Terms & Policies
Learn more about Chainguard policies and our legal documents.
Privacy Notice
Last updated: April 25, 2025
Thank you for choosing to be part of our community at Chainguard, Inc. ("Chainguard", "we", or "our"). We are committed to protecting your personal information and respecting your right to privacy. This Privacy Notice explains who we are, how we collect, share and use your personal information and how you can exercise your privacy rights.
This Privacy Notice applies to personal information that we process when you:
Visit, interact with or use any of our websites (such as https://chainguard.dev or https://images.chainguard.dev), social media pages, or public forums (such as our blogs), online advertisements, events, courses, marketing, or sales communications.
Visit, interact with or use any of our offices, events, sales, marketing, and other offline activities.
Submit a job application to Chainguard.
Purchase and/or use Chainguard products and services.
When we refer to any or any combination of the above, we use the term "Services".
This Policy Notice does not apply to:
Websites, products, or services that display or link to different privacy statements or that are operated by companies other than Chainguard, or to business activities or practices of third parties, including our distributors and resellers.
Information processed in the operation of products and services but to which we do not have access (this is generally true, for example, for products and services that run in a customer's network).
The instances when and to the extent we process personal information in the role of a processor or service provider on behalf of our business customers. For detailed privacy information about where a Chainguard business customer or a customer affiliate who uses the Chainguard Services is the controller, please reach out to the respective business customer directly. We are not responsible for the privacy or data security practices of our business customers, which may differ from those set forth in this Policy Notice.
For more information about Chainguard, please see the About Us section of our website.
If you have any questions or concerns about this Privacy Notice or our practices with regard to your personal information, please contact us at privacy-contact@chainguard.dev.
1. WHAT INFORMATION DO WE COLLECT?
The personal information we collect depends on the context of your interactions with Chainguard and the choices you make, the Services and features you use, your location, and applicable laws, but can include the following:
Information You Provide Directly
In Short: We collect personal information that you provide to us when you use or interact with our Services, express an interest in obtaining information about us or our products, register for a Chainguard event or online course, or when you otherwise contact us.
The personal information we collect directly from you may include:
Contact Information such as your name, email address, address, and phone number.
Account information such as your login information (username, password and which for some Services, may include your social network or Google credentials) and two factor authentication information.
Payment information such as credit or debit card details including primary account number, credit limit, date of issuance, billing cycle date, and bank address.
Feedback and support information such as information collected based on your participation in our surveys, including feedback on your use of our Services, and any information contained in support requests.
Events and webinar registration information such as company name, work email address, job title, registration source, and attendance rate.
Professional information such as your employer name, address, department or job title, industry and sector, and LinkedIn profile.
Job applicant information as we may post job openings and opportunities on the website. If you reply to one of these postings by submitting your application, we will collect your full name, email address, phone number, resume, and cover letter. We use this information to assess your qualifications and suitability for the job. We may also collect other information such as your social media links, immigration status, and demographic information if you choose to provide this information to us.
Online content, which includes personal information disclosed by you on message boards, chat features, blogs and other services or platforms to which you are able to post information and materials, including third party services and platforms .
We may also record or monitor our telephone or other communications with you, to the extent permitted by applicable law.
Providing your data is optional, but it may be necessary for certain services, such as product registration, to access content (such as whitepapers), to activate or access the Services. In such cases, if you do not provide your information, we may not be able to provide you with the requested services.
Information We Collect Automatically
In Short: We automatically collect certain limited device and usage information when you visit, use or navigate our website. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our website and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
The information we collect automatically includes:
Analytics and usage Information such as your public IP address for incoming HTTPS requests (including image downloads), and information about your activities on our website (such as the date/time stamps associated with your usage, pages and files viewed, searches and other actions you take such as which features you use),
Online and device information such as browser type and settings, device event information (such as system activity, error reports (sometimes called 'crash dumps') and hardware settings), operating system, language preferences, device name, and request and referral URLs.
Location information to identify your country-level location based on IP address.
We may collect this information through our website or through other methods of web analysis, including with the help of technologies, such as cookies, web beacons, and clear gifs. For more information review the "Cookies and Other Tracking Technologies" section below.
Information We Collect From Other Sources
In short: From time to time, we may also obtain information about you from other sources (including third parties from whom we have purchased personal information). For example, we may collect personal information from joint marketing partners or affiliated companies, lead generation providers, event sponsors, public databases, credit check agencies, data, providers and social media platforms.
The personal information we collect from other sources includes:
Mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, LinkedIn URLs, and custom profiles.
Resumes and background check information.
Order information, delivery, payment information, purchase or redemption information, customer support and enrolment information.
