Updated: March 16, 2023
Table of contents
- About us
- About this Privacy Notice
- Third-Party Websites and Services
- Types of Information We Collect
- Information You Provide Us
- Information Collected via Technology
- Use and Processing of Personal Information
- Use of Non-Personal Information
- Sharing of Your Personal Information
- Retention of Your Personal Information
- How We Protect Your Personal Information
- International Data Transfers
- EU-/Swiss-U.S. Privacy Shield Frameworks participation
- Children and Minors
- Changes to our Privacy Notice
- Contacting us
We are a global company based in San Francisco, California, USA. We provide documentation automation software as a service that helps companies streamline processes to create, approve and eSign proposals, quotes, contracts, and other documents. Companies that use our services can provide their customers with a more professional, timely, and engaging experience.
About this Privacy Notice
This Privacy Notice sets forth the handling practices of PandaDoc, Inc. (variously, “PandaDoc”, “we”, “our” or “us”) and its affiliates in regard to the collection, use and disclosure of personal data or personal information that you may provide to us through using this website (www.pandadoc.com) (the “Website”), by using any product or by using any service, including but not limited to the PandaDoc software-as-a-service product (“SaaS”), downloading, accessing and /or using PandaDoc’s mobile application named PandaDoc (“App”), creating an account, interacting with us, opting-in to receive SMS mobile messages, or engaging with any other websites, pages, features, or content we own, operate and/or provide (collectively with the Website, SaaS and App, the “Services”).
If you do not accept this Privacy Notice and/or do not meet and/or comply with the provisions set forth herein, then you should not use the Services.
By accepting our Privacy Notice, accessing and using the Services, you consent to our collection, storage, use, and disclosure of your personal data or personal information as described in this Privacy Notice and the Cookie Notice located at https://www.pandadoc.com/cookie-notice/ (“Cookie Notice”). The use of www.pandadoc.com and the App is subject to PandaDoc’s Terms of Service located at https://www.pandadoc.com/terms-of-use/.
Third-Party Websites and Services
In some instances, we may process your personal information in accordance with an agreement with a third party. This may occur, for example, when you sign-in or sign-up for the Services through a third-party or click on a third-party link. In this instance, the terms of the third-party’s agreement and privacy notice will govern how your personal information is processed. You should review the terms and notices of any third-party websites prior to clicking on the links. Pandadoc has no control over the privacy practices of websites or applications that we do not own. We are not responsible for the practices employed by any websites and/or services linked to and/or from our Website, including the information and/or content contained therein. Please also remember that when you use a link to go from our Website to another website and/or service, our Privacy Notice does not apply to such third-party websites and/or services. Your browsing and interaction on any third-party website and/or service, including those that have a link on our Website, are subject to such third-party’s own rules and policies. In addition, you agree that we are not responsible and do not have control over any third-parties that you authorize to access your personal information. If you are using a third-party website and/or service and you allow them to access your personal information, you do so at your own risk.
Types of Information We Collect
We collect “Non-Personal Information” and “Personal Information” and the information we collect from you depends on how you use the Services. “Non-Personal Information” includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit, and preferences that are generated based on the data you submit and a number of clicks. “Personal Information” means data that allows someone to identify or contact you, including, for example, your name, address, telephone number, and email address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data. The following provides examples of the type of information that we collect from you and how we use that information.
