Privacy Policy

Last updated on 02 July 2024

1. About Us

MoEngage, Inc. (“MoEngage,” or “Us” or “We”) provides SaaS (software as a service) (the “Service”) that enables the providers of mobile applications and websites (the “App Providers”) to understand how end users who download, access and/or interact with App Providers’ services (the “End Users”) interact with their services. Your privacy is important to us, and we are committed to protect your privacy.

2. About this Policy

This Policy (the “Privacy Policy”) informs you about what information (“Personal Data” or “Personal Information”) we may collect directly or indirectly from you through the MoEngage platform (the “Platform”), as a part of our Service. It describes how we create, store, transfer, share, collect, organize, use, return or delete (“Process”) personal data with the privacy and security practices we have implemented on the MoEngage Platform. The European Union website visitors should be sure to read the important information provided under the section – “Additional Information for European Union Users” in this Privacy Policy.

If the Use of Your information changes, We will provide You (“Website Visitors, Customers, End Users, Job Applicants/Candidates, Employees (current and former), Contractors, sub-contractors, third-party vendors, visitors to MoEngage office) with more information when we are in contact with You, via different modes of communications, through our website or via email. You can check for any updates or amendments to this Policy when You visit our website on – https://www.moengage.com/. Any information that we process is subject to the privacy policy in effect at the time such information is collected.

This Privacy Policy only applies to MoEngage and does not apply to the practices of companies that MoEngage does not own or control, or to people that MoEngage does not employ or manage. This policy applies to all website visitors, end users of our customers, employees, permanent or temporary, and all contractors, interns working on behalf of MoEngage.

If MoEngage is collecting information directly from You, then MoEngage will act as the Data Controller (defined hereunder). If MoEngage is receiving information from its Customer, MoEngage will act as a Data Processor (defined hereunder) and shall process data as per the instructions received by the Data Controller. If you have any questions related to handling Your Personal Data by MoEngage or to exercise Your rights to privacy You can contact us at [email protected].

3. Legal Basis for Processing Your Information

This is a global Policy and shall apply wherever You reside. In this section, We describe our legal justifications (commonly referred to as “legal basis”) for the Use of Your Personal Information related to each of our main processing activities.

Please note: depending on the country where You reside, the law of Your country may not require that We use a specific legal basis to justify Using Your Personal Information, including transfers of Your Personal Information outside Your country of residence (Example : GDPR). If Your jurisdiction requires consent to Process Your Personal Information when You interact with Us, We will obtain Your consent prior to the Use of such Personal Information.

Below, We explain to You the MoEngage’s legal basis when processing Your Personal Information:‍

1. Based on our contract with You –

  • As one of our customers (when You create Your account), or business partner We will keep and store Your personal or professional contact details to interact, and provide You with related offers as a customer, and manage the (pre-) contract or Your user account, and for administrative or billing purposes.
  • As MoEngage employees, we will process and store your personal data as your employer in accordance with the NDA signed and the Privacy Policy e-signed at the time of on-boarding.

2. Based on Your prior consent (where permitted or required by law upon)

  • We collect information about You when navigating on our sites and other features, when You submit queries or interact with Us, this is implemented in the form of cookie consent. Read the ‘Cookie Policy’ for more details.
  • We Use Your information in the context of marketing and sales to propose similar offers or inform You about upcoming products and send newsletters; or for statistics purposes.
  • Depending on Your country of residence, We may have to request Your prior consent for example:
    • While contacting us for any queries;
    • While you want to become a Partner with MoEngage;
    • While signing up for MoEngage service as a free user;
    • While registering for MoEngage webinars;
    • While customer account creation;
    • When subscribing to our Library Updates for gaining access to our newsletters, blogs, Ebooks, actionable reports, guides, tips, videos, podcasts;
    • Sharing or disclosing Your Personal Data to Sub-processors outside of Your country of residence in countries that do not provide the same level of protection to Your privacy and data protection as in Your country of residence;
    • Using forms, when creating Your user account; or when using cookies or similar technologies.‍
      As one of the candidates applying for a job role through the careers page, we will take your consent while you fill your details on the careers page.