2. HOW DO WE USE YOUR INFORMATION?
In Short: We use your personal information for a variety of business purposes and on the legal bases described in this Privacy Notice or disclosed to you in our Services, including to communicate with you, manage your account, and send you marketing communications.
Chainguard may use your personal information to do the following:
Managing user registrations. If you have registered for an account with us, we use your data to register and manage your user account to perform our contract with you, or if we do not have a contract with you directly, in reliance on our legitimate interests in administering and managing your user account.
Providing the Services: We use data to operate and provide our Services and to tailor our Services to your needs and preferences to perform our contract with you. Where we have not entered into a contract with you, we process your personal information in reliance on our legitimate interests in operating and improving our internal operations, systems and Services, and to provide you with the content, products or services you access and request (e.g., to download content from our website).
Securing the Services: We process data by tracking use of our websites and services for the purposes of maintaining the safety and security of our Services, including verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies, in reliance on our legitimate interest in promoting the safety and security of our Services, systems and applications and in protecting our rights and the rights of others.
Providing customer support: We use data to troubleshoot and diagnose problems with our Services, including to help us provide, improve, and secure the quality of our products, services, and training, and to investigate security incidents in reliance on our legitimate interests. Call recording data may also be used to verify your requests and enable Chainguard to provide support services and investigate security incidents.
Handling contacts and user requests: If you fill out a web form or request support, if you contact us by other means, including via a phone call, we use your data to perform our contract with you or if we do not have a contract directly with you, in reliance on our legitimate interests in fulfilling your requests and communicating with you.
Sending administrative communications: We may use your data to send you information related to services such as confirmations, invoices, expiration and renewal notices, technical notices, service updates and security feeds, security alerts, and support, onboarding, and administrative messages to perform our contract with you, or if we have not contracted directly with you, in reliance on our legitimate interests in administering our products and services.
Registering visitors: We may process your personal information for security reasons, to register to offices or other premises selected for meetings, and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest in protecting premises in which we operate and our confidential information against unauthorized access.
Managing events: We use data to plan and host events, online courses or webinars for which you have registered or that you attend, including sending related communications to you, to perform our contract with you or in reliance on our legitimate interests in administering and promoting such events.
Displaying advertising and relevant offers: We use data we collect through our interactions with you to conduct marketing research, advertise to you, provide personalized information about us on and off our websites, and to provide other personalized content based on your activities and interests to the extent it is necessary for our legitimate interest in advertising our Services, or where necessary, to the extent that you have provided your prior consent. Please see the "What Are Your Privacy Rights" section below to learn how you can control the processing of your personal information by Chainguard for personalized advertising. For these purposes, we may link or combine information about you with other personal information we get from third parties, to help understand your needs and provide you with better and more personalized service or content.
Sending marketing communications: We use data we collect to send promotional communications, including product recommendations, and other non-transactional communications (e.g. marketing newsletters, telemarketing calls, SMS, or push notifications) about Chainguard according to your marketing preferences. This may include information about our products, promotions, or events as necessary for our legitimate interest in conducting direct marketing, or to the extent you have provided your prior consent. Please see the "What Are Your Privacy Rights" section below, to learn how you can control the processing of your personal information by Chainguard for marketing purposes.
Managing contest and promotions: If you register for a contest or a promotion, we process your personal information to perform our contract with you (for example, to process and deliver contest entries and rewards), or in the case of petitions, in reliance on our legitimate interests, or where required, your consent.
Complying with legal obligations: We process your personal information when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws, to the extent this requires the processing or disclosure of personal information to protect our rights, or is necessary for our legitimate interest in protecting against misuse or abuse of our Services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, or to respond to lawful requests.
Processing job applications: We process your personal information if you apply for a job with Chainguard, to evaluate your application and make hiring decisions, communicate with you and inform you of current and future career opportunities (unless you tell us that you do not want us to keep your details for such purposes), manage and improve our recruiting and hiring processes, or to conduct reference and background checks where required or permitted by applicable local law. We perform this processing to the extent that it is necessary to comply with our legal obligations, for our legitimate interest in assessing the suitability of our candidates and managing our recruiting process, or, where required by applicable law, with your consent.
For our business or commercial purposes: We may use data for other legitimate business purposes in reliance on our legitimate interests, such as to update, expand, and analyze our records, identify new customers, data analysis, to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity, developing new products, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns, free trials and operating and expanding our business activities.
3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?
In short: We may need to share your personal information with third parties for the purposes of operating our business and maintaining and improving our Services.
We may share your personal information with the following categories of recipients:
Our group companies who support data processing services necessary to provide you with our Services or who otherwise process personal information for purposes described in this Privacy Notice.
Third-party business partners, service providers, and authorized third-party agents that provide services to us (for example, sending our surveys, hosting events, and providing customer support and marketing communications).
