Adafruit Privacy Policy
Last Updated: August 21, 2024
This privacy policy governs how Adafruit Industries, LLC collects, stores, uses, and discloses information about users of adafruit.com. This policy applies to the site, along with related products and services offered by Adafruit Industries, LLC that link to this policy. This policy does not apply to websites, applications, or services that display or link to different privacy statements. For security related matters please email: [email protected]
We adhere to EU-U.S. DPF Principles with regard to personal data transferred from the European Union and the United Kingdom and the Swiss-U.S. DPF Principles with regard to personal data transferred from Switzerland. Click here to read more about the EU-U.S. DPF Principles.
Information You Provide to Us
The personal information we collect depends on how you interact with us, the products you use, and the choices you make. We collect and process personal information about you with your consent and/or as necessary to provide the products you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests.
When a user engages in certain actions on the site, they may provide us with certain kinds of information. This includes information including but not limited to:
- Name and Contact Information: Name, email address, postal address, phone numbers and other contact information
- Account Activity: Placed order details, gift certificates, wishlists, vouchers, subscriptions, and other account settings
- Payment Information: Payment information necessary to facilitate transactions on the site, including credit card details and billing address
- Content and Files: If you post comments or send us email messages, feedback, or other communications, we will collect and retain those communications
- Sensitive Personal Information: We collect account access information such as a username or account number in combination with a password, security or access code, or other credential that allows access to an account.
When you are asked to provide personal information, you may decline. But if you choose not to provide information that is necessary for certain products or features, those products or features may not be available or function correctly.
We may also combine information users provide with data we collect automatically (as further described below).
Information We Collect Automatically
When you use our products, we collect some information automatically. For example:
Identifiers and device information. When you visit our website, our web servers automatically log your Internet Protocol (IP) address, and information about your device, including device identifiers (such as MAC address); device type; and your device’s operating system, browser, and other software including type, version, language, settings, and configuration. As further described in the Cookies and Similar Technologies section below, our websites and online services store and retrieve cookie identifiers, mobile IDs, and other data.
Usage data. We automatically log your activity on our websites, apps, and connected products, including the URL of the website from which you came to our sites, pages you viewed, how long you spent on a page, access times, and other details about your use of and actions on our website.
Other sensor data/Adafruit.io. If you elect to integrate a device with Adafruit.io, we may collect certain sensor information from your device as a part of your elections and certain usage and diagnostic information about the device, including device type, board type, connection type, and corresponding Adafruit.io API log.
Inferences. We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we infer your city, state, and country location based on your IP address.
Cookies and Similar Tracking Technologies (California Do Not Sell My Info)
We use cookies, web beacons, mobile analytics and advertising IDs, and similar technologies to operate our websites and online services and to help collect data, including other identifiers and device information and usage data.
California Do Not Sell My Info
The California Consumer Protection Act (“CCPA”) requires us to disclose categories of personal information sold to third parties and how to opt-out of sale. The CCPA defines personal information to include online identifiers, including IP address, cookies IDs, and mobile IDs. The law also defines a “sale” to include simply making data available to third parties. Because we let advertising and analytics providers collect IP addresses, cookie IDs, mobile IDs through our sites and apps when you use our online services, but do not “sell” any other types of personal information, we provide our “Do Not Sell My Info” disclosures in this section. Other information related to your rights under the CCPA is contained in the California Rights section of this statement.
Site Data
We may collect information automatically about users when they visit our site. This may include details about the user’s browser type and installed extensions, operating system, access times, language, IP address, and referring URLs, along with other similar data.
Web Browser Cookies and Related Technologies
Our site uses cookies, web beacons, and similar technologies to provide features such as account logins and shopping carts, to remember user preferences, to engage in advertising and retargeting, as well as to analyze user behavior. Cookies are small text files placed on your device to store data that can be recalled by a web server in the same domain that placed the cookie. The text in a cookie often consists of a string of numbers and letters that uniquely identifies your device, but it can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.
