Last updated – October 9, 2023
California Residents: Please see our additional privacy information for California residents in Section IX below.
Your privacy is of the utmost importance to NocoDB, Inc., and its affiliates, subsidiaries and related entities (collectively “NocoDB”, or “us” or “we”) and we take our obligations regarding your privacy seriously.
This Privacy Policy describes how we collect, use and disclose, and share, or other processing of your personally identifiable information (“PII” or “personal data“) when you access or use our websites (e.g., nocodb.com) (“Website“ or “Websites”), access or use our NocoDB Cloud service, (“Platform“), and interact or participate in our programs, training, events and our other services offerings (collectively, the “Services”). Our Websites, Platform, and other Services are collectively referred to in this Privacy Policy as our “Online Services”. The categories of information we collect will depend on your interactions with us.
By using our Online Services, you agree to the terms and conditions contained in this Privacy Policy and you expressly consent to the processing of your data in accordance with this Privacy Policy. If you do not agree to any of these terms and conditions, or approve of NocoDB’s data practices as explained herein, then you should immediately cease all use of our Online Services. To the fullest extent permitted by applicable law, you agree that any dispute over privacy or the terms contained in this Privacy Policy and Terms of Use, or any other agreement we have with you, will be governed by the laws of the state of California. This section does not apply if you are based in the European Economic Area ("EEA") or Switzerland.
NocoDB collects the following types of personally identifying information (“PII”):
a. Information Provided by Website Visitors.
If you decide to sign up for information from us, schedule a demo, attend a virtual event, or create an account to use the Services, NocoDB may collect the following PII from you: (1) first and last name, (2) organization name, (3) job title, (4) email address, (5) phone number, (6) location information including state/province and country, and (7) where applicable, a user-generated password for your account. If you provide us with feedback or contact us via email (e.g., in response to an employment opportunity posted on our Website), we will collect your name and email address, as well as any other content or information included in or attached to your email, in order to send you a reply. If you purchase services or products from us, we will also collect payment accounts and other financial information.
We may combine the information we collect directly from you with information we obtain from public sources, partners, and other third parties and use such combined information in accordance with this Privacy Policy.
b. Information We May Collect via Technological Means.
Our servers, which may be hosted by a third-party service provider, may collect certain technical data about your device and software, including your browser type, operating system, IP address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a time stamp of your visit. We automatically gather this data and store it in log files each time you visit our website or access your account on our network. Unless you have provided PII in connection with your use of the Online Services, such technical data cannot reasonably be used to identify you. We may also directly collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends in connection with the Online Services. We collect and use this analytics information in aggregate form such that it cannot reasonably be used to identify any particular individual user.
c. Cookies, web beacons and other tracking technologies.
We use various technical mechanisms such as cookies, web beacons and similar tracking technologies to monitor how users use our Online Services. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing a website. “Web beacons” refer to various tracking technologies used to check whether you have accessed some content on our Online Services. We use cookies for the following purposes, specifically:
We may link the information we store in cookies or through other mechanisms to the PII you submit while using our Online Services. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Online Services. You can remove persistent cookies at any time by following the directions in the “Help” section of your Internet browser. You can also disable all cookies on your Internet browser. If you choose to disable cookies, be advised that some components of our Online Services may not work properly.
Our partners, affiliates and other service providers may use cookies and other technologies to improve the quality of your experience when you interact with our Online Services. We may receive reports based on the use of certain technologies by these companies on an individual and aggregated basis.
In summary, we use your PII to respond to your requests, provide, secure and enhance the Online Services, and comply with our legal obligations. In particular, NocoDB uses your PII for the following purposes as necessary and as permitted by applicable law:
We may generate reports that contain aggregate data about usage of our Online Services and similar topics. In such instances, we use aggregate data that cannot be used to reasonably identify any individual and which contains no PII.
We may also compile, use statistical or anonymized, non-personally identifiable information and use or transfer such information for any purposes; provided, however, that such data has been fully de-identified and cannot in any way be traced back to the customer or user and does not contain any personally identifiable information. We may also publish such anonymized information publicly to show trends about the general use of our services.
Third-Party Online Analytics Services.
In connection with our website and emails, we use third-party online analytics services, such as those of Google Analytics. These analytics services use automated technologies to collect information (such as email address, IP address, and device identifiers) to evaluate, for example, use of our products and services and to diagnose technical issues. To learn about how Google Analytics collects and processes data, you can visit google.com/analytics/learn/privacy.html and policies.google.com/technologies/partner-sites.
To the extent permitted by applicable law, NocoDB may disclose your PII in the following circumstances:
a. Service Providers.
We may engage our affiliates or third-party companies or individuals to support us in connection with the purposes listed above, such as vendors to provide IT services and process payments.
b. Law Enforcement.