|Context||Types of data||Primary purpose for collection|
and use of data
|Client information||We collect the name, username, and contact information, of our clients and their employees with whom we may interact.||We have a legitimate interest in contacting our clients and communicating with them concerning normal business administration such as projects, services, and billing.|
|Client user account information||We collect personal information from our clients when they create an account to access and use the Services. or request certain free Services from our Website. This information could include business contact information such as name, email address, IP address, geolocation, title, company information, industry, and password for our Services.||We have a legitimate interest in providing account-related functionalities to our users, monitoring account log-ins, and detecting potential fraudulent logins or account misuse. Additionally, we use this information to fulfill our contract to provide you with Services.|
|14-day free trial and/or free e-sign account||We collect personal information from our clients when they request a 14-day free trial or free e-sign account from our Website. This Personal Information includes name, IP address, geolocation, and business contact information such as email address, title, and password for your PandaDoc account. Clients may also provide a credit card number or other billing details.||We have a legitimate interest in providing account-related functionalities to our users, monitoring account log-ins, and detecting potential fraudulent logins or account misuse. Additionally, we use this information to facilitate ease of account creation if a user chooses to purchase the service during or immediately following a free trial period.|
|Contact information of vendors||Users of our Service may ask their vendors or service providers to submit company and security-related information on our platform (e.g., to complete a security questionnaire). When a user invites a vendor we collect the name and email address of the vendor.||We have a legitimate interest in contacting vendors on behalf of our clients in order to invite them to communicate with companies through our platform. Among other things, the communication allows our clients to efficiently solicit, and receive, security questionnaires, and allows vendors to efficiently solicit, and transmit security questionnaires. Additionally, we use this information to fulfill our contract to provide Services which may include soliciting, receiving, transmitting, and hosting responses to security questions.|
|Account information — vendors||We collect personal information from vendors when they create an account to access and use the Services or request certain free Services from our Website. This information could include business contact information such as name, email address, title, company information, and password for our Services.||We have a legitimate interest in providing account-related functionalities to our vendor users, monitoring account log-ins, and detecting potential fraudulent logins or account misuse. Additionally, in some cases, we use this information to fulfill our contract to provide vendor-users with Services.|
|Cookies and first-party tracking||We use pixels, beacons, cookies, and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a website is viewed. See our Cookie Notice for further information.||We have a legitimate interest in making our website operate efficiently.|
|Cookies and third-party tracking||We participate in behavior-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests on our website, or on other websites. |
To learn more about our third-party partners, please read their respective privacy policies. Google Analytics is an analytics service provided by Google LLC. (US).:
How Google uses information from sites or apps that use our services
|We have a legitimate interest in understanding our users and providing tailored services. Non-essential/non-service provider cookies will not be deployed until opt-in consent is obtained.|
|Demographic information||We use IP information to 1). Ensure the legality of our documents (under eSignature law); 2). Understand how user behavior varies in different locations in order to improve our software; 3.) Depending on location, provide better support and success service.||We have a legitimate interest in ensuring that our product/service is legal and providing tailored services based on the location (Country) – such as appropriate 1) support, 2) contract content, and 3) templates. IP information will not be used for behavioral purposes absent explicit consent.|
|Email interconnectivity||If you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases.|
If you choose to connect your Gmail account to PandaDoc, we collect personal data such as name, IP address and Gmail account address to enable the functionality of displaying the Gmail account address to your chosen recipients. PandaDoc’s use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
|We have a legitimate interest in understanding how you interact with our communications to you. Such data capture will only be deployed following receipt of explicit consent.|
Explicit user consent is captured when a user chooses to connect their Gmail account; PandaDoc has a legitimate interest in improving the functionality of our platform.
|Employment||When you apply for a job posting or become an employee or contractor, we collect information necessary to process your application or to retain you as an employee or contractor. This may include, among other things, your Social Security Number, diversity or demographic information, including race or ethnicity, gender or gender identity, and veteran or disability status. Providing this information is required for employment.||We use information about current employees to perform our contract of employment or the anticipation of a contract of employment with you. In some contexts, we are also required by law to collect information about our employees. We also have a legitimate interest in using your information to have efficient staffing and workforce operations and provide the Website, the Services, and App to our clients.|
|Feedback/Support||We collect Personal Information from you contained in any inquiry you submit to us regarding our Website or Services, such as completing our online forms, calling, or emailing for the purposes of general inquiries, support requests, or to report an issue. When you communicate with us over the phone or over a video-call platform, your calls may be recorded and sent to you as a support measure. These calls may also be analyzed for training, quality control, and for sales and marketing purposes by PandaDoc. During such calls we will notify you of the recording via either voice prompt or script. We may collect sensory information such as audio and visual image.||We have a legitimate interest in receiving, and acting upon, your feedback, issues, or inquiries.|
