Privacy Policy
How we collect, use, and protect your personal information
How we collect, use, and protect your personal information
This Privacy Policy sets out how Membrowse, operated by Papernov Consulting LLC d/b/a Membrowse, collects, discloses, and uses personal information about you and how you can exercise your privacy rights. This Privacy Policy applies to personal information that we collect when you visit our website at https://membrowse.com ("Site"), use our products and services ("Service"), or otherwise interact with us (e.g., by attending an event or communicating with us). If you do not agree with this policy, please do not access or use our Site or Service or interact with any other aspect of our business.
This Privacy Policy does not apply to data submitted to the Service ("Service Data"). A separate agreement ("Customer Agreement") governs delivery, access, and use of the Service, including the processing of Service Data. With respect to any personal information included in Service Data, the organization (e.g., your employer or another entity or person) that entered into the Customer Agreement ("Customer") controls its instance of the Service and any associated Service Data. If you have any questions about a Customer's instance of the Service and any associated Service Data, please contact the Customer.
We recommend that you read this Privacy Policy in full to ensure you are fully informed.
Membrowse offers a software-as-a-service platform designed to analyze, track, and visualize memory usage in embedded firmware builds. The Service enables customers to monitor memory consumption patterns, set memory budgets, and enforce memory limits as gates in continuous integration and continuous deployment (CI/CD) pipelines.
For more information about Membrowse, please see the main page of our Site.
The personal information that we may collect about you broadly falls into the following categories:
We collect information about you when you input it into our Site or the Service or otherwise provide it directly to us.
We collect information about you when you register for an account, create or modify your profile, and set preferences for the Service. For example, you may provide your contact information, including your first and last name, email address, and password when you register for the Service. We keep track of your preferences when you select settings within the Service.
As part of registration, you may authenticate via your separate account with a third-party platform such as GitHub or Google. We will not collect the password that you use for the relevant platform, but we may collect details from your account with the platform, such as username or ID, email address, and organization associations.
You may choose to provide us with information when you contact us about our Service or otherwise interact with us. For example, you may choose to submit information regarding a problem you are experiencing with our Service and send us screenshots to help in resolving the problem. You may submit your contact information to register for our events, to subscribe to receive marketing communications from us, or to make an inquiry through our Site. You may also provide content to us when you participate in a survey, contest, promotion, sweepstake, activity, or event, including via social media and other content platforms.
If you register for a paid Service, we will collect purchase information, such as the Service plan that you purchase and information related to refunds, credits, and cancellations, and your billing address and payment information. Please note that any payment information you provide is sent directly to a third-party payment processor (Stripe, Inc.). We have no access to and do not store your payment information.
We collect certain information about your device and how you and your device interact with us and our Site or Service.
Specifically, the information we collect will include information such as your IP address, device type, unique device identification numbers, browser-type, operating system, software installed on your device, general location information (such as inferred from an IP address), and referring URL. We also collect information about how you and your device have interacted with our Site or Service or with us via email, including the pages you accessed, features you used, Service you purchased, links you clicked, and when you accessed and for how long.
Some of this information is collected using cookies and similar tracking technology, as explained further under the heading "Cookies and similar tracking technology" below.
From time to time, we receive personal information about you from third-party sources (including social media and other content platforms, public databases, and from our business and channel partners and vendors).
The types of information we collect from third parties include name, email addresses, job titles, and social media profiles. We may combine this information with information we collect through other means described above. This helps us to maintain and improve the accuracy of our records, identify new customers, deliver personalized communications, and suggest services that may be of interest to you.
We use your information for business and commercial purposes, such as to:
We may aggregate or de-identify information collected through the Service. We may use aggregated or de-identified data for any purpose, including without limitation for research and marketing purposes, and may also disclose such data to any third parties, including without limitation, advertisers, promotional partners, sponsors, event promoters, and others.
If you are based in Europe, we collect and process information about you only where we have a legal basis for doing so under applicable European laws. This means we collect and process your information only where:
The legal bases depend on the type of information and the purpose for our processing. In some contexts, more than one legal basis applies. When we process your information based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before it is withdrawn. To exercise your rights, see "Your data protection rights" below. Where we are using your information because we or a third party (e.g., your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Service.
We disclose your personal information to the following categories of recipients:
We use cookies and similar tracking technology (collectively, "Cookies") to collect and use personal information about you, including to understand and save your preferences and to compile aggregate data about Site and Service interaction.
We may also allow certain third parties (e.g., vendors and advertising partners) to provide functionality, serve tailored marketing to you, and to access their own cookies or other tracking technologies on your computer, mobile phone, or other device you use to access the Site or Service. Cookies may be associated with de-identified data linked to or derived from data you voluntarily have submitted to us (e.g., your email address) that we may disclose to third parties in hashed, non-human-readable form.
