Privacy Policy

Welcome to Dashlane, where our mission is to make your digital life simpler, safer, and more secure. We believe that your identity should be just that—yours—and are dedicated to creating software that lets you control your information online.

Dashlane's current Privacy Policy is available for you to read below. We include plain-language summaries to make the legalese easier to understand, but if you still have questions, please visit our Help Center.

Dashlane Privacy Policy 

Our Privacy Policy is below. You have to accept it to use our software, but we know it can be hard to follow. To help you understand what you are agreeing to, each section starts with a short “non-legal” summary. The summaries are  not technically part of the Policy.  

LAST UPDATED: March 15, 2024 

1. INTRODUCTION 

a. General. This Privacy Policy (the “Policy”) describes how Dashlane, Inc. and its affiliates (“Dashlane” or “we”)  collects, uses and shares information about visitors to our website at www.dashlane.com (together with its  subdomains, such as the Dashlane blog, the “Site”) and users of our web extensions and mobile and web  applications (each an “App” and, collectively, the “Apps”). The Apps and the Site together are the “Services.” 

“You” or “user” refers to anyone who uses the Services or visits the Site. Capitalized words used but not  defined in this Policy have the meanings provided in our Terms of Service (the “Terms”). 

b. Personal and Anonymous Data. “Personal Data” means information that, either alone or when combined with  other information in the holder’s possession, identifies an individual, such as name, mailing address, email  address, IP address, or telephone number. “Anonymous Data” means data that cannot be used to identify individuals. We collect and use both Personal and Anonymous Data as described below.  

c. Privacy Laws. An increasing number of laws like the California Privacy Rights Act (“CPRA”) and the European  Union’s General Data Protection Legislation (“GDPR”) govern how entities collect, store, and use Personal  Data (collectively, “Privacy Laws”). Privacy Laws grant individuals defined rights to know and control how  companies use their Personal Data. As much as possible, we design our policies to comply with the most  protective Privacy Laws, and we apply these policies to all users. Section 8 of this Policy specifically addresses  rights users may have over their Personal Data that are at the heart of most Privacy Laws.  

d. Business Users. Certain clearly labelled sections of the Policy only apply to users who access the Services under  an account provided by their employer or similar entity (each, a “Business User” and such accounts, a “B2B  Account”).  

e. Changes. We may change this Policy at any time. When we do so, we will post the updated Policy on this page  and, if the changes are material, inform users through email or in-App messaging.  

f. Children. The Services are not directed to children, but children can use the Services as members of a Family  Plan. If you become aware that a child (based on the jurisdiction where the child lives, which in the United  States means someone under 13) has provided Personal Data without parental consent, please contact  legal@dashlane.com and we will promptly remove the information from our systems. 

g. Why Do We Need Your Personal Data? We need certain Personal Data to provide the Services. You will be  asked to provide this information to download and use the Apps. This consent, which you may withdraw at  any time, provides the legal basis we need to process the Personal Data of non-Business Users. You are not  required to provide Personal Data, but we may not be able to provide the Services or respond to inquiries if  you don’t.

h. Secured Data. This Policy primarily addresses data that Dashlane uses to process payments, troubleshoot  issues, administer accounts, etc. This is distinct from the information our users store on our Services (“Secured  Data”). Dashlane cannot access Secured Data; it is encrypted with keys that are unique to each user, that we  do not have, and there is no “backdoor” or equivalent mechanism that lets us access Secured Data. See our  Security Whitepaper for detailed information.  

2. WHAT PERSONAL DATA DOES (AND DOESN’T) DASHLANE COLLECT? 

California requires that we disclose whether we collect Personal Data in each of the categories below. This is a  general overview of the types of Personal Data we collect; we do not collect all data for every user. See the following  sections of the Policy for details about how we obtain and use this information.  