3. Based on your legitimate interest shared during the referral of your job application by employees of MoEngage as part of the ‘Talent Ambassador Program’ and also during sharing your details with recruiters reaching out on phone calls, LinkedIn or email.

4. To comply with applicable data protection laws and other legal statutes – In some limited instances, We may have to keep some limited Personal Information about You longer than needed such as for tax or accounting purposes.

4. Consent Withdrawal

As per global privacy laws and regulations, MoEngage gives its data subjects the right to withdraw their consent at any time.The process of withdrawing consent is as easy as it was to obtain consent and it is an easily accessible one-step process. MoEngage entities have a consent withdrawal mechanism in place to ensure the effective exercise of this right of the data subject.

Data Subjects can withdraw their consent by filling the ‘Data Subject Rights’ form available on the cookie banner or in the ‘Privacy Settings’ section at the footer of the website. The Data Subject will then be shared with a ‘Consent Withdrawal Form’ Template which needs to be filled and shared to [email protected].

5. Data Collection

5.1 Data Collected as a Data Controller

We collect only the information needed for legitimate business purposes.

As a Data Controller, MoEngage collects such data from employees, contractors, vendors, interns and customers for various reasons, such as, product demonstrations, marketing purposes or for job vacancies/ career applications or for other purpose(s).

MoEngage collects Personal Data about employees through application, forms, intranet applications, physical copies, government authorities, vendors, emails and interviews as a part of their employment. Personal information with supporting documents is also collected during the MoEngage onboarding process and during the course of your employment. We may collect personal information directly from publicly available databases, social media sites or in collaboration with our partners from time to time.

When other entities of MoEngage or other third-parties give us Personal Information about you, we make sure they have complied with the relevant privacy laws and regulations. This may include, for example, that we have informed You of the personal data processing as per your legitimate interests, and that we have obtained any applicable and necessary permission from you to process that information as described in this Privacy Policy.

This information would be collected by us in a number of ways through multiple channels while joining our organization and over time during our relationship with you, which have been informed through the ‘Employee Privacy Notice’ shared at the time of onboarding.
Types of Personal Data collected by MoEngage as Data Controller:

  • Request for demo Form – To request a demo for MoEngage Services
    First name, business email address, phone number and country of residence.
  • Contact Us Form – To contact us for any queries
    First name, last name, business email address, company name, country.
  • Career Application Form – To apply for jobs at MoEngage careers page
    First Name, Last Name, Email, Phone Number, years of experience, Resume, current company, current location, Current Salary, Notice period, expected salary, LinkedIn profile, website/blog/portfolio
  • Partner Ecosystem Form – To become a partner with MoEngage
    First name, last name, business email address, company name, Partnership Type, phone number and country.
  • Subscribe to Our Library Updates – To subscribe to our blogs, Ebooks, actionable reports, guides, tips, videos, podcasts
    First Name, Email
  • Self Serve Form – To sign up for MoEngage service as a free user
    First Name, Last Name, Email, Country, Phone Number, Company Name, Password
  • Webinar Registration Form – To register for MoEngage webinars
    First Name, Last Name, Email, Company Name, Job Title
  • Data captured by cookies which may include analytical information and information about the date and time of Your request read our cookies section, Internet Protocol (IP) address, geolocation data, Your browser, operating systems, device ID. Please refer to the ‘Cookie Policy’ for more information.

5.2 Data collected as a Data Processor

As a Data Processor, MoEngage provides SaaS (software as a service) that enables the App Providers to understand how end users who download, access and/or interact with App Providers’ services (the “End Users”) interact with their services. Our customers can choose to collect the Personal Data of the end users. This collection shall be as per the Customer’s privacy policy.

