Privacy Policy

Last updated:
22nd March 2024

Welcome to the website (the “Site”) of Nango Inc (“Nango,” “we,” “us,” or “our”).

Nango is a developer infrastructure company offering a hosted product integrations solution (the “Solution”) as well as an open source project and collaborative community (the “Community”), (collectively, including the Site, our “Services”).

This privacy policy explains how we handle the personal information you may provide to us during your interaction with our Services. The information we collect, use, and process about you varies based on the Services you use, but you always have choices concerning our information practices across any of them as explained below.

Before using our Services or submitting any personal information to Nango, please review this Privacy Policy carefully. By using our Services, you agree to the practices described in this Privacy Policy; if you do not agree to this Privacy Policy, please do not continue accessing the Site or otherwise using the Services.

1. WHAT INFORMATION WE COLLECT

Personal Information You Provide: We collect and are the controller of the following categories of personally identifiable information from you:

  • Personally Identifying Information: We may collect your name, email address, phone number, mailing/billing addresses, and other personal information you provide to us when you create an account for the Service, participate in our Community, communicate with our support teams, fill out a form on our Site, submit a job application, etc.  
  • Social Media Information: We maintain a social media presence on platforms like Instagram, Facebook, Medium, Twitter, and LinkedIn (“Social Media Pages”). When you interact with us on social media, we may receive personal information that you provide or make available to us based on your settings, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.

Non Personally Identifying Information: When you visit, use, and interact with our Services, we may collect and are the controller of the following categories of non-personally identifying information::

  • Device Information: The manufacturer and model, operating system, IP address, and unique identifiers of the device, as well as the browser you use to access the Service. The information we collect may vary based on your device type and settings.
  • Usage Information: Nango collects event-level information about the usage of our Services. For self-managed Nango instances, we track the usage unless you request that we do so at an aggregate level or otherwise disable usage tracking through code that we make available.
  • User Experience Information: Information about how you engage with our Service, such as the types of content that you view or actions you take on our Site and Community, the features you use in our Solution, and the time, frequency, and duration of your activities. We use the following tools to collect User Experience Information:
  • Google Analytics, a web analytics service provided by Google LLC (“Google”) to help collect and analyze Usage Information. For more information on how Google uses this information, click here.
  • Hotjar: we use Hotjar for user analytics and to assist with customer support. Hotjar enables us to create a de-identified screen recording of your experience on our Site or Solution, which we may review to improve our features, user experience, and to assist with troubleshooting.
  • Location Information: We may derive a rough estimate of your location from your IP address when you visit the Site.
  • Email Open/Click Information: We may collect the date and time you open an email communication from us or click on any links in the email and we or our service provider may associate this information with the email address we already have for you.

The following technologies may be used to collect the Non-Personally Identifying Information described above:

  • Cookies, which are text files stored on your device to uniquely identify your browser or to store information or settings in the browser to help you navigate between pages efficiently, remember your preferences, enable functionality, help us understand user activity and patterns, and facilitate online advertising.
  • Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

Personal Information We Process on Behalf of Our Customers: In order to provide our Solution, we process certain data on behalf of our customers. We process that data, including any personal information contained within it, pursuant to our agreements with our customers. We have no direct relationship with the individuals whose personal information we process in the course of providing our Service to our customers. If you are such an individual and have questions about the processing of your personal information or want to exercise one of your privacy rights, please contact the Nango customer that you interact(ed) with directly.

Sensitive Information: Nango does not intentionally collect or permit you to send to Nango any sensitive personal information, such as social security numbers, genetic data, health information, or religious information.  

2. HOW WE USE THE INFORMATION WE COLLECT

Your personal information is used for the following purposes:

Service Delivery, including to:

  • Provide, operate, maintain, and secure the Services;
  • Create, maintain, and authenticate your account;
  • Provide support assistance and troubleshooting
  • Process transactions through our third party payment processors;

Communicating with You:

  • to send you updates about administrative matters such as changes to our terms or policies; and
  • provide user support, and respond to your requests, questions and feedback.

Service Improvement, including to:

  • improve the Services and create new features;
  • customize your experience and remember your preferences; and
  • create and derive insights from usage and user-experience information.