You may refuse to accept Cookies by activating the setting on your browser that allows you to refuse the setting of Cookies. You can find information on popular browsers and how to adjust your Cookie preferences at the browser provider's websites. Depending on where you live, you may also have the right to opt out of targeted advertising (as defined in applicable law) and/or certain third-party cookies, as described under the heading "Your data protection rights" below. If you choose to disable Cookies, your ability to use or access certain parts of our Site and Service may be affected. We or our vendors may also use Cookies to track your interaction with our emails or other communications (e.g., whether you open or forward emails).
We use appropriate technical and organizational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. However, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet, or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. In particular, email sent to or from Membrowse may not be secure, and you should therefore take special care in deciding what information you send to us via email.
In some cases your personal information is transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective).
Specifically, our Service may be hosted in various regions as selected by Customer through their configuration of the Service. Our third-party vendors operate around the world, including in the United States. This means that when we collect your personal information, we may process it in any of these countries.
Where we transfer your personal information to countries and territories outside of Europe (including the United Kingdom) and Switzerland that have been formally recognised as providing an adequate level of protection for personal information, we rely on the relevant "adequacy decisions" from the European Commission and Swiss Federal Administration, and "adequacy regulations" from the Secretary of State in the United Kingdom.
Where the transfer is not subject to an adequacy decision or regulations, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this policy. The safeguards we use are the European Commission-approved standard contractual clauses, the UK International Data Transfer Agreement, and other appropriate legal mechanisms. This is how transfers of personal information between our group companies and with our third-party vendors will be safeguarded.
Papernov Consulting LLC d/b/a Membrowse participates in and complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce (collectively, the "Data Privacy Framework") regarding the collection, use, and retention of personal information about you that is transferred from the European Union, United Kingdom, and Switzerland to the U.S. We have self-certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles for all information about you that is received from the European Union and the United Kingdom in reliance on the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework. We have also self-certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (together with the EU-U.S. Data Privacy Framework Principles, the "Data Privacy Framework Principles") for all information about you that is received from Switzerland in reliance on the Swiss-U.S. Data Privacy Framework. If there is any conflict between the terms in this Privacy Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles will govern.
As required under the Data Privacy Framework, when we receive information under the Data Privacy Framework and then transfer it to a third party acting as an agent on our behalf, we have certain liability under the Data Privacy Framework if the agent processes the information in a manner inconsistent with the Data Privacy Framework and we are responsible for the event giving rise to the damage. We may be required to disclose information about you under the Data Privacy Framework in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
To learn more about the Data Privacy Framework program, and to view Membrowse's certification, please see the Data Privacy Framework website.
We encourage you to contact us as provided below should you have a Data Privacy Framework-related (or general privacy-related) complaint and we commit to resolve any such complaint. We have further committed to refer unresolved complaints concerning our handling of personal data received in reliance on the Data Privacy Framework to JAMS, a U.S.-based alternative dispute resolution provider. If you do not receive timely acknowledgement of your Data Privacy Framework-related complaint from us, or if you are not satisfied with our response to your Data Privacy Framework-related complaint, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Under certain conditions, more fully described on the Data Privacy Framework website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
We retain the personal information we collect from you where we have an ongoing legitimate business need to do so (e.g., to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements). In certain circumstances, we will need to keep your information for legal reasons after our relationship has ended. For example, we may retain your data for longer than the usual retention period when we have a legal obligation to do such, to deal with and resolve requests and complaints, to protect an individual's rights and property, and for litigation and regulatory matters. The specific retention periods depend on the nature of the information and why it is collected and processed and the nature of any legal requirement. The criteria we use to determine the retention period include:
When we have no ongoing legitimate business need or legal reason to process your personal information, we will either delete or anonymise it or, if this is not possible (e.g., because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Depending on your location, you may have the following data protection rights. To exercise any of them, see the specific instructions below or contact us using the contact details provided under the "How to contact us" heading below. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Membrowse's Site and Service are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information without parental consent, please contact us using the contact details provided under the "How to contact us" heading below. If we become aware that a child under 16 has provided us with personal information without parental consent, we will take steps to remove such information and terminate the child's account.
If you are 16 or older, but have not reached your jurisdiction's age of majority (such that you are able to enter a contract), you should only use the Service with permission from your parent or guardian.
The Site and Service may link to third-party websites or platforms from companies other than Membrowse, such as to relevant online resources, social media platforms, our partners' websites, payment processors (including Stripe), and other third-party websites. We are not responsible for the privacy practices or content of such other websites. If you have any questions about how these other websites use your information, you should review their policies and contact them directly. We are not responsible for the actions of third parties.
We may update this policy from time to time in response to changing legal, regulatory, technical, or business developments. When we update this policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make.
You can see when this policy was last updated by checking the date displayed at the top of this policy.
If you have any questions or concerns about our use of your personal information, please contact by sending us an email at support@membrowse.com.