We use web beacons (also called single-pixel or clear gifs) that are contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically hosted by a third party). This allows that web server to log information about your device and to set and read its own cookies. We use web beacons, for example, to deliver cookies, count visits, understand usage of our site and tell if an email has been opened and acted upon.
Third Party Sites and Services
Our site employs a variety of third-party services. These include payment gateways, shipping providers, content-distribution networks, advertisers, analytics, and monitoring tools. Some of these services store information about users, and may track individuals across sites, applications, and services. These services may collect information in a similar manner as described above, including, for example, IP address, access times, browser type, language, device type, and device identifiers. They can also create inferences about you from this information. By interacting with our services, certain information about user devices may be exposed to third party advertising and analytics using cookies and other tracking mechanism, these third parties include the entities in the charts below.
As a requirement for using the Google Ads advertisement platform, Adafruit.com has implemented Google Signals, which uses aggregate data about a user who has Ads Personalization turned on in their Google account to serve them ads on other websites related to events they have performed on our website, such as viewing products or adding products to their cart. We do not currently implement Google's 'Enhanced Conversions' which is used to further track a user after completing a transaction - a requirement of which is to send Google first-party information: their email address and/or phone number in hashed form. We believe that hashed first-party data is not truly anonymous, as long as it is easily matched to non-hashed personal information by the receiver, and in this case the attributes of the hashing mechanism are controlled by Google and so we have made this choice on behalf of our users in our use of Google’s services.
The analytics and advertising service providers we use that may track you across sites and services are:
Service Name | Purpose(s) | Privacy policy | Manage Settings (opt-out) |
---|---|---|---|
Google Analytics |
web analytics service |
||
Google Adwords |
online advertising service, analytics |
See association links below. |
|
|
online advertising service |
See association links below. |
You may find more information on each company's practices, including the choices it offers, by clicking on the above. Many of these companies are also members of associations, which provide a simple way to opt out of analytics and ad targeting, which you can access at:
United States: NAI (NAI Opt Out Form) and DAA (DAA Opt Out Forms)
Canada: Digital Advertising Alliance of Canada (youradchoices.ca information)
Europe: European Digital Advertising Alliance (Your Online Choices information)
Other third-party service providers we use:
Service Name | Function on adafruit.com | Privacy policy |
---|---|---|
Cloudflare |
Content Delivery Network |
|
Amazon S3 |
Static File Hosting |
|
Automattic |
site statistics and anti-spam services |
|
Contextly |
web analytics and content recommender service |
|
Algolia |
Search provider |
|
Youtube |
Online video service |
|
Paypal |
Online payments |
|
Amazon Payments |
Online payments |
|
Authorize |
Online payments |
|
Stripe |
Online payments |
|
Mailchimp |
Email marketing platform |
Cookie Controls. Many web browsers accept cookies by default. Users can usually change their browser's settings to reject and/or to remove many cookies. Please note also that choosing to reject or remove cookies may prevent certain features or services of our site from working properly. Since cookie opt-out preferences are also stored in a cookie in a browser, please also note that deleting cookies, using a different browser, or buying a new computer, may require renewal of opt-out choices.
Do Not Track and Global Privacy Control. Do Not Track (DNT) and Global Privacy Control are technologies which allows users to tell sites they visit that they don’t want to be tracked. They do this by including a signal with each request the browser sends. Where possible without breaking the functionality of our site, we take reasonable steps to honor Do Not Track and Global Privacy Control headers by attempting to serve only third-party services which themselves promise to honor Do Not Track and Global Privacy Control. However, because not all our necessary third-party service providers honor Do Not Track and Global Privacy Control and because implementations may change from time to time, we cannot guarantee that we will always be successful in all cases.
While we and others give users the choices described in this policy, there are many ways through which web browser signals and other similar mechanisms can indicate user choice to disable tracking, and we may not be aware of nor honor every such mechanism.
Mobile advertising ID controls. iOS and Android operating systems provide options to limit tracking and/or reset the advertising IDs.
Email web beacons. Most email clients have settings which allow you prevent the automatic downloading of images, which will disable web beacons in the email messages you read.