Types of Personal Data that is collected by MoEngage as Data Processor‍

  • Customer Account Creation –
    For Customer account, We provide login on MoEngage dashboard which takes user’s first name, last name, company name, work email ID and contact number.
  • Customer Engagement –
    Name, e-mail id, contact number. However, these fields are customizable and the customer may choose to collect Personal Information in addition to the above mentioned ones.
  • Personalized campaigns –
    MoEngage shall provide customers with omnichannel support to get analytics and the Personal Information collected by them may include name, e-mail id, phone number, designation and so on, which are totally customizable by the Customer/ event organizer.

When an App Provider embeds our tracking code into its Applications, we access or obtain Personally Identifiable Information (“PII”) such as an End User’s email address, name, and phone number, depending on the selections the applicable App Provider makes via the MoEngage Software Development Kits (the “SDKs”).

We also access or obtain additional information about End Users’ use of App Providers’ Applications and End Users’ devices, such as the following:

  • actions taken
  • content viewed
  • messages viewed
  • messages clicked
  • offers accepted
  • search terms entered
  • advertisements clicked
  • applications opened
  • applications sent to the background
  • transactions in which an End User engaged
  • application name
  • application version
  • application bundle identifier
  • operating system name
  • operating system version,
  • unique device identifiers
  • IP addresses
  • and access date, time, and location information.

Please ensure you read, understand, and accept the privacy policies, and any terms of use of the App Provider that uses the MoEngage Service. By using our Service, you expressly relieve MoEngage from any and all liability arising from your use of the App Providers service. We analyze and use this information to provide and improve the MoEngage Service. MoEngage collects information under the direction of our App Providers and has no direct relationship with the End Users whose personal data it processes. If you are a customer of one of our App Providers and would no longer like to be contacted by one of our App Providers that use the MoEngage Service, please contact the App Provider directly. If the App Provider fails to respond to your request within 30 days, you may contact us with your request at [email protected].

6. Information Related to Use of the Platform

We gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information we collect about you. We do this to improve the services we offer you, to improve marketing, analytics, or site functionality.

6.1 For App Providers

6.1.1 Why do we collect information from App Providers?

We collect and use information from App Providers to provide our Service, improve our Service, administer your Account, and personalize the End User experience.

6.1.2 Personal Information

When you, as an App Provider, create an Account or when you request information about the MoEngage Service, we’ll collect certain information that can be used to identify you, such as your name and email address (“PII”). We may also collect information that cannot be used to identify you, such as Account preferences.

6.2 For End Users Data

6.2.1 Communications

App Providers are able to send you, the End Users, push notifications, thought In-apps, or email communications through the MoEngage Service.

6.2.2 Opt-Out

An End User who seeks to opt out must direct their query to their App provider (Data Controller). The App Providers may then request us to opt out of the said End User’s data, which we shall do so within 1 calendar month. Alternatively, the End User may contact us directly, by sending opt-out requests to [email protected], which we will then share with our customer (the App Provider).

6.3 For End Users and App Providers

MoEngage uses “cookies,” which are small text files that are placed by web servers and used to remember your preferences and settings. We use cookies for:

  • analyzing trends
  • administering the site
  • tracking users’ movements on the website
  • gather demographic information about our user base as a whole
  • tracking your login and interaction with our website

We may receive reports based on the use of these technologies on an individual as well as aggregated basis. You can change your browser settings to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If your browser does not accept cookies, you may not be able to easily access all aspects of our Service. Third parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use locally stored objects (LSOs) such as HTML5 to collect and store information. Please refer to the ‘Cookie Policy’ for more details on how we use cookies and other web tracking technologies.
When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or online profiles. We (or service providers on our behalf) may then send communications and marketing to these emails or profiles. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.