• Identifiers include name, email address, and mailing address, as well as government-issued identifiers like  a driver’s license or social security number. We need an email address from every user to create an  Account. Except in very rare circumstances (when we need to verify your identity in connection with  account restoration) we never ask for government IDs or similar information from users. When we do so,  we use a third party to validate such information, and the provider only informs us whether the user  passed or failed the identity check.  

• Customer records overlap with Identifiers (name, address, IDs) but also include things like payment,  medical, and insurance information. Obviously, we process payment information (e.g., credit card) as  directed for paid accounts (but we do not keep it following processing). Internally, we assign each user a unique ID that is used only within Dashlane systems.  

• Characteristics of protected classifications such as race, ancestry, sexual orientation, marital status, etc.  We do not collect this information.  

• Commercial information such as records of personal property, products or services purchased, or  purchasing or consuming histories. We collect information about payment history (where applicable) and what Dashlane plan is associated with a user or account.  

• Biometric information. We do not collect this information. If you use biometrics to login onto the Service,  this information is only used on the device.  

• Internet or other electronic network activity information such as browsing history, search history, or  information regarding a consumer’s interaction with a website, application, or advertisement. We collect  IP addresses as noted below. We collect information about which pages on the Site a visitor interacts  with, as well as which of our advertisements (if any) they saw prior to visiting the Site. Apps must be able  to recognize sites or services you visit in order to correctly autofill fields, but this occurs locally, on the  user device, and this information is only available to Dashlane on an aggregated ,anonymous basis. Depending on account configuration, administrators of Dashlane B2B Accounts can view certain  information (e.g., whether credentials are compromised) about sites accessed by Business Users on their  account.  

• Geolocation data. We collect the originating IP for all user and what IP addresses the user accesses the  Services from. We retain the most recent 45 days of IP activity for consumer users, and up to one year of  IP activity for B2B users.  

• Audio, electronic, visual, thermal, olfactory, or similar information. We record sales, support, and user  research calls, which may be audio only or audio and video, with affirmative consent. We may retain this  information for up to 2 years. 

• Professional or employment-related information. We may collect this information for administrators of  B2B Accounts and prospective B2B customers. 

• Education information not considered publicly available. We do not collect this information.  

• Inferences that can create a profile about a consumer reflecting the consumer’s preferences,  characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence,  abilities, or aptitudes. We do not collect this information for B2C users.  

• Sensitive personal information. This includes many items covered in the above categories, such as  financial or medical account information, government ID information, racial and other “protected”  demographic information, and biometric information. Except for payment information and when required  to restore access to an Account as noted above, we do not collect this information.  

3. HOW DOES DASHLANE OBTAIN DATA? 

We collect information in the following ways: 

a. Information You Provide. 

• Registration Data. You must create an Account to use an App, and to do so you must provide a valid email  address that will be used as your login to the Services (unless you are a B2B User logging in via single sign  on “SSO”). You may also provide a phone number (to set up two-factor authentication) and / or an  additional email (for example, if you lose access to the email used to login to your Account). The only  Personal Data required to open a Dashlane Free account is your email. For paid Accounts, users must  provide billing data as specified below. For B2B Accounts, registration data includes the business name, mailing address (if paying by invoice), and administrator contact information. It is critical to keep  registration data current. We must be able to verify the Account owner to respond to user support requests. If you lose access to the contact email or phone number associated with your Account (if  applicable), you may be locked out of your Account, and we may be unable to help you. We store  registration data for up to 30 days after Account deletion. 

• Billing Data. We use third-parties to process payments made through the Site. We may store partial  payment information (such as the expiration date and last four digits of a credit card) for tax compliance  and user support purposes. We may be able to access the name, address, and phone number associated  with a payment method on a payment processor’s service, but this information is only stored by the  processor. We never have complete payment information for Accounts, nor do we receive or store billing  data if you pay for a Subscription through the Google Play or Apple App Stores (“App Stores”). Billing data  is retained for up to 30 days after Account deletion. 