How We Use Collected Information
We use the personal data we collect for purposes described in this privacy statement or as otherwise disclosed to you, including for the following purposes:
- To improve customer service and respond to your questions and queries
- Information users provide helps us respond to their customer service requests and support needs.
- Applicable categories of user information: Contact information, account activity, payment information, content and files, usage data, inferences
- To improve our site and services
- We may use feedback users provide to improve our products and services.
- We may use information in the aggregate to understand how our users as a group use the services and resources provided on our site.
- Applicable categories of user information: Contact information, account activity, payment information, content and files, usage data, inferences
- To provide and deliver our products, including securing, troubleshooting, improving, and personalizing those products
- To offer our users relevant content and recommendations
- To display marketing and advertising tailored to our users on our site and on other sites
- Applicable categories of user information: Contact information, account activity, payment information, content and files, identifiers and device information, usage data, sensor data, inferences
- For business operations, including to process payments and fulfill orders and for other accounting and internal operations
- We use the information users provide about themselves when placing an order only as described in this policy and to process and fulfill that order. We do not share this information with outside parties except to the extent appropriate to provide the service.
- Applicable categories of user information: Contact information, account activity, payment information, content and files, identifiers and device information, usage data, inferences
- To prevent fraud and abuse
- We may use the information contained in orders to prevent fraudulent financial transactions and other illicit activity or violations of our terms of service.
- We may use network addresses and similar data to block or report abusive and harassing users. In cases involving potential harm to individuals, we may submit personally identifiable information to law enforcement or other third parties.
- Applicable categories of user information: Contact information, account activity, payment information, content and files, usage data, inferences
- To send periodic emails and otherwise communicate with you through confirmations, invoices, notices, alerts, and administrative messages
- We may use the email address to send users information pertaining to their orders and accounts. It may also be used to respond to their inquiries, questions, and other requests.
- Applicable categories of user information: Contact information, account activity, payment information, content and files, identifiers and device information, usage data, inferences
- Marketing and Advertising
- If our users so choose, we may send them emails about products, events, promotions, and offers.
- We use third party advertising providers as described in the Cookies and Similar Tracking Technologies section.
- Applicable categories of user information: Contact information, account activity, identifiers and device information, usage data, inferences
In carrying out these purposes, we combine data we collect from different sources to give you a more seamless, consistent, and personalized experience.
How Collected Information is Shared
Our users may share certain of their information, for example, when users post comments or make forum posts. If a user posts comments or forum posts, they should remember that this information, together with certain user profile information, may be available to the public. We cannot control the privacy or security of information that users choose to make public.
We share personal data with your consent or as necessary to complete your transactions or provide the products you have requested or authorized, including with vendors or agents working on our behalf for the purposes described in this privacy notice (including above in the cookies section). For example, when you provide payment data for a purchase, that information will be processed by a payment processor who may use the information as necessary for payment processing, fraud prevention, or related financial services.
Although some of your data may be processed by third parties through the use of behavioral and analytics data described above, we do not otherwise sell, trade, or rent users’ personally identifiable information to others. However, we may share aggregate demographic information, that does not identify any individual user, with our business partners or service providers.
We may share all the categories of information described in this privacy statement in the following ways:
- For the purposes of a merger, financing, acquisition, or bankruptcy transaction or proceeding involving the sale or transfer of all or substantially all of our business or assets. We may also share information across our affiliates, subsidiaries, and related companies.
- For legal, protection, security, and safety purposes. Including to comply with law or regulatory requirements, to respond to lawful requests and legal process, to protect our rights and to protect our network, or in an emergency.
Please note that some of our products include references or links to products provided by third parties whose privacy practices differ from ours. If you provide personal data to any of those third parties, or consent to our sharing personal data with them, that data is governed by their privacy statements.
How We Protect Your Information
We adopt appropriate and reasonable practices and security measures designed to protect against unauthorized access, alteration, disclosure, or destruction of personal information.
To help us protect personal data, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts.
Retention of Personal Information
We retain personal information for as long as necessary to provide the products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations. For example, we keep access and error logs on active servers for a maximum of 60 days, for the purposes of improving our user experience.