Compliance and Protection, including to:

  • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • Audit our compliance with legal and contractual requirements and internal policies; and
  • Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

Marketing and Advertising: We and our advertising partners may use your personal information for marketing and advertising purposes, including:

  • Direct Marketing: To send you direct marketing communications as permitted by law, including, but not limited to, notifying you of special offers and events via email and/or direct mail. In connection with our marketing activities, we may enrich the personal information you have provided to us through use of third party sales and marketing platforms or mailing lists we obtain through our event sponsorships, event participation, or partnerships.
  • Interest-Based Advertising: We may engage advertising partners, including third party advertising companies and social media companies, to display ads on the Service and other online services. These companies may use cookies and similar technologies to collect information about your interaction over time across the Service, our communications, and other online services, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to our or similar users (known as a “lookalike audience”) on other online platforms. You can learn more about your choices for limiting interest-based advertising in the Limit Online Tracking section below.

3. PERSONAL INFORMATION SHARING

We do not sell, rent, license, or lease your personal information to third parties.

In certain circumstances, however, we may share personal information without further notice to you, unless required by the law, with the following categories of third parties:

  • Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share personal information with service providers, including hosting services, cloud services, and other information technology services, email communication software and email newsletter services, advertising and marketing services, payment processors, customer relationship management and customer support services, and analytics services. Pursuant to our instructions, these parties will access, process, or store personal information in the course of performing their duties to us. We take commercially reasonable steps to ensure our service providers adhere to the security standards we apply to your personal information.
  • Professional Advisors: We may share personal information with our professional advisors such as lawyers and accountants where doing so is necessary to facilitate the services they render to us.
  • Business Partners: We may work with other businesses to sponsor or host conferences or webinars, market related services, promote joint ventures or other similar collaborations. We might share information with our business partners in these situations.
  • Business Transfers: If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, dissolution, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), we may share your personal information with counterparties and others assisting with the Transaction and with a successor or affiliate as part of or following that Transaction.
  • Legal Requirements: We do not volunteer your personal information to government authorities or regulators, but we may disclose your personal information where required to do so for the Compliance and Protection purposes described above.
  • Affiliates:We may share personal information with our current and future affiliates, meaning an entity that controls, is controlled by, or is under common control with Nango. Our affiliates may use the personal information we share in a manner consistent with this Privacy Policy.

Community Sharing: Open discourse is what makes our collaborative community so great, and we are committed to facilitating it. This means that many portions of our Community are open forums for innovative developments, ideas, and information; information you voluntarily provide in our Community will likely be public-facing and we are not controllers of that information once it is shared. We strive to respect the privacy of individual community members and will minimize the information required to participate. We will also strive to ensure our Community is built on tools that meet our data protection standards and offer user privacy settings wherever possible. However, we encourage you to be thoughtful as to how you interact with our Community tools, how you interact with others in our Community, and the information you share within the Community forums (for example, through creating a public profile, project contributions, comments, and blog posts).

4. PERSONAL INFORMATION RETENTION

We keep personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law (e.g. for tax, legal, accounting, or other purposes), whichever is longer.

5. YOUR CHOICES

Update Your Account Information: You can contact us and request any updates or corrections needed to keep your personal information accurate, current, and complete.

Opt Out of Marketing Communications: You may opt out of marketing-related communications by following the opt out or unsubscribe instructions contained in any marketing communication we send you.

Please note, however, that if you use our Solution, you will continue to receive service-specific communications, such as account or usage alerts and billing information.

Limit Online Tracking: Our Services that use online tracking technologies have banner notices and choice options that enable you to limit or block all or specific types of tracking technologies, such as cookies and web beacons. However, as we disclose in our banner notices, some of these technologies are functionally necessary for us to run our Services and you cannot disable them.

Note that the opt-out mechanisms associated with online tracking are specific to the device or browser on which they are exercised. You will need to opt out on every browser and device that you use. We currently do not respond to "Do Not Track" or similar browser-based signals.

6. YOUR RIGHTS

We endeavor to provide the same data rights and protections to all of our users regardless of the jurisdiction in which they live.

