MoEngage, Inc. (“MoEngage,” or “Us” or “We”) provides SaaS (software as a service) (the “Service”) that enables the providers of mobile applications and websites (the “App Providers”) to understand how end users who download, access and/or interact with App Providers’ services (the “End Users”) interact with their services. Your privacy is important to us, and we are committed to protect your privacy.
If MoEngage is collecting information directly from You, then MoEngage will act as the Data Controller (defined hereunder). If MoEngage is receiving information from its Customer, MoEngage will act as a Data Processor (defined hereunder) and shall process data as per the instructions received by the Data Controller. If you have any questions related to handling Your Personal Data by MoEngage or to exercise Your rights to privacy You can contact us at [email protected].
This is a global Policy and shall apply wherever You reside. In this section, We describe our legal justifications (commonly referred to as “legal basis”) for the Use of Your Personal Information related to each of our main processing activities.
Please note: depending on the country where You reside, the law of Your country may not require that We use a specific legal basis to justify Using Your Personal Information, including transfers of Your Personal Information outside Your country of residence (Example : GDPR). If Your jurisdiction requires consent to Process Your Personal Information when You interact with Us, We will obtain Your consent prior to the Use of such Personal Information.
Below, We explain to You the MoEngage’s legal basis when processing Your Personal Information:
1. Based on our contract with You –
2. Based on Your prior consent (where permitted or required by law upon)
3. Based on your legitimate interest shared during the referral of your job application by employees of MoEngage as part of the ‘Talent Ambassador Program’ and also during sharing your details with recruiters reaching out on phone calls, LinkedIn or email.
4. To comply with applicable data protection laws and other legal statutes – In some limited instances, We may have to keep some limited Personal Information about You longer than needed such as for tax or accounting purposes.
As per global privacy laws and regulations, MoEngage gives its data subjects the right to withdraw their consent at any time.The process of withdrawing consent is as easy as it was to obtain consent and it is an easily accessible one-step process. MoEngage entities have a consent withdrawal mechanism in place to ensure the effective exercise of this right of the data subject.
Data Subjects can withdraw their consent by filling the ‘Data Subject Rights’ form available on the cookie banner or in the ‘Privacy Settings’ section at the footer of the website. The Data Subject will then be shared with a ‘Consent Withdrawal Form’ Template which needs to be filled and shared to [email protected].
We collect only the information needed for legitimate business purposes.
As a Data Controller, MoEngage collects such data from employees, contractors, vendors, interns and customers for various reasons, such as, product demonstrations, marketing purposes or for job vacancies/ career applications or for other purpose(s).
MoEngage collects Personal Data about employees through application, forms, intranet applications, physical copies, government authorities, vendors, emails and interviews as a part of their employment. Personal information with supporting documents is also collected during the MoEngage onboarding process and during the course of your employment. We may collect personal information directly from publicly available databases, social media sites or in collaboration with our partners from time to time.
This information would be collected by us in a number of ways through multiple channels while joining our organization and over time during our relationship with you, which have been informed through the ‘Employee Privacy Notice’ shared at the time of onboarding.
Types of Personal Data collected by MoEngage as Data Controller:
Types of Personal Data that is collected by MoEngage as Data Processor
When an App Provider embeds our tracking code into its Applications, we access or obtain Personally Identifiable Information (“PII”) such as an End User’s email address, name, and phone number, depending on the selections the applicable App Provider makes via the MoEngage Software Development Kits (the “SDKs”).
We also access or obtain additional information about End Users’ use of App Providers’ Applications and End Users’ devices, such as the following:
We gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information we collect about you. We do this to improve the services we offer you, to improve marketing, analytics, or site functionality.
We collect and use information from App Providers to provide our Service, improve our Service, administer your Account, and personalize the End User experience.
When you, as an App Provider, create an Account or when you request information about the MoEngage Service, we’ll collect certain information that can be used to identify you, such as your name and email address (“PII”). We may also collect information that cannot be used to identify you, such as Account preferences.
App Providers are able to send you, the End Users, push notifications, thought In-apps, or email communications through the MoEngage Service.