|Mailing list||When you sign up for one of our mailing lists, we collect your email address along with your first and last name.||We share information about our products and services with individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products or services.|
|Marketing data||When you subscribe to one of our mailing list(s), we collect your email address along with your first and last name.||We share information about our products and services with individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products or services.|
|Mobile device data||We collect information from your mobile device when visiting our Website. Such information may include operating system type and/or mobile device model, browser type, domain, and other system settings, the language your system uses and the country and time zone of your device, geo-location, unique device identifier and/or other device identifier, mobile phone carrier identification, and device software platform and firmware information.||We have a legitimate interest in identifying unique visitors, and in understanding how users interact with us on their mobile devices.|
|Order placement||Subsequent to Service enrollment (where we collect name, email and phone number, job role, company name and size), to place an order, we collect billing address, and credit or debit card details.||We use your information to perform our contract to provide you with products or services.|
|Social Media Connectors||Our Website uses social media connectors. They are social media buttons, such as LinkedIn, Facebook, Twitter, Instagram and YouTube, you see on our Website that allow you to connect and learn more about us and interact with us, our users and marketing partners.||We may engage in behavior-based advertising, capturing website and mobile application analytics and engaging third parties to assist with providing services that may be of interest to you.|
|Transactional Data/Event Data||Names and email addresses of parties to a transaction, subject line, history of actions individuals take related to a transaction (i.e. sign and forward features) and personal information about those individuals or their devices, such as name, IP address, email address and other authentication methods.||We use this information to fulfill our contractual duties to our Customers. We also have a legitimate interest in creating and maintaining an audit trail proving the authenticity and legality of signatures and documents created by PandaDoc.|
|Usage Data||Such as referring and exit pages and URLs, domain names, landing pages and content viewed and the order of those pages, the amount of time spent on particular pages, the frequency of your use of our Services and other related information.||We have a legitimate interest in understanding how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud|
|Website interactions||We use technology to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser.||We have a legitimate interest in understanding how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud.|
|Web logs||We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors.||We have a legitimate interest in monitoring our networks and the visitors to our Website and App as well as the access and use of the Services to enhance the Services. Web logs also help us understand which of our services is the most popular.|
In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources. For example, if you submit a job application, or become an employee, we may conduct a background check.
Information You Provide Us
- We collect Personal Information from you such as your role/title, first and last name, e-mail, mailing address, phone, password when you choose to subscribe to our Services/ set up an account through the Services.
- When you engage us to provide Services, our payment processor will collect all information necessary to complete the transaction, including your name, company name, credit card information, billing information, and direct deposit/ ACH information.
- If you provide us feedback or contact us via email, we may collect your name, if stated, and email address, as well as any other content included in the email, in order to send you a reply.
- When you participate in one of our surveys, we may collect additional information that you knowingly provide.
- We will maintain the information you send via email in accordance with applicable federal law.
- In compliance with the CAN-SPAM Act, all emails sent from our organization will clearly state who the email is from and provide clear information on how to contact the sender. In addition, all email messages will also contain concise information on how to remove yourself from our mailing list so that you receive no further e-mail communication from us.
- If you connect your Gmail account to the PandaDoc application, we collect your Gmail account address, IP address, and name to enable this functionality.
Information Collected via Technology
- In an effort to improve the quality of the Services, we reserve the right to track information provided to us by your browser or by our software application when you view or use the Services, such as the website you came from (known as the “referring URL”), the type of browser you use, the device from which you connected to the Services, the time and date of access, and other information that does not personally identify you. We track this information using Cookies. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive or mobile device. Sending a Cookie to a user’s browser enables us to collect Non-Personal Information about that user and keep a record of the user’s preferences when utilizing our Services, both on an individual and aggregate basis. Please review the Cookie Notice for more information.
- We reserve the right to use technological equivalents of Cookies, including social media, beacons or pixels. These pixels allow social media sites to track visitors to outside websites so as to tailor advertising messages users see while visiting that social media website. We reserve the right to use these pixels in compliance with the policies of the various social media sites.
Use and Processing of Personal Information
In addition to the purposes and uses described above, we use information in the following ways:
- To identify you when you visit our Website or App.
- To create your account on the Website, SaaS and/or App and maintain your relationship with us (providing you with requested information and communicating with you)
- To provide our Services including to send you records of our relationship, including for purchases and other requests.
- To improve our Services and offerings including test Services and test changes in our Services and to develop new products or features.
