require some information to authenticate your request. We may reject your request as applicable under law in which case we will inform you of the legal basis for rejecting your request. Once we receive your request, we shall acknowledge your request and share the appropriate form/template, which you need to fill and share it to us on [email protected]. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at [email protected].
The California Consumer Privacy Act 2018 (CCPA) and its upcoming amendments such as the California Privacy Rights Act (CPRA), California residents have specific rights regarding their Personal Information held by private companies. In particular, we do not:
In addition to the above mentioned rights under California law You have the right to (subject to statutory or restrictions):
All Personal Information that is collected from You is in accordance with this Policy, including the Use of different categories of Your Personal data that has been collected from You, the disclosure of Your Personal Information is as per this Policy.
We endeavor to respond to a verifiable consumer request within 1 calendar month of its receipt. If we require more time (more than 1 calendar month), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for Legal and regulatory retention requirements may include retaining information for the following:
ACT – Active, in use + Number of Years
C = End of Contract
E = End of Employment
YR = Creation Date + Number of Years
* = in years, unless otherwise noted
|Record Category||Description||Retention Period|
[Active User Attributes]
|SaaS Application Data: Active user attributes used for analysis & generating campaigns||C + 7 Days|
[Inactive User Attributes]
|SaaS Application Data: Inactive/Unreachable user attributes used for analysis & generating campaigns||ACT + 90 Days|
|Analytics||SaaS Application Data: Generated for Analytics purpose||1 Year|
We will retain personal data we process on behalf of our App Providers for as per the defined data retention period to provide services to our App Providers. We will also retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. An End User who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to our App Providers. If requested by App Providers to remove or access data, we will respond within 1 calendar month.
Depending on your use/interaction with us, we may collect/store/transfer/analyze/delete the following categories of Personal Information from you including but not limited to Name, Email ID, Phone Number, Company Name, etc.
When we learn of a suspected or actual personal data breach, the Data Protection Officer (DPO) shall lead the investigation along with the Data Privacy team and Information Security team to perform an internal investigation and take appropriate remedial measures in a timely manner, according to the Data Breach Reporting and Notification Policy. Where there is any risk to the rights and freedoms of data subjects, we will notify the relevant data protection authorities/EU representative without undue delay and, when possible, within 72 hours.
These cases shall be managed based on the Information Security Incident Response Procedure & Data Breach Management procedure, which provides the process of handling information security & privacy incidents.
The Data Privacy team is responsible for auditing how well business departments implement this Policy.
Any employee who violates this Policy will be subject to disciplinary action and the employee may also be subject to civil or criminal liabilities if his or her conduct violates laws or regulations.
MoEngage may need to disclose personal information to legal authorities for compliance, fraud investigation, statutory purposes or for other legal activities as per the local laws and government request.
We provide easily accessible information via our Platform or on request. If You have any questions or requests related to this Policy or Your Personal Information, please contact us at the following contact details –
315 Montgomery Street, 10th floor,
San Francisco, 94104,
1st Floor, #32, Salarpuria Tower II,
Chikku Lakshmaiah Layout,
Luskar Hosur Road,
Bangalore – 560034,
In accordance with Information Technology Act 2000 and rules made there under, the name and contact details of the Grievance Officer are published herewith.
We may update this Policy from time to time. You are advised to review the updated Policy periodically for any changes. Changes to this Policy are effective when they are posted on this page and any modifications can be ascertained by referring to the date that is displayed at the top of the page marked as, “ Last updated”.
Please wait while you are redirected to the right page...