An End User who seeks to opt out must direct their query to their App provider (Data Controller). The App Providers may then request us to opt out of the said End User’s data, which we shall do so within 1 calendar month. Alternatively, the End User may contact us directly, by sending opt-out requests to [email protected], which we will then share with our customer (the App Provider).
Our partners may use non-cookie technologies (web tracking technologies) such as pixel tags, that may not be impacted by browser settings that block cookies. Your browser may not permit you to block such technologies. For this reason, you can use the following third-party tools to decline the collection and use of information for the purpose of serving you interest-based advertising:
We may engage third-party Service Providers or Sub-processors to work with us to administer and provide the MoEngage Service such as sending you emails, storing data, etc. These third-party Service Providers have access to PII only for the purpose of performing the MoEngage Service on our behalf and are expressly obligated not to disclose or use your PII for any other purpose.
Please find the list of sub-processors here.
Please Note: The List of sub-processors may differ from customer-to-customer.
We may share aggregated information and non-identifying information with third parties for industry analysis, demographic profiling, and other similar purposes. We will not share the End User PII collected from one App Provider with third parties.
We may share and disclose Personal Data to the following types of third parties and for the following purposes:
It is our policy to protect App Providers and End Users from having their privacy violated through abuse of the legal systems, whether by individuals, entities or government and to contest claims that we believe to be invalid under applicable law. However, it is also our policy to cooperate with government and law enforcement officials and private parties. Accordingly, we reserve the right to disclose any information about App Providers or End Users to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary:
We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Transferring of personal data out of the European Economic Area (EEA) or US to countries not deemed by the European Commission or US State Laws to provide an adequate level of personal information protection, shall be governed by one of the following safeguards recognized by EU & US data protection legislation respectively.
Kindly note that MoEngage will follow appropriate level of protection and deploy all necessary safeguards for transfer of such data that constitutes confidential information and/or Personal Data, additionally such transfers, to any country(s) which do not ensure an adequate level of data protection, MoEngage will ensure that the transfer is through one of the following mechanisms:
For further details, see European Commission Model contracts for the transfer of personal information to third countries. The entity receiving the personal data shall comply with the principles of personal data processing set forth in the agreement.
We are fully committed to Information security and compliance with applicable regulations, by implementing strong security controls for the protection of personal data. We have designed and implemented information security programs in line with International Organization for Standardization (ISO) 27001:2013 standard and Service Organization Controls 2 (SOC). We have put in place appropriate measures to comply with the European Union (EU) General Data Protection Regulation (GDPR).
We take reasonable measures to protect the information that we collect from or receive from App Providers or End Users (including PII) from unauthorized access, use, or disclosure. When you enter sensitive information (such as login credentials) on our forms, we encrypt the transmission of that information using secure socket layer technology (SSL). Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of unencrypted electronically stored “personal data” (as defined in applicable state statutes on security breach notification) via email or conspicuous posting on our Platform in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
At any point, if you suspect any security issues or incidents, or you receive any suspicious mail from someone holding themselves out to be a MoEngage employee or from a fake website claiming to be affiliated with MoEngage, you may reach out to us at [email protected]
We have established a process to proactively embed privacy at the initial planning/design stages and throughout the complete development process of new processes/ services/ technologies and/or platforms that involve Processing of Personal Data.
Considerations have been made for technical and organizational measures to enhance privacy (e.g. optional data masking, optional data encryption, data minimization).
In addition, We shall take appropriate technical and organizational measures to ensure that Personal Data collected or Processed is adequate, relevant and limited to what is necessary in relation to the purposes for which they are Processed.
Our Service is not directed to children under the age of 13. MoEngage users must not be under the age of 13. We do not target any portion of our service to children under the age of 13, and we will delete any accounts or data of users that we believe to be under the age of 13 to be in compliance with the Children’s Online Privacy Protection Act. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without their consent, he or she should contact us at [email protected].