6.4 Opting-Out

Our partners may use non-cookie technologies (web tracking technologies) such as pixel tags, that may not be impacted by browser settings that block cookies. Your browser may not permit you to block such technologies. For this reason, you can use the following third-party tools to decline the collection and use of information for the purpose of serving you interest-based advertising:

7. Sharing and Disclosure of Information

7.1 Information Shared with our Subsidiaries

We shall transfer your PII to our Indian subsidiary to provide you with better service or for troubleshooting purposes. Our Indian subsidiary is bound by the principles of Standard Contractual Clauses and the obligations under this Privacy Policy. If you have any questions or concerns related to the transfer of PII to our Indian subsidiary, you contact us at [email protected].

7.2 Information Shared with our Service Providers or Sub-Processors

We may engage third-party Service Providers or Sub-processors to work with us to administer and provide the MoEngage Service such as sending you emails, storing data, etc. These third-party Service Providers have access to PII only for the purpose of performing the MoEngage Service on our behalf and are expressly obligated not to disclose or use your PII for any other purpose.

Please find the list of sub-processors here.

Please Note: The List of sub-processors may differ from customer-to-customer.

The End Users may reach us at [email protected] if they require further information about the third-party Service Provider, the services that they are providing, or their privacy policy.

7.3 Information Shared with Third Parties

We may share aggregated information and non-identifying information with third parties for industry analysis, demographic profiling, and other similar purposes. We will not share the End User PII collected from one App Provider with third parties.

We may share and disclose Personal Data to the following types of third parties and for the following purposes:

  • To customers – We may disclose information to our customers in the form of aggregated, anonymous data about the way the Services have been used to enable us to provide and improve our Services, to provide strategic advice to our customers, and to further and enhance our role as a thought leader in the industry;
  • To vendors, consultants, and other service providers – We may disclose information to third-party vendors, consultants, business partners, and other service providers in connection with our marketing efforts, or in connection with our general business purposes;
  • To comply with laws – We may disclose information to a third party where we are legally required to do so in order to comply with any applicable law, regulation, legal process, or governmental request;
  • To protect our legal rights – We may also disclose information where we believe it necessary in order to protect or exercise, establish or defend our legal rights;
  • Business transfers – We may share or transfer information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company;
  • To provide our Services – We use sub-processors in our provision of the MoEngage Services to our customers, such as third-party hosting providers and third-party database support services. Some of these third-party sub-processors may have logical access to data about you, but in all cases, any subprocessor to whom we disclose any information will be subject to a written agreement containing confidentiality protections designed to protect any Personal Data that is shared with them;
  • To manage events – If you use our Website to register for an event or webinar organized by one of our partners who may be a co-sponsor of the event, we may share your Personal Data with the co-sponsor to the extent this is required to process your registration and ensure your participation in the event; in such instances, our co-sponsor will process the relevant Personal Data as a separate controller and the sponsor’s use and the control over your Personal Data will be governed by the sponsor’s privacy policy;
  • To advisors – In individual instances, we may share Personal Data with professional advisers acting as processors or joint controllers, including lawyers, bankers, auditors, and insurers based in countries in which we operate, who provide consultancy, banking, legal, insurance, and accounting services, but only to the extent we are legally obliged to share or have a legitimate interest in sharing your Personal Data;
  • To Google reCAPTCHA – Google’s “invisible” reCAPTCHA collects and analyzes how users navigate our website inorder to determine whether the activity is suspicious. It collects IP address, User Google account information, user behaviour, Browser history and cookies.
  • To affiliates – We may share Personal Data with affiliates within the MoEngage group and companies that we may acquire in the future when they are made part of the MoEngage group, to the extent such sharing of data is necessary to fulfill a request you have submitted via our Website or for customer support, marketing, technical operations or account management purposes; and
  • Publicly shared data – Any Personal Data or other information you choose to submit in communities, forums, blogs, forms or chat rooms on our Website may be read, collected, and used by others who visit these forums, depending on your account settings.