Location of Personal Information
The personal information we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers maintain facilities. Currently, we primarily use data centers in the United States. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps designed to ensure that the data we collect under this statement is processed according to the provisions of this statement and applicable law wherever the data is located, however, some countries where we store data may have laws that offer a different level of data protection than the country in which you reside.
Location of Processing European Personal Data. We transfer personal information from the European Economic Area, United Kingdom, and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal information protections, please visit: Data Privacy Adequacy Decisions. We also participate in the EU-U.S. Data Protection Framework (DPF), the Swiss-U.S. DPF, and the UK extension to the EU-U.S. DPF. We comply with the DPF Principles with respect to personal data transferred from the EEA, Switzerland, and UK to the United States in reliance on the DPF. Our controlled U.S. subsidiaries and affiliates, as identified in our self-certification, also adhere to the DPF Principles. If there is any conflict between the terms in this privacy statement and the DPF Principles, the DPF Principles shall govern. To view our certification, please visit https://www.dataprivacyframework.gov/.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. If third-party agents process personal data on our behalf in a manner inconsistent with the DPF Principles, we remain liable unless we prove we are not responsible for the event giving rise to any damages. If you have a question or complaint related to our compliance with the DPF Principles, please contact us as indicated at the bottom of this privacy statement. Finally, under limited circumstances and after other available dispute resolution mechanisms have been exhausted, binding arbitration is available to address certain residual complaints under the DPF not resolved by other means.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. PDF and the Swiss-U.S. DPF, Adafruit commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to ICDR-AAA DPR IRM Service, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgement of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR-AAA DPF IRM Service are provided at no cost to you.
Information Choices and Changes
We provide a variety of ways for you to control the personal data we hold about you, including choices about how we use that data. In some jurisdictions, these controls and choices may be enforceable as rights under applicable law.
Access, portability, correction, and deletion. If you wish to access, correct, or delete personal data about you that we hold, you may access your account by logging into the Adafruit services you use or by emailing us at the contact information below.
Communications preferences. You can choose whether to receive promotional communications from us by email. If you receive promotional email from us and would like to stop, you can do so by following the directions in that message or by contacting us as described in the “Contact Us” section below. These choices do not apply to certain informational communications including surveys and mandatory service communications.
Targeted advertising. To opt-out from or otherwise control targeted advertising, you have the options described above under our cookies section including the use of a Global Privacy Control.
Data Sales. Some laws define “sale” broadly to include some of our uses of analytics and advertising providers, to opt-out from such “sales” please use the methods described above in our cookies section including the use of a Global Privacy Control.
Except for the automated controls described in our cookies section, if you send us a request to exercise your rights or these choices, to the extent permitted by applicable law, we may decline requests in certain cases. For example, we may decline requests where granting the request would be prohibited by law, could adversely affect the privacy or other rights of another person, would reveal a trade secret or other confidential information, or would interfere with a legal or business obligation that requires retention or use of the data. Further, we may decline a request where we are unable to authenticate you as the person to whom the data relates, the request is unreasonable or excessive, or where otherwise permitted by applicable law. If you receive a response from us informing you that we have declined your request, in whole or in part, you may appeal that decision by submitting your appeal using the contact method described at the bottom of this Privacy Policy.
Deleting an Account
When an account is deleted by a user of Adafruit's online services, certain information associated with the account will be deleted and no will no longer be accessible.
We delete online behavioral data stored on our servers, and will send a deletion request to relevant third party services that collect online behavioral data on our behalf.
Certain information pertaining to monetary transactions, including but not limited to order information and shipping addresses, as well as data that was flagged as suspicious or fraudulent at the time of creation will be retained for as long as appropriate to comply with our legal obligations or resolve legal disputes.
In order to maintain the user experience of the rest of our customers, publicly posted information including forum posts and blog comments may be retained for the purpose of providing continued support to future customers.
We may also retain account information temporarily in backups and short-term logs.