MoEngage processes the personal data of End Users on behalf of the App Providers (Our Customers) and acts as a Data Processor on behalf of App Providers, who act as Data Controller. Wherever MoEngage acts as Data Processor, it merely processes Personal Data under the direction of the Customers and has no direct control or ownership of the Personal Data We Process. It is the responsibility of the Customers for complying with any regulations or laws requiring notice, disclosure or obtaining consent prior to transferring the data to MoEngage for further processing purposes. Attendee’s of an event that seeks to access, correct or delete data, should direct their request to the Customer. MoEngage shall assist Customers by addressing the data subject requests received by them through the respective APIs. Please refer to the Developer Guide for more information on how we address data subject requests shared by the customer. If the Customer requests MoEngage to delete, rectify or access the Personal Data of an Attendee to comply with Applicable Data Protection Laws, MoEngage will process this request within the required time frame under the Applicable Data Protection Laws by using appropriate APIs.
MoEngage is a service provider that processes data on behalf of App Providers, any requests relating to European Users’ exercise of their rights of access, rectification, erasure, or restriction under the European General Data Protection Regulation (“GDPR”) must be provided to MoEngage by an App Provider. App Providers can notify MoEngage of these requests directly. You can refer to this article for more information. Moreover, MoEngage supports functionality to allow App Providers to respect granular controls regarding User data privacy rights. App Providers can flag in the MoEngage SDK that a particular User has requested that their data not be processed by MoEngage, in which case MoEngage will no longer process engagement data on behalf of the App Provider for that User.
App Providers who are users of MoEngage Service and who are residents of the European Union may request to get a confirmation that MoEngage is processing your data, access this information, or request to rectify, or delete or restrict the processing of this information. For any such request, you may send an email to us at [email protected]
Kindly note that MoEngage will not process a Data Subject request to change information that may cause the information to be incorrect, fraudulent, misrepresented or violates any law of land or legal statute. In such instances, We will inform the Customer about the legal obligations that prevent Us from fulfilling the request.
For MoEngage employees, candidates and visitors of the MoEngage website, MoEngage Inc. is the controller of your personal information for purposes of European data protection legislation.
Data Privacy and data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to the personal information that we hold as a Data Controller –
Opt-out: Once you opt-out, we shall stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing emails.
Data Subjects can opt-out or withdraw their consent by filling the ‘Data Subject Rights’ form available on the cookie banner or in the ‘Privacy Settings’ section at the footer of the website. The Data Subject will then be shared with a ‘Consent Withdrawal Form’ Template which needs to be filled and shared to [email protected].
MoEngage shall record any request to withdraw or change consent in a similar way to the recording of the consent itself.
You can submit your data subject rights requests by email to [email protected] or by filling out the ‘DSR form’ in the ‘Privacy Settings’ at the footer of our website and also at the cookie banner. We may require some information to authenticate your request. We may reject your request as applicable under law in which case we will inform you of the legal basis for rejecting your request. Once we receive your request, we shall acknowledge your request and share the appropriate form/template, which you need to fill and share it to us on [email protected]. If you wish to prevent such processing, please accept only ” Strictly necessary cookies” in the cookie banner. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at [email protected].
For purposes of this section, Personal Information has the meaning given in the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”). However, this section does not apply:
In particular, we do not:
In addition to the above mentioned rights under California law You have the right to (subject to statutory or restrictions):
All Personal Information that is collected from You is in accordance with this Policy, including the Use of different categories of Your Personal data that has been collected from You, the disclosure of Your Personal Information is as per this Policy.
MoEngage uses services that employ cookies and other technologies to collect Personal Information (including identifiers and internet activity information) about your use of our Websites and other online services over time, which helps us to deliver targeted ads. In addition, we may share your contact details with our advertising vendors for the placement of targeted ads. Our use of some of these services may constitute the “sale” or “sharing” of Personal Information as defined under the CCPA to/with third party advertisers. You may opt-out of such sales or sharing by clicking on the “Do Not Sell or Share my Personal Information” link in the footer of our cookie banner.
Alternatively, you may opt out of targeting cookies by clicking on the Cookie Consent Manager on our website.
While our Website and Services are not directed to children under the age of 16, we are required to inform you that we have no actual knowledge that we have sold or shared the Personal Information of California residents under 16 years of age.