7.4 Information Disclosed for our Protection and the Protection of Others

It is our policy to protect App Providers and End Users from having their privacy violated through abuse of the legal systems, whether by individuals, entities or government and to contest claims that we believe to be invalid under applicable law. However, it is also our policy to cooperate with government and law enforcement officials and private parties. Accordingly, we reserve the right to disclose any information about App Providers or End Users to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary:

  • to satisfy or comply with any law, regulation or legal process or to respond to lawful requests, including subpoenas, warrants or court orders;
  • to protect our property, rights and safety and the rights, property and safety of third parties or the public in general; and
  • to prevent or stop activity we consider to be illegal or unethical. We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

8. Cross-border Data Transfers

Transferring of personal data out of the European Economic Area (EEA) or US to countries not deemed by the European Commission or US State Laws to provide an adequate level of personal information protection, shall be governed by one of the following safeguards recognized by EU & US data protection legislation respectively.

Kindly note that MoEngage will follow appropriate level of protection and deploy all necessary safeguards for transfer of such data that constitutes confidential information and/or Personal Data, additionally such transfers, to any country(s) which do not ensure an adequate level of data protection, MoEngage will ensure that the transfer is through one of the following mechanisms:

  • In accordance with the EU-US Data Privacy Framework
  • In accordance with the Swiss-US Data Privacy Framework
  • Data Processing Agreements (DPAs) with Standard Contractual Clauses (SCCs) approved by the European Commission who impose data protection obligations on the parties to the transfer.

For further details, see European Commission Model contracts for the transfer of personal information to third countries. The entity receiving the personal data shall comply with the principles of personal data processing set forth in the agreement.

9. Personal Data Protection

We are fully committed to Information security and compliance with applicable regulations, by implementing strong security controls for the protection of personal data. We have designed and implemented information security programs in line with International Organization for Standardization (ISO) 27001:2013 standard and Service Organization Controls 2 (SOC). We have put in place appropriate measures to comply with the European Union (EU) General Data Protection Regulation (GDPR).

We take reasonable measures to protect the information that we collect from or receive from App Providers or End Users (including PII) from unauthorized access, use, or disclosure. When you enter sensitive information (such as login credentials) on our forms, we encrypt the transmission of that information using secure socket layer technology (SSL). Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of unencrypted electronically stored “personal data” (as defined in applicable state statutes on security breach notification) via email or conspicuous posting on our Platform in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

At any point, if you suspect any security issues or incidents, or you receive any suspicious mail from someone holding themselves out to be a MoEngage employee or from a fake website claiming to be affiliated with MoEngage, you may reach out to us at [email protected]

10. Privacy by Design

We have established a process to proactively embed privacy at the initial planning/design stages and throughout the complete development process of new processes/ services/ technologies and/or platforms that involve Processing of Personal Data.

Considerations have been made for technical and organizational measures to enhance privacy (e.g. optional data masking, optional data encryption, data minimization).

In addition, We shall take appropriate technical and organizational measures to ensure that Personal Data collected or Processed is adequate, relevant and limited to what is necessary in relation to the purposes for which they are Processed.

11. Links to Other Sites

Our Service may contain links to other websites and services. Any information that an App Provider or End User provides on or to a third-party website or service is provided directly to the owner of the website or service and is subject to that party’s privacy policy. Our Privacy Policy does not apply to such websites or services, and we are not responsible for the content, privacy, or security practices and policies of those websites or services. We recommend that App Providers and End Users carefully review the privacy policies of other websites and services that they access.

12. Social Media Features

Our Platform includes Social Media Features, such as the Facebook button, and widgets, such as the “Share” button, or interactive mini-programs that run on our site. These features may collect your IP address, and which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social Media Features are either hosted by a third party or hosted directly on our Platform. Your interactions with these Features are governed by the privacy policy of the company providing them.

13. Our Policy Toward Children

Our Service is not directed to children under the age of 13. MoEngage users must not be under the age of 13. We do not target any portion of our service to children under the age of 13, and we will delete any accounts or data of users that we believe to be under the age of 13 to be in compliance with the Children’s Online Privacy Protection Act. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without their consent, he or she should contact us at [email protected].