- To manage the security of our Website and Services, including support systems.
- To conduct analytics for example to create and review data about our users and how they utilize our Services.
- To record details about transactions with our Services involving electronic signatures (e.g. who initiated, viewed, or signed documents; signer’s IP addresses; timestamps)
- To respond to inquiries related to support, employment opportunities, or other requests.
- To send marketing and promotional materials including information relating to our products, services, sales, or promotions, or those of our business partners.
- To provide you with and collect payment for the Services and products requested
- To comply with legal obligation, including legal retention periods
- To defend or exercise our rights in legal claims
Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose. For example, if you sign up for Services, we may collect your information to complete that transaction, but we also collect your information as we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about your Services. As a result, our collection and processing of your information is based in different contexts upon your consent, our need to perform a contract, our obligations under law, and/or our legitimate interest in conducting our business.
Use of Non-Personal Information
In general, we use non-personal information to help us improve the Services and customize the user experience. We also aggregate non-personal information in order to track trends and analyze use patterns on the Services. This Privacy Notice does not limit in any way our use or disclosure of non-personal information and we reserve the right to use and disclose such non-personal information to our partners, advertisers and other third parties at our discretion.
Sharing of Your Personal Information
In addition to the specific situations discussed elsewhere in this policy, we may share personal information in the following situations:
- Affiliates and acquisitions. We may share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.
- Other disclosures with your consent. We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this policy.
- Other disclosures without your consent. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to or the provision of services by a third-party intermediary.
- Public. Some of our websites may provide the opportunity to post comments, or reviews, in a public forum. If you decide to submit information on these pages, that information may be publicly available.
- Service providers. We share your information with service providers. Among other things service providers help us to administer our website, send e-mail communications, conduct surveys, provide technical support, detect fraud, process payments, and assist in the fulfillment of orders. Our service providers will be given access to your personal information as is reasonably necessary to provide the Website and related Services. Our service providers are contractually obligated to use your personal information only at our direction and in accordance with our Privacy Notice; to handle your personal information in confidence; and to not disclose your personal information to unauthorized third parties. Service providers who violate these obligations are subject to appropriate discipline including, but not limited to, termination as a service provider.
Except as otherwise stated in this Privacy Notice, we do not sell, trade, rent or otherwise share for marketing purposes your personal information with third-parties without your consent.
Retention of Your Personal Information
The length of time for which we retain personal information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws. We keep your personal information for no longer than necessary for the purposes for which it was collected and/or processed. Where there are technical limitations that prevent deletion or anonymization, we safeguard personal information and limit active use of it.
See the Section “Your choices” about storage of your personal information.
How We Protect Your Personal Information
We implement security measures designed to protect your personal information from unauthorized access. We apply these tools based on the sensitivity of the personal information we collect, use, and store, and the current state of technology. We protect your personal information through technical and organizational security measures to minimize risks associated with data loss, misuse, unauthorized access, and unauthorize disclosure and alteration. We periodically review our information collection, storage and processing practices, including technical and organizational measures, to guard against unauthorized access to systems. Any account you have on our Website, SaaS or App is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use.
Because the internet is not a completely secure environment, PandaDoc cannot warrant the security of any information you transmit to PandaDoc or guarantee that information on the Website may not be accessed, disclosed, altered and/or destroyed by breach of any of our physical, technical and/or managerial safeguards. In addition, while we take reasonable measure to ensure that service providers keep your information confidential and secure, such service provider’s practices are ultimately beyond our control.
We are not responsible for the functionality, privacy and/or security measures of any other organization. By using our Website, you acknowledge that you understand and agree to assume these risks. You may ask for a list of technical and organizational measures taken to protect your personal data by e-mailing us at: firstname.lastname@example.org.
You may take the below actions to change or limit the collection or use of your Personal Information.
- Promotional/Marketing emails. You may choose to provide us with your email address for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional/marketing materials to you, as well as targeted offers from third parties. You can stop receiving promotional/marketing emails by following the unsubscribe instructions in e-mails that you receive and also adjust your email preferences here:. Email Preferences as well as your communication preferences here:
- Communication Preferences. If you decline to receive promotional and/or marketing emails, we may still send you transactional and service-related messages.