Any buyer (and their agents and advisers) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Any competent law enforcement body, regulator or government agency, court or other third party as necessary to comply with legal process, to protect the rights, property, or safety of Chainguard, its business partners, you, or others, or as otherwise required by applicable law.
Any other person if we otherwise notify you and you consent to such sharing.
We may also share aggregated or deidentified usage data with third parties to help us perform analysis and make improvements. Additionally, we may share anonymous usage data on an aggregate basis in the normal course of operating our business. For example, we may share information publicly to show trends in the use of our Services.
Any personal information or other information you choose to submit in communities, forums, blogs, or chat rooms on our websites may be read, collected, and used by others who visit these forums, depending on your account settings.
For further information on the recipients of your personal information, please contact us (see the "How Can You Contact Us" section below).
4. COOKIES AND OTHER TRACKING TECHNOLOGIES
We use common information gathering tools, such as tools for collecting usage data, cookies, web beacons and similar technologies to automatically collect information that may contain personal information from your computer or mobile device as you navigate our websites, our services or interact with emails we have sent as further described above. For more information, review our Cookie Policy.
5. HOW LONG DO WE KEEP YOUR INFORMATION?
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). To determine the appropriate retention period, we consider the nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the information, and any applicable legal requirements.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
6. DO WE TRANSFER INFORMATION TO OTHER COUNTRIES?
Personal information we collect may be stored and processed in your region, in the United States, or in any other country where we or our affiliates, subsidiaries or service providers maintain facilities. In particular, Chainguard is headquartered in the United States, with employees globally, and the Services are provided in the United States and other countries where our group companies and third-party business partners and service providers are located. We take appropriate steps to ensure that your personal information is protected in accordance with applicable laws and this Privacy Notice. This includes, for example, implementing standard contractual clauses adopted by the European Commission and UK authorities between our group companies and with our service providers, and implementing additional safeguards where necessary.
7. HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
We have implemented technical and organizational measures to protect the personal information that we collect and process about you. These measures have been designed to provide an appropriate level of security according to the risk of processing, taking into account the nature of the information and technology available. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to the Services, you are responsible for keeping this password confidential. Please do not share your password with anyone. Although we take reasonable security measures to protect your personal information, we cannot guarantee the security of your personal information transmitted over the internet.
8. DO WE COLLECT INFORMATION FROM CHILDREN?
We do not knowingly collect personal information from children under sixteen (16) years of age. Chainguard does not knowingly collect personal information relating to children without the consent of a parent or legal guardian. If we learn that personal information from a child has been collected, we will deactivate the account and take necessary measures to promptly delete such data from our records. If you become aware that a child has provided us with their personal information, please contact us (see "How You Can Contact Us" below).
9. WHAT ARE YOUR PRIVACY RIGHTS?
In some regions (like the European Economic Area (EEA) and United Kingdom (UK)), you have certain rights under applicable data protection laws. Depending on your place of residence and applicable laws, you may have the following rights:
Right to request access and obtain a copy of your personal information;
Right to correct your personal information;
Right to delete personal information collected from you;
Right to opt-out of the processing of your information for targeted advertising,
Right to opt-out of our marketing emails at any time. See the "your preferences for marketing" section below for further information;
Right to restrict the processing of your personal information; and
Right to object to the processing of your personal information.
To exercise the rights listed above, please use the contact details provided below. We will respond to all requests in accordance with applicable data protection laws. Please note that we may ask you to verify your request. If you are an authorized agent making a request on another's behalf, we may also ask you to provide confirmation that you have the proper authority to make the request on that person's behalf, or we may ask the person to verify their identity with us directly. If we refuse to take action on a request, we will provide instructions on how you may appeal the decision.
If you are a resident of California, please see our "Additional Information for California Residents" to learn about additional privacy rights under California law.
Your preferences for email marketing
You can opt out of receiving promotional emails from Chainguard by following the instructions in those emails. If you choose to no longer receive marketing information, we may still communicate with you regarding such things as your security updates, product functionality, responses to service requests, or other transactional, non-marketing purposes.
You can also send requests about changes to your information or your contact preferences, including requests to opt-out of sharing your personal information with third parties, by emailing: privacy-contact@chainguard.dev.
10. ADDITIONAL INFORMATION FOR INDIVIDUALS LOCATED IN EUROPE
Controller: If you are located in the EEA or UK, the data controller responsible for the collection and processing of your personal information is Chainguard, Inc.
Legal basis: When we process your personal information, we will only do so in the following situations:
We need to use your personal information to perform our responsibilities under our contract with you (e.g., processing payments for and providing the services you purchase or request).