14. Automated decision making and Profiling

MoEngage as a Data Controller profiles its customers based on location as well as it’s employees based on location, qualification, age and gender. However, we do not use automated decision making for any of the processing operations performed on customer’s and employee’s personal data. As part of providing our services, MoEngage as a Data Processor shall act on behalf of our customers while they profile their end users data and/or use it for automated decision making.

15. Additional Information for European Union Users

15.1 Handling of Data Subject Rights as a Data Processor by using APIs

MoEngage processes the personal data of End Users on behalf of the App Providers (Our Customers) and acts as a Data Processor on behalf of App Providers, who act as Data Controller. Wherever MoEngage acts as Data Processor, it merely processes Personal Data under the direction of the Customers and has no direct control or ownership of the Personal Data We Process. It is the responsibility of the Customers for complying with any regulations or laws requiring notice, disclosure or obtaining consent prior to transferring the data to MoEngage for further processing purposes. Attendee’s of an event that seeks to access, correct or delete data, should direct their request to the Customer. MoEngage shall assist Customers by addressing the data subject requests received by them through the respective APIs. Please refer to the Developer Guide for more information on how we address data subject requests shared by the customer. If the Customer requests MoEngage to delete, rectify or access the Personal Data of an Attendee to comply with Applicable Data Protection Laws, MoEngage will process this request within the required time frame under the Applicable Data Protection Laws by using appropriate APIs.

15.1.1 For End Users:

MoEngage is a service provider that processes data on behalf of App Providers, any requests relating to European Users’ exercise of their rights of access, rectification, erasure, or restriction under the European General Data Protection Regulation (“GDPR”) must be provided to MoEngage by an App Provider. App Providers can notify MoEngage of these requests directly. You can refer to this article for more information. Moreover, MoEngage supports functionality to allow App Providers to respect granular controls regarding User data privacy rights. App Providers can flag in the MoEngage SDK that a particular User has requested that their data not be processed by MoEngage, in which case MoEngage will no longer process engagement data on behalf of the App Provider for that User.

15.1.2 For App Providers:

App Providers who are users of MoEngage Service and who are residents of the European Union may request to get a confirmation that MoEngage is processing your data, access this information, or request to rectify, or delete or restrict the processing of this information. For any such request, you may send an email to us at [email protected]

Kindly note that MoEngage will not process a Data Subject request to change information that may cause the information to be incorrect, fraudulent, misrepresented or violates any law of land or legal statute. In such instances, We will inform the Customer about the legal obligations that prevent Us from fulfilling the request.

15.2 Handling of Data Subject Rights as a Data Controller:

For MoEngage employees, candidates and visitors of the MoEngage website, MoEngage Inc. is the controller of your personal information for purposes of European data protection legislation.

Data Privacy and data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to the personal information that we hold as a Data Controller –

  • Access: To provide the personal information we hold for you
  • Rectify: To rectify the incorrect personal information we are holding for you
  • Delete: To erase the personal information.
  • Transfer: Send a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict: To restrict the processing of your personal information.
  • Object: To object the processing of your personal information

Opt-out: Once you opt-out, we shall stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing emails.

Data Subjects can opt-out or withdraw their consent by filling the ‘Data Subject Rights’ form available on the cookie banner or in the ‘Privacy Settings’ section at the footer of the website. The Data Subject will then be shared with a ‘Consent Withdrawal Form’ Template which needs to be filled and shared to [email protected].

MoEngage shall record any request to withdraw or change consent in a similar way to the recording of the consent itself.

15.3 Exercising your Rights

For exercising your data subject right (DSR), kindly submit your data subject rights requests by email to [email protected] mentioning the following information –

  • First Name
  • Last Name
  • Email Address
  • Mention the Jurisdiction you are currently located in (European Union (E.U.)/United Kingdom (U.K.)/United States of America (U.S.A)/Singapore/Philippines/Middle East, India, Indonesia, Other Country)
  • Type of Data Subject Request: (Right to Access/Right to Erasure/Right to Object/Right to Restrict Processing/Right to Rectification/Right to Data Portability/Right to Infromation about Automated Decision making/ )
  • Who do you identify yourself as? (Customer, Employee, Ex-Employee, Job Candidate)
  • Other comments (if any):

We will require the above-mentioned information to authenticate your request.