- Device and usage information. If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.
- Deletion Of Your Personal Information. Typically, we retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law, or as otherwise described in this Privacy Notice. You may, however, request information about how long we keep a specific type of information, or request that we delete your personal information by contacting us at the address below. If required by law we will grant a request to delete information, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.
- Deleting your In-App account. If you decide to delete your in-App account, you may do so by selecting “Delete Account” on your profile page. Deleting your PandaDoc account in-App will:
- Sign you out immediately
- Remove or anonymize any identifiable user information
International Data Transfers
Our company operates globally and has a global infrastructure. We utilize cloud computing which means your personal data may be transferred to a country with data protection laws not as strong as where you reside. We will transfer your Personal Data to countries deemed having adequate levels of data protection as determined by the European Commission.
If we share your personal information with entities located in the United States or other non-EEA jurisdictions which, according to the European Commission and the Court of Justice of the European Union through its Schrems II decision, do not offer an adequate level of protection to personal information, the GDPR authorizes other solutions to address lawful cross-border transfers. PandaDoc may rely on data processing agreements (DPAs) with attached standard contractual clauses (SCCs) approved by the European Commission or other appropriate solutions to address cross-border transfers as required or permitted by Articles 46 and 49 of the GDPR. Where required by such laws, you may request a copy of the suitable mechanisms we have in place by contacting us.
EU-/Swiss-U.S. Privacy Shield Frameworks Participation
In addition to the mechanisms set out above, we were previously certified to the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU to the United States. However, as of July 16, 2020 the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield, and we can no longer rely on our EU-US Privacy Shield Framework certification for transfers of personal information from the European members countries to the US. Instead, we rely on other appropriate safeguards recognized by the GDPR to effectuate such transfers set out above. We will continue to apply the Privacy Shield Principles to the personal information that we received from the European member states prior to July 16, 2020.
Our participation in and certification of our compliance with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework is set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries, the United Kingdom, and Switzerland transferred to the United States pursuant to Privacy Shield. By participating in the Privacy Shield Frameworks, we agreed to subject our compliance to the regulatory enforcement of the Federal Trade Commission (“FTC”) or any other statutory body empowered to enforce compliance with the Principles.
If there is any conflict between the policies in this Privacy Notice and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern in relation to us. On a case-by-case basis, we will comply with certain lawful requests to disclose personal information from public authorities, including to meet national security or law enforcement requirements. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
Our contractual accountability for personal information we receive under the Privacy Shield and subsequently transfer to a third party is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process personal information on our behalf do so in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event(s) giving rise to the damage.
In compliance with the Privacy Shield Principles, PandaDoc, Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union, United Kingdom and Swiss individuals with Privacy Shield inquiries or complaints should first contact PandaDoc at: email@example.com or PandaDoc, Inc., Attention: Privacy Department, 3739 Balboa St. #1083, San Francisco, CA 94121.
PandaDoc has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Children and Minors
PandaDoc does not knowingly collect personal data from children under the age of thirteen (13). If we learn that we have collected Personal Information from a child under age thirteen (13), we will delete such information as quickly as possible. If you believe that a child under the age of thirteen (13) may have provided us Personal Information, please contact us at: privacyteam@PandaDoc.com . By using the Services, you represent that you are at least eighteen (18) years old and understand that you must be at least eighteen (18) years old in order to create an account and/or purchase the goods and/or services through the Website.
If you are visually impaired, you may access this notice through your browser’s audio reader.
Changes to our Privacy Notice
In general, changes will be made to this Privacy Notice to address new or modified laws and/or new or modified business procedures. However, we may update this Privacy Notice at any time, with or without advance notice, so please review it periodically. We may provide you additional forms of notice of modifications and/or updates as appropriate under the circumstances. Your continued use of the Website after any modification to this Privacy Notice will constitute your acceptance of such modifications and/or updates. You can determine when this Privacy Notice was last revised by referring to the date it was last “Updated” above.
For questions or complaints regarding our use of your personal information or Privacy Notice or to forward deletion requests, please contact us at: firstname.lastname@example.org or PandaDoc, Inc., Attention: Privacy Department, 3739 Balboa St. #1083, San Francisco, CA 94121.