It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − for NocoDB to disclose your PII. We may also disclose your PII if we determine disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users.
c. Business Transfer.
We may share your PII if NocoDB engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of NocoDB’s assets, financing acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
d. Third Party Access.
Our Platform facilitates interactions between your NocoDB apps and other services and data sources you use. If you connect to third-party accounts through our Platform, we will use that information to authenticate you, enumerate the data sources available to you, download any data you request us to, and download and refresh authentication tokens or persist authentication information such as user names and passwords as necessary to continue to connect to these data. Third parties whose services you use in connection with us, or third parties whose websites we link to, may have data information practices that are different from ours. This Privacy Policy does not apply to the activities of third parties when they are collecting or using data for their own purpose or on behalf of others. We are not responsible for the activities of these third parties. We encourage you to review their privacy policies to understand how they use your information.
e. Prior Consent
We may also disclose your PII with your prior informed consent.
Service providers acting on our behalf are obliged to adhere to confidentiality requirements no less protective than those set forth herein and will only receive access to your PII as necessary to perform their functions.
We are committed to protecting the security of information received via the Online Services, including PII. We provide reasonable and appropriate administrative, technical, and physical security controls to protect your PII from unauthorized access, use, or disclosure. For example, we use secure socket layer technology (SSL) in connection with our Online Services. We also require you to enter a password to access your account information. Please do not disclose your account password to anyone else. Despite our efforts, no security controls are 100% risk-free, and NocoDB does not warrant or guarantee that your PII will be secure in all circumstances.
Please note if you are a California resident, please see Section IX “Additional Information for California Residents” below for more information about your privacy rights under California law.
a. Opt-Out.
We offer you choices regarding the collection, use, and sharing of your PII. Where permitted by applicable law, we may periodically send you free newsletters and emails that directly promote the use of our products or services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the email you receive or by contacting us directly. Despite your indicated email preferences, we may send you notices of any updates to our Terms of Use or Privacy Policy.
b. Ability to Edit or Delete Your Personal Information.
You may edit any of your PII in your account on the Online Services, including contact information and/or notification settings, by editing your account profile. You may also request that we delete your account information by sending an email to support@nocodb.com, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). NocoDB will respond to such requests within thirty (30) days or sooner if required by applicable law. When we delete account information, it will be deleted from the active database, but may remain in our archives for a limited amount of time. We will otherwise retain your information for as long as your account is active, as needed to provide you with the Online Services you have requested, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
c. Information Processed Under the Direction of Customers.
If an organization has registered for the Services (a “Customer“) and your PII has been collected by NocoDB as a result of such organization’s use of the Services, NocoDB collects and processes any such PII of yours under the directions of the relevant Customer. If these circumstances apply to you and you wish to access, edit, delete or exercise any rights you may have under applicable data protection laws with respect to any PII that we have collected about you, please direct your query to the relevant Customer as this may expedite the completion of your request. We nevertheless provide reasonable assistance to our Customers to give effect to data subject rights as appropriate and required by applicable laws.
Our provision of a link to any website or location outside of the Online Services is for your convenience and does not signify our endorsement of such other website or location or its contents. When you click on such a link, you will leave our site and go to another site. During this process, a third party may collect data, including PII, from you. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of data after you click on a link to a third party. We encourage you to carefully read the privacy statement of any other website you visit.
NocoDB is located in the United States and other countries. By accessing or using the Online Services, or otherwise providing information to us, you understand that your information may be subject to processing, transfer, and storage in other locations. In the event that NocoDB transfers your Personal Data from the EEA to a country which is not subject to an adequacy decision by the European Commission or which may not provide for the same level of data protection as the EEA, NocoDB will ensure that the recipient of your Personal Data offers an adequate level of protection. This may include such measures as entering into standard contractual clauses for the transfer of data as approved by the European Commission, gaining prior consent, or other appropriate measures in accordance with applicable law.
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).
a. How We Source, Use, and Disclose Information for Business Purposes.
b. Your California Privacy Rights.
If you are a California resident, the CCPA allows you to make certain requests about your personal information. Specifically, the CCPA allows you to request us to:
The CCPA further provides you with the right not to be discriminated (as provided for in applicable law) for exercising your rights. Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide our services to you. We also will take reasonable steps to verify your identity before responding to a request. In doing so, we may ask you for verification information so that we can match at least two verification points with information we maintain in our files about you. If we are unable to verify you through this method, we shall have the right, but not the obligation, to request additional information from you.
Please also note that if your personal information has been collected by NocoDB as a result of a Customer’s (as defined above) use of our services, NocoDB collects and maintains your personal information under the directions of the relevant Customer. If these circumstances apply to you and you wish to access or delete any personal information that we have collected about you, please direct your query to the relevant Customer as this may expedite the completion of your request. We nevertheless provide reasonable assistance to our Customers to give effect to consumer choices as appropriate and required by applicable laws.