We may reject your request as applicable under law in which case we will inform you of the legal basis for rejecting your request. Once we receive your request, we shall acknowledge your request and share the appropriate form/template, which you need to fill and share it to us on [email protected]. If you wish to prevent such processing, please accept only ” Strictly necessary cookies” in the cookie banner. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at [email protected].

15.4 Use for a new purpose:

We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

16. Additional Information for California Residents

The California Consumer Privacy Act 2018 (CCPA) and its upcoming amendments such as the California Privacy Rights Act (CPRA), California residents have specific rights regarding their Personal Information.If you are a California resident, this section applies to you in addition to the rest of the Privacy Policy. It provides more detail on how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information.

For purposes of this section, Personal Information has the meaning given in the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”). However, this section does not apply:

  • To information exempted from the scope of the CCPA;
  • To Personal Information we collect, use, and share on behalf of our customers as a “service provider” under the CCPA for purposes of providing our Services to them.
  • Personal Information processed by advertising vendors on our website through the use of cookies

In particular, we do not:

  • sell any Personal Information from individuals located in California,
  • share any such Personal Information with third parties for their own commercial benefits, nor
  • discriminate against you in any manner.

16.1 California Privacy Rights

In addition to the above mentioned rights under California law You have the right to (subject to statutory or restrictions):

  • Request to access/ disclosure of the Personal Information, that is, disclosure of MoEngage’s collection and use of Your Personal Information over past 12 months from the date We receive the request;
  • Request that MoEngage delete all of Your Personal Information collected from You;
  • Opt-out from the “sale” of Your Personal Information;
  • Opt-out of the “sharing” of your Personal Information for cross-context behavioral advertising (applicable from 1 January 2023).

All Personal Information that is collected from You is in accordance with this Policy, including the Use of different categories of Your Personal data that has been collected from You, the disclosure of Your Personal Information is as per this Policy.

16.2 Exercising Your rights as a California Resident

MoEngage uses services that employ cookies and other technologies to collect Personal Information (including identifiers and internet activity information) about your use of our Websites and other online services over time, which helps us to deliver targeted ads. In addition, we may share your contact details with our advertising vendors for the placement of targeted ads. Our use of some of these services may constitute the “sale” or “sharing” of Personal Information as defined under the CCPA to/with third party advertisers. You may opt-out of such sales or sharing by clicking on the “Do Not Sell or Share my Personal Information” link in the footer of our cookie banner.

Alternatively, you may opt out of targeting cookies by clicking on the Cookie Consent Manager on our website.

16.3 Online Privacy Safeguards for Children

While our Website and Services are not directed to children under the age of 16, we are required to inform you that we have no actual knowledge that we have sold or shared the Personal Information of California residents under 16 years of age.

17. Response Timing

We endeavor to respond to a verifiable consumer request within 1 calendar month of its receipt. If we require more time (more than 1 calendar month), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

18. Data Retention

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for Legal and regulatory retention requirements may include retaining information for the following:

  • Audit and accounting purposes
  • Statutory data retention terms
  • The handling of disputes
  • and the establishment, exercise, or defense of legal claims in countries where we do business.