The data controller of your personal information is Papernov Consulting LLC d/b/a Membrowse. Our address is Papernov Consulting LLC dba Membrowse, 447 Broadway, 2nd floor, 1106, New York, NY 10013, USA.
Who and what this notice applies to. This Supplemental Notice supplements the information in our Privacy Policy, and except as provided herein, applies solely to California residents. It applies to personal information we collect on or through the Site or Service and through other means (such as information collected offline, in person, and over video calls). It does not apply to personal information we collect from our employees and job applicants in their capacity as employees and job applicants. It also does not apply to personal information we process as a service provider. Any capitalized terms used but not defined in this Supplemental Notice have the meanings set forth in our Privacy Policy.
What the CCPA requires us to tell you. If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and disclose your "personal information" and "sensitive personal information" (as defined in the California Consumer Privacy Act ("CCPA")).
What's included in our Privacy Policy. Throughout our Privacy Policy, we describe the specific pieces of personal information and sensitive personal information we collect, the sources of that information, and how we disclose it.
Categories of personal information we collect. Under the CCPA, we are also required to provide you with the "categories" of personal information we collect and disclose. Those categories of personal information are as set forth in the table below. We collect and disclose those categories of personal information for the purposes described in our Privacy Policy, including for the business or commercial purposes (as those terms are defined in applicable law) set forth in the table below.
Our sources of personal information. We collect the categories of personal information identified above from the following sources: (1) directly from you; (2) through your use of the Site or Service; (3) affiliates; (4) third parties such as GitHub and Google (when you log in using one of those accounts); (5) social media and other content platforms; (6) public databases; (7) business and channel partners; and (8) third-party vendors.
Aggregation and de-identification. We may combine the information we collect ("aggregate") or remove pieces of information ("de-identify") to limit or prevent identification of any particular user or device.
Our information disclosure practices. We describe our information disclosure practices in our Privacy Policy. We may disclose certain categories of personal information with third parties (as defined by the CCPA) for the business purposes described above. For example, we may disclose identifiers and professional or employment related data with our partners who provide referral, sale, resale, or similar go-to-market services. If you, your administrator, or other Service users choose to install or enable third-party apps, add-ons, or other platforms, we may also disclose identifiers and any content you choose to connect with those apps. If you interact with social media plugins or links on the Site, we may share identifiers, commercial information, internet or other network or device activity, geolocation information (general location), or inference data about you with those social media services.
"Selling" or "Sharing" personal information. Membrowse may disclose personal information to third parties that may be considered "sales" of personal information or "sharing" of personal information for the purposes of targeted advertising (as those terms are defined in the CCPA). The categories of personal information we may disclose are identifiers, commercial information, internet or other network or device activity, geolocation information (general location), and inference data about you. The third parties are advertising partners. You may opt out of "sales" of personal information and "sharing" of personal information by contacting us at support@membrowse.com. Where required, we also honor requests to opt out submitted via privacy preference signals recognized under applicable law, such as the Global Privacy Control ("GPC"). For more information on the GPC and how to use the GPC signal, see https://globalprivacycontrol.org/. We do not knowingly "sell" or "share" the personal information of consumers under 16 years of age.
Your rights under California law. If you are a California resident, you may have certain rights. California law may permit you to request that we:
You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. We need certain types of information so that we can provide the Site or Service to you. If you ask us to delete it, you may no longer be able to access or use the Site or Service.
Information collected on behalf of our customers. In instances where we process personal information on behalf of our customer, rights requests should be directed to the relevant customer. Any request sent directly to us that pertains to information collected on behalf of a customer will be forwarded on to that customer.
How to exercise your rights. If you would like to exercise any of these rights, you can submit a request at support@membrowse.com. You will be required to verify your identity before we fulfill your request. To do so, you will need to provide information to match with our existing records to verify your identity depending on the nature of the request and the sensitivity of the information sought (e.g., provide your email address). You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.
Sensitive personal information. The CCPA also allows you to limit the use or disclosure of your "sensitive personal information" (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for purposes for which you cannot opt out under the CCPA.
Financial Incentive. We occasionally run giveaways, sweepstakes, and contests where participants may provide personal information in return for a chance to win certain prizes. You can opt into the giveaway, sweepstakes, or contest by taking the requested action. Your participation is completely voluntary, and you have a right to withdraw from these incentives at any time. If you decide you don't want to participate in these financial incentives, you can refrain from taking the requested actions.
The specific reward or incentive offered, if any, is made available to you when you take the action specified in the particular giveaway, sweepstakes, or contest. The monetary value of the reward or incentive is a reasonable approximation of the monetary value of the information you provide us. We have arrived at this estimate based on consideration of multiple factors, including the following: (1) revenue we generate in developing insights on our Customers; (2) expenses we incur in operating the giveaway, sweepstakes, or contest; and (3) our reasonable assessment of revenue we may generate as a result of the referrals provided to us by our Customers.
Data retention. Please see the "Data retention" section of our Privacy Policy for information about our data retention practices.