If you choose to delete your account, other data associated with your account will be deleted and inaccessible to you, this includes but is not limited to shopping history, wishlist and shopping cart contents, and personal website preferences. Individual user records may also be deleted on request by emailing [email protected].
European Data Protection Rights
If the processing of personal information about you is subject to European Union data protection law, you have certain rights with respect to that data:
- You can request access to, and rectification or erasure of, personal information;
- If any automated processing of personal information is based on your consent or a contract with you, you have a right to transfer or receive a copy of your personal information in a usable and portable format;
- If the processing of personal information is based on your consent, you can withdraw consent at any time for future processing;
- You can to object to, or obtain a restriction of, the processing of personal information under certain circumstances; and
- For residents of France, you can send us specific instructions regarding the use of your data after your death.
To make such requests, contact us at [email protected]. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.
We rely on different lawful bases for collecting and processing personal data about you, for example, with your consent and/or as necessary to provide the services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests.
California Privacy Rights
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), you have certain rights with respect to that information.
Notice at Collection. At or before the time of collection, you have a right to receive notice of our practices, including the categories of personal information and sensitive personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details in this statement by clicking on the above links.
Right to Know. You have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information. Note that we have provided much of this information in this Privacy Policy. You may make such a “request to know” by contacting us using the contact information at the bottom of this Privacy Policy.
Rights to Request Correction or Deletion. You also have rights to request that we correct inaccurate personal information and that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to correct or delete, please contact us using the contact information at the bottom of this Privacy Policy.
Right to Opt-Out / “Do Not Sell or Share My Personal Information”. You have a right to opt-out from future “sales” or “sharing” of personal information as those terms are defined by the CCPA. Note that the CCPA defines “sell,” “share,” and “personal information” very broadly, and our use of advertising and analytics providers may result in their collection of identifiers (IP addresses, cookie IDs, and mobile IDs), activity data (browsing, clicks, app usage), device data, and geolocation data through our sites and apps when you use our online services. We do not “sell” or “share” any other types of personal information. If you do not wish for us or our partners to “sell” or “share” personal information in this way, relating to your visits to our sites for advertising or analytics purposes, you can make your request by using a Global Privacy Control or using other controls described in the “Information Choices and Changes” section of this statement. If you opt-out using these choices, we will not share or make available such personal information in ways that are considered a “sale” or “sharing” under the CCPA. However, we will continue to make available to our partners (acting as our service providers) some personal information to help us perform functions on our behalf. Further, using these choices will not opt you out of the use of previously “sold” or “shared” personal information or stop all interest-based advertising.
We do not knowingly sell or share the personal information of minors under 16 years of age.
Right to Limit Use and Disclosure of Sensitive Personal Information. You have a right to limit our use of sensitive personal information for any purposes other than to provide the services or goods you request or as otherwise permitted by law. Note that we do not use sensitive personal information for any such additional purposes.
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us. Further, to provide, correct, or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your account.
You have a right to not be discriminated against for exercising rights set out in the CCPA.
Additionally, under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law.
Notification of law enforcement or governmental requests
Adafruit may choose to notify users of requests for their information prior to disclosure where Adafruit is prohibited from doing so by statute or court order (e.g., an order under 18 U.S.C. 2705(b)).
For more on our law enforcement request policies, please read our Law Enforcement Request FAQs.
General Inquiries
Other general inquiries may be sent via e-mail to: [email protected]
Special Thanks
Adafruit appreciates the work done by Twitter (and SparkFun) for their legal request guidelines.
Changes to This Privacy Policy
We update this policy in our discretion at any time by posting the amended version here or by providing such notice about or obtaining consent to changes as may be required by applicable law. When we do, we will revise the updated date at the top of this page. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect.
Contacting Us
If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at:
Adafruit Industries, LLC
168 39th Street 1905CC
Brooklyn, New York 11232
[email protected]
Our data protection representative for the European Economic Area and Switzerland is VeraSafe Ireland Ltd., Unit D3 North Point House, North Point Business Park, New Mallow Road, Cork
T23AT2P, Ireland
For security related matters please email: [email protected]