Please forward any request relating to the exercise of your rights regarding your personal data that we process in our capacity as controller to our Data Protection Officer (hello@nango.dev). We undertake to respond to your request as soon as practically possible and always within the timeframes set forth by Applicable Data Protection Law. Please note that we may retain your personal data for certain purposes when required or permitted by law. Finally, please note that we may, in the event of doubt as to your identity, ask you for proof of identity in order to prevent any unauthorized access to your personal data.

You may exercise the following rights over the personal information we have collected about you and for which we are the controller:

  • Right to Access: you can request access to the specific pieces of personal information that Nango has collected about you.
  • Right to Delete: You can request that we delete the personal information we have collected about you.
  • Right to Correct: You can request that we correct certain inaccuracies in the personal information we have collected about you.
  • Right to Portability: You can request that we provide you with the personal information we have collected about you in a structured, commonly used, and machine-readable format which you may reuse elsewhere. your personal information in a format that is portable to another service.

In addition, our users in California may exercise the following rights:

  • Right to Know: you can request to know the categories of personal information that Nango has collected about you.
  • Right to Opt Out of Sale: you have the right to instruct businesses that sell your personal information to stop doing so. As noted above, however, Nango does not sell your personal information.

Our users in the European Union (including countries in the European Economic Union) and the United Kingdom may exercise the following right:

  • Right to Object to Processing: you may request that we block your information from further processing. At Nango, this request is treated as a deletion.

Additional information for our users in Europe and the United Kingdom:

Data Controller. Nango is the data controller for the collection and processing of the personal information it collects directly from its users.

Data Processor.  Nango is the data processor for the processing of personal information on behalf of a customer. We do not collect, use, or store the data we process on behalf of our customers, so as noted in section 1: if you have questions about the processing of your personal information by Nango and are not an Nango user, you will need to contact the customer that you interact(ed) with in order to exercise your data rights.

Legal Basis for Processing. This Privacy Policy (the paragraph “Personal Information Use”) describes our data processing purposes and practices. Please contact us if you have more specific questions about the specific legal basis we are relying on to process your personal information.

Data Transfers. Nango is based in the U.S. and personal information about our users is stored on servers hosted in the US. The storage of our users’ personal information in the U.S. is necessary to perform the services as described in our Terms of Service. Though the storage of directly collected user information is not considered a data transfer by the European Data Protection Board, we have performed a Transfer Impact Assessment and a copy is available upon request.

7. CHILDREN

Our Service is not directed to children who are under the age of 18. Nango does not knowingly collect personal information from children under the age of 18. If we learn that we have collected personal information from a child under the age of 18 without the consent of the child’s parent or guardian as required by law, we will delete that information.

8. LINKS TO OTHER WEBSITES

The Service may contain links to other websites not operated or controlled by Nango, including social media services (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links, we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.

9. SECURITY

We have built our security program to include technical, organizational and physical safeguards designed to protect the personal information we collect. If you have any security-related questions or concerns, please contact our security team at hello@nango.dev.

10. DATA PRIVACY FRAMEWORK

Nango complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce.  Nango has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. Nango is committed to subject to the DPF Principles all personal data received from the European Union and, as applicable the United Kingdom (and Gibraltar), in reliance on the relevant part(s) of the DPF program.  Nango maintains contracts with third parties with whom we share personal data that restrict their access, use and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer provisions, and Nango remains liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.

If you have a concern that Nango has not handled your personal data appropriately under the DPF or UK Extension, please contact Nango at hello@nango.dev. If your issue cannot be resolved directly with Nango, in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Nango commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from Nango, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.


If neither Nango nor our dispute resolution provider resolves your complaint, you may be able to pursue binding arbitration through the Data Privacy Framework Panel. For more information on this option, please see Annex I of the EU-U.S.Data Privacy Framework Principles.


Nango is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).


Please be aware that Nango may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

11. CHANGES TO THE PRIVACY POLICY

The Service and our business may change from time to time. As a result we may change this Privacy Policy at any time. When we do we will post an updated version on this page unless another type of notice is required by applicable law. By continuing to use our Service or providing us with personal information after we have posted an updated Privacy Policy, or notified you by other means if applicable, you agree to the revised Privacy Policy and the practices described in it.

12. CONTACT US

If you have any questions about our Privacy Policy or information practices, please feel free to contact us at: hello@nango.dev.