We retain any contractual relationship information for administrative purposes, legal and regulatory retention requirements, defending MoEngage rights, and to manage MoEngage’s relationship with you. The information that is provided in a supplementary privacy policy may provide more detailed information on applicable data retention terms. Please find the data retention schedule below:

ACT – Active, in use + Number of Years
C = End of Contract
E = End of Employment
YR = Creation Date + Number of Years
* = in years, unless otherwise noted

Record Category Description Retention Period
Customer Data
[Active User Attributes]
SaaS Application Data: Active user attributes used for analysis & generating campaigns C + 7 Days
Customer Data
[Inactive User Attributes]
SaaS Application Data: Inactive/Unreachable user attributes used for analysis & generating campaigns ACT + 90 Days
Analytics SaaS Application Data: Generated for Analytics purpose 1 Year

18.1 How long do we retain information collected from End Users?

We will retain personal data we process on behalf of our App Providers for as per the defined data retention period to provide services to our App Providers. We will also retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. An End User who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to our App Providers. If requested by App Providers to remove or access data, we will respond within 1 calendar month.

19. Processing of Personal Data & Sensitive Personal Data

Depending on your use/interaction with us, we may collect/store/transfer/analyze/delete the following categories of Personal Information from you including but not limited to Name, Email ID, Phone Number, Company Name, etc.

As a Data Controller, MoEngage does not collect any sensitive personal data. As a Data Processor, if the App Provider collects any sensitive personal data such as financial and/or health information and shares it with us, it is up to the App Provider’s discretion and they shall ensure to provide applicable safeguards in line with their privacy policy.

20. Response to Personal Data Breach Incidents

When we learn of a suspected or actual personal data breach, the Data Protection Officer (DPO) shall lead the investigation along with the Data Privacy team and Information Security team to perform an internal investigation and take appropriate remedial measures in a timely manner, according to the Data Breach Reporting and Notification Policy. Where there is any risk to the rights and freedoms of data subjects, we will notify the relevant data protection authorities/EU representative without undue delay and, when possible, within 72 hours.

These cases shall be managed based on the Information Security Incident Response Procedure & Data Breach Management procedure, which provides the process of handling information security & privacy incidents.

21. Data Privacy Framework

MoEngage complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the United Kingdom and Switzerland, as applicable, to the United States in reliance on the Data Privacy Framework (“Personal Data”). We have certified to the Department of Commerce that we adhere to the Data Privacy Framework Principles (the “Principles”). You can learn more about the Data Privacy Framework program here and can view our certification here.

22. Audit and Accountability

The Data Privacy team is responsible for auditing how well business departments implement this Policy. The Data Privacy team has defined their data privacy & PIMS objectives inline with SMART Objectives framework. The Data Protection Officer (DPO), Data Privacy team and the Management demonstrate their dedicated commitment towards the continual improvement of the Privacy Information Management System (PIMS) at MoEngage.

Any employee who violates this Policy will be subject to disciplinary action and the employee may also be subject to civil or criminal liabilities if his or her conduct violates laws or regulations.

23. Legal Notice

MoEngage may need to disclose personal information to legal authorities for compliance, fraud investigation, statutory purposes or for other legal activities as per the local laws and government request.

24. MoEngage Contact Details

We provide easily accessible information via our Platform or on request. If You have any questions or requests related to this Policy or Your Personal Information, please contact us at the following contact details –

Please contact us at [email protected] if you have any questions about our Privacy Policy.

MoEngage Inc

315 Montgomery Street, 10th floor,
San Francisco, 94104,
USA

MoEngage India

1st Floor, #32, Salarpuria Tower II,
Chikku Lakshmaiah Layout,
Luskar Hosur Road,
Koramangala,
Bangalore – 560034,
India

Data Protection Officer (DPO)/Grievance Officer

In accordance with Information Technology Act 2000 and rules made there under, the name and contact details of the Grievance Officer are published herewith.

Data Protection Officer (DPO)/ Grievance Officer: Yashwanth Kumar
Email: [email protected] / [email protected]

25. Changes to this Privacy Policy

We may update this Policy from time to time consistent with the Data Privacy Framework. You are advised to review the updated Policy periodically for any changes. If there is any conflict between the terms in this Privacy Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. Changes to this Policy are effective when they are posted on this page and any modifications can be ascertained by referring to the date that is displayed at the top of the page marked as, “ Last updated”.