If you would like further information regarding your legal rights under California law or would like to exercise any of them, or if you are an authorized agent making a request on a California consumer’s behalf, please contact us at support@nocodb.com.
The CCPA provides certain rights if a company "sells" personal information, as such term is defined under the CCPA. We do not engage in activities that would be considered "sales" under the CCPA.
Shine the Light Disclosure: The California "Shine the Light" law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.
Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration (as such terms are defined under Nevada law) to a person or that person to license or sell such information to additional persons. We do not engage in such activity; however, if you are a Nevada resident and you have purchased products or services from us, you may submit a request to opt out of any potential future sales under Nevada law by emailing us at support@nocodb.com. Please note we may take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.
Our Online Services are not intended for use or access by children or minors. NocoDB does not knowingly collect or solicit information from anyone under the age of thirteen (13). If you believe NocoDB has inadvertently collected information about a child under the age of thirteen (13), please contact us at support@nocodb.com immediately.
NocoDB reserves the right to change this Privacy Policy. NocoDB will provide notification of the material changes to this Privacy Statement through our Website and, where appropriate, by email to any email address of yours we may have on file, at least thirty (30) days prior to the change taking effect.
NocoDB welcomes your comments, questions, and concerns regarding our Privacy Policy. Please contact us at support@nocodb.com or at our mailing address below:
NocoDB, Inc.
Attn: Legal Department
FLAT 29 LINDSAY MANOR,
LINDSAY ROAD, POOLE,
DORSET BH13 6BE, UNITED KINGDOM
This Supplemental GDPR Privacy Statement is relevant to any individual located in the EEA who uses the Online Services where these services directly link to this Supplemental GDPR Privacy Statement.
This Supplemental GDPR Privacy Statement does not cover any other data collection or processing, including, without limitation, through other NocoDB websites or online services that do not display a direct link to this Supplemental GDPR Privacy Statement, or through third-party websites.
European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR“), requires NocoDB to provide additional and different information about its data processing practices to data subjects in the EEA. If you are accessing the Online Services from a member state of the EEA, this Supplemental GDPR Privacy Statement applies to you.
For purposes of the GDPR, NocoDB, Inc., 1209 Orange Street, Wilmington city, New castle county, Delaware 19801 USA, is the data controller of your personal information. Where processing of personal information is undertaken by our affiliates, subsidiaries or related entities, they are a joint controller with NocoDB, Inc.
Legal Basis of Processing. In general, the legal basis for NocoDB’s processing of your personal data in connection with the Online Services is Article 6(1)(b) of the EU GDPR, which allows processing of personal data as necessary for the performance of a contract. When you access, use or register for our Online Services, you form a contract with us based on the applicable terms of use or terms of service, and NocoDB needs to process your personal data to provide the requested Online Services.
As exceptions, NocoDB relies on your consent with respect to cookies that are not strictly necessary and direct marketing emails per Article 6(1)(a) of the EU GDPR; and pursues legitimate interests under Article 6(1)(f) of the EU GDPR with respect to situations where NocoDB needs to process your personal data to comply with applicable laws (as a U.S.-based company, NocoDB is subject to U.S. laws and must comply with them) or processes your personal data to improve our business and Online Services.
Personal Data Transfers outside of the EEA. NocoDB may transmit some of your personal data to a country where the data protection laws may not provide a level of protection equivalent to the laws in your jurisdiction, including the United States. As required by applicable law, NocoDB will provide an adequate level of protection for your personal data using various means, including, where appropriate:
Any onward transfer is subject to appropriate onward transfer requirements as required by applicable law.
Data Retention. NocoDB keeps personal data as long as required to provide the Online Services you have requested or registered for and comply with applicable laws.
Data Subject Rights. You have a right to request from NocoDB access to and rectification or erasure of your personal data or restriction of processing concerning you, as well as the right to data portability under the GDPR. You also have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. In general, you have the right to object to our processing of your personal data for direct marketing purposes. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. You can exercise such rights by accessing the information in your account, submitting requests by email to support@nocodb.com.
If you have provided consent for cookies that are not strictly necessary, direct marketing emails or other data processing based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You have the right to lodge a complaint with a supervisory authority.
Your Choices. You are not required to provide any personal data to NocoDB but if you do not provide any personal data to NocoDB, you cannot use the Online Services. You can use the Online Services without consenting to cookies that are not strictly necessary; the only consequence is that our Online Services will be less tailored to you or you will not receive our marketing emails.
Profiling. NocoDB does not use in connection with the Online Services automated decision-making, including profiling, in a way that produces legal effects concerning you or which significantly affects you.