We endeavor to respond to a verifiable consumer request within 1 calendar month of its receipt. If we require more time (more than 1 calendar month), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for Legal and regulatory retention requirements may include retaining information for the following:
ACT – Active, in use + Number of Years
C = End of Contract
E = End of Employment
YR = Creation Date + Number of Years
* = in years, unless otherwise noted
[Active User Attributes]
|SaaS Application Data: Active user attributes used for analysis & generating campaigns
|C + 7 Days
[Inactive User Attributes]
|SaaS Application Data: Inactive/Unreachable user attributes used for analysis & generating campaigns
|ACT + 90 Days
|SaaS Application Data: Generated for Analytics purpose
We will retain personal data we process on behalf of our App Providers for as per the defined data retention period to provide services to our App Providers. We will also retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. An End User who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to our App Providers. If requested by App Providers to remove or access data, we will respond within 1 calendar month.
Depending on your use/interaction with us, we may collect/store/transfer/analyze/delete the following categories of Personal Information from you including but not limited to Name, Email ID, Phone Number, Company Name, etc.
When we learn of a suspected or actual personal data breach, the Data Protection Officer (DPO) shall lead the investigation along with the Data Privacy team and Information Security team to perform an internal investigation and take appropriate remedial measures in a timely manner, according to the Data Breach Reporting and Notification Policy. Where there is any risk to the rights and freedoms of data subjects, we will notify the relevant data protection authorities/EU representative without undue delay and, when possible, within 72 hours.
These cases shall be managed based on the Information Security Incident Response Procedure & Data Breach Management procedure, which provides the process of handling information security & privacy incidents.
MoEngage complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the United Kingdom and Switzerland, as applicable, to the United States in reliance on the Data Privacy Framework (“Personal Data”). We have certified to the Department of Commerce that we adhere to the Data Privacy Framework Principles (the “Principles”). You can learn more about the Data Privacy Framework program and can view our certification here.
Our compliance with the Data Privacy Framework also applies to Personal Data that we process on behalf of our business customers, as a Data Processor in the course of providing our services to them (“Customer Personal Data”). Since MoEngage is a customer engagement platform used by businesses for multichannel marketing, the Customer Personal Data that our customers entrust to us for processing includes information about their own customers, including contact information, device information, and information concerning consumer engagement. MoEngage processes Customer Personal Data to provide our services to our customers and otherwise carry out their instructions.
In order to operate our websites and provide services, we may provide personal, aggregate and other associated data to third parties including our services providers and vendors that provide or perform services for us, including services such as payment processing, database management, and professional services. MoEngage discloses Personal Data only to third parties who reasonably need to know such data for the scope of the services and initial transaction and not for other purposes.
Such third parties must agree to use the personal data only for the purpose for which they have been engaged by MoEngage and confirm that their privacy practices are consistent with this Policy.
On occasion, we may also share Personal Data concerning a visitor with our affiliates (such as a subsidiary or affiliate of our company) and Clients in furtherance of our operations and as needed to implement visitor request.
We remain responsible for the Personal Data that we share with third parties for processing on our behalf, and we remain liable under the Principles if such third parties process such Personal Data in a manner inconsistent with the principles if we are responsible for the event giving rise to the damage.
Please be aware that MoEngage may be required to disclose Personal Data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
If you are in the EU, UK or Switzerland and have an inquiry or complaint regarding our handling of your Personal Data under the Data Privacy Framework, you should first contact MoEngage by email at [email protected].
If MoEngage cannot resolve your complaint, where required by law, we will cooperate with the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office and the Swiss Federal Data Protection and Information Commissioner with regard to your unresolved complaint concerning our handling of your Personal Data.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms here.
MoEngage is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). In addition, MoEngage may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
The Data Privacy team is responsible for auditing how well business departments implement this Policy.
Any employee who violates this Policy will be subject to disciplinary action and the employee may also be subject to civil or criminal liabilities if his or her conduct violates laws or regulations.
MoEngage may need to disclose personal information to legal authorities for compliance, fraud investigation, statutory purposes or for other legal activities as per the local laws and government request.
We provide easily accessible information via our Platform or on request. If You have any questions or requests related to this Policy or Your Personal Information, please contact us at the following contact details –
315 Montgomery Street, 10th floor,
San Francisco, 94104,
1st Floor, #32, Salarpuria Tower II,
Chikku Lakshmaiah Layout,
Luskar Hosur Road,
Bangalore – 560034,
In accordance with Information Technology Act 2000 and rules made there under, the name and contact details of the Grievance Officer are published herewith.