We have a legitimate interest in processing your personal information. For example, to provide, secure, and improve our Services, in communicating with you about changes to our products and services, and in informing you about new services or products.
We have your consent to do so.
We need to process your personal information to comply with our legal obligations.
For further information, please review the "How Do We Use Your Information" section above. If you are located in the EEA or United Kingdom, and you are not satisfied with how we have collected and processed your personal information, you may also complain to a data protection authority. Contact details for data protection authorities in the European Economic Area are available here and contact details for the UK information Commissioner's Office are available here.
11. ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
This section only applies to residents of California, USA. The California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), requires us to provide California residents with some additional information regarding how we collect, use, and disclose your personal information, and the rights available to California residents under the CCPA. The terms used in this section have the same meaning as in the CCPA.
As described above in section 1. "What Information Do We Collect" of this Privacy Notice, we have collected the following categories of personal information in the past twelve (12) months when you visit our website or use or interact with our other Services:
Identifiers: such as your name, alias, postal address, telephone or mobile phone number, email address, account name, and online identifiers such as your Internet Protocol (IP) address.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as your name and contact information.
Commercial information: such as transaction information, purchase history, financial details and payment information.
Internet or other similar network activity: such as interactions with our website, device identifiers such as your IP address.
Geolocation data, such as your approximate location based on your IP address and other information that identifies or can be reasonably associated with your device.
Audio, electronic, visual or similar information that you provide to us in your communications with us, whether that be in-person, online, by phone or by mail such as when you contact us to: receive help through our customer support channels; participate in our customer surveys or contests; submit inquiries in relation to our Services.
Professional or employment-related information, such as your work email address.
The sources from which we collect personal information are also described in section 1 of this Privacy Notice. The business and commercial purposes for which we collect this information are described in section 2 "How Do We Use Your Information". The categories of third parties to whom we disclose this information for a business purpose are described in the "Will Your Information Be Shared With Anyone" section of this Privacy Notice.
Sales and sharing of personal information
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. This practice is not considered a "sale" or "share" of your personal information under the CCPA, since a service provider is not a third party (as those terms are defined by the CCPA). Chainguard has not "sold" or "shared" any personal information to third parties for a business or commercial purpose in the preceding 12 months.
California Privacy Rights
If you are a California resident, you may have the following rights under the CCPA, subject to certain limitations and exceptions under applicable law:
Know and Access: You have the right to request to know and access the following information covering the 12 months preceding your request:
the categories of personal information we have collected about you;
the categories of sources from which your personal information was collected;
the business or commercial purposes for collecting, "selling", and/or "sharing" your personal information;
the categories of third parties to whom we have disclosed, "sold" or "shared" personal information about you; and
the specific pieces of personal information we have collected about you.
You have the right to receive your personal information in a portable and commonly used format.
Correct: You have the right to request that we correct any of your personal information that we have collected from you that is inaccurate.
Delete: You have the right to request that we delete certain personal information we have collected from you.
Opt out of the "Sale" and "Sharing" of your personal information: You have the right to request that a business not "sell" or "share" your personal information with a third party, as those terms are defined under the CCPA. However, as discussed above, we do not "sell" or "share" personal information as those terms are defined by the CCPA.
Limit the Use and Disclosure of Your Sensitive Personal Information: We do not use or disclose "sensitive personal information,” as defined by the CCPA. As a result, we do not offer an ability to limit the use or disclosure of sensitive personal information.
Non-Discrimination: You have the right to not be discriminated against for exercising any of your CCPA rights.
California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
Please note that the rights described above are not absolute, and where an exception under applicable law applies, we may be entitled to refuse requests in whole or in part. In California, an authorized agent may submit a rights request on your behalf. We may require an authorized agent to verify their authority to submit a request on your behalf, or we may require you to verify your own identity or confirm with us that you provided the agent with permission to submit the request. We will only use the information provided for verification to confirm the requestor’s identity or authority to make the request, and for our compliance records.
To exercise any of the above rights, please email privacy-contact@chainguard.dev or refer to our contact details at the end of this Privacy Notice. We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period (up to a total of 90 days) in writing.
12. DO WE MAKE UPDATES TO THIS PRIVACY NOTICE?
We may update this Privacy Notice from time to time in response to changing legal, regulatory, technical, or business requirements. You can see when it was last updated by checking the “last updated” date at the top of this Privacy Notice. If we make material changes, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice regularly to be informed of how we process your personal information.
13. HOW CAN YOU CONTACT US?
If you have questions about this Privacy Notice, you may contact us using the following methods:
By phone: 518-248-0862
By post: Chainguard, Inc. c/o 810 7th St S Kirkland, WA 98033 United States
By email: privacy-contact@chainguard.dev