• Master Password. Except for users of B2B Accounts configured for SSO login and those who have configured  their accounts for passwordless login, each user must create a “Master Password,” which is used to access  their Account and generate the encryption keys that protect their Secured Data. The more secure a Master  Password is, the safer Secured Data will be. Apps do not store Master Passwords locally unless directed to  by the user. If you do so and your device is stolen or compromised, your Secured Data may be exposed.  Dashlane never has access to Master Passwords. 

• Secured Data. Our Apps let you manage digital identity data, including sensitive information such as credit  card numbers and site or application credentials. This, and everything else you store on the Apps, is Secured  Data. Secured Data is always encrypted when transmitted and stored and may only be decrypted locally on an authorized device. Dashlane cannot access Secured Data on our servers because we do not have the  encryption keys as noted above. See our Security Whitepaper for details.

• Support and Correspondence. You may provide Personal Data in connection with customer support requests and inquiries from our Site. Customer support histories are maintained for up to 30 days after  Account deletion. 

• Feedback. If you provide Feedback, including reviews posted on social channels, App Stores, or sites like Trustpilot, or suggestions made in connection with market research, we may use Personal Data provided  with the Feedback to respond to you. We may use Feedback without limitation as described in the Terms.  

• Requests for Product Information. Certain information intended to inform potential customers of  Dashlane’s commercial offerings (“Business Prospects”) is available from our Site only after providing a  verified email. 

• Other Data. We may also collect other types of information in the manner disclosed by us when the  information is collected. 

b. Data You Provide About Others. The Services let you invite others to try the Apps or join your Account. If you  do this (or are invited this way), Dashlane will store the invitee’s email address and the message sent to them to follow up (and, if applicable, credit the referrer with a referral bonus). We will let the invitee know who  referred them, and let them request that their information be deleted from our systems. The referrer or  invitee may contact the Support Center to request removal of this information. 

c. Data Collected by Technology.  

• IP Address. We collect the IP address used to create a new Account, and the IP addresses from which users  access the Services as described above. This data is used to deliver and improve the services and for  compliance purposes (e.g., using the region associated with an IP address to display local regulatory  notices). The originating IP is kept for up to 30 days after Account deletion. Access IPs are kept for 45 days  for B2C accounts, and for up to one year for B2B Accounts.  

• Device and Browser Data. We automatically log the following information (as applicable) when you access  the Services or visit the Site: operating system name and version, device identifier, browser type, and  browser or device language. Some of this data is collected using cookies, as explained in the Cookie Policy. This data is used to secure your Account, ensure the Site and Services are presented in the correct language  and optimized for your device, and facilitate customer support. This data is not deleted, but is anonymized  within 30 days of Account deletion. 

• Usage Data. We use logs to collect data about the use of the Services (“Usage Data”). We maintain two  types of Usage Data:  

o “Event Data” records the Apps’ internal functions (e.g., what features are enabled, how many  credentials are stored in Secured Data), and is used to provide relevant information and support  to the user and to deliver, analyze, and improve the Services. Event Data does not include  information about how the Services interact with third parties (e.g., while we know how many  passwords a user has, we do not know which sites or services those passwords are for). After an  Account is deleted, Event Data is retained, but is fully anonymized (even if the same user created  a new Account, Event Data from the old Account could not be associated with the new one).  Retention of anonymized Event Data is necessary to maintain accurate historical records of the use  of the Services.  

o “Behavioral Data” is information about what users do outside of the Services (e.g., sites where  autofill is used to sign in; what sites or apps a user has credentials for in their Secured Data).  Behavioral Data is critical to the Services’ proper operation – Apps must recognize the site a user  is logging into to populate the credentials, for example. Certain Behavioral Data is available to  authorized administrators of B2B Accounts (each, a “B2B Admin”) on an individual basis to enable  Client Admins to improve Client security (e.g., B2B Admins can see whether an individual user has  compromised credentials), but is only available to Dashlane on a fully anonymized basis (e.g.  Dashlane can see what percentage of all users have credentials for a specific site, but not whether  any individual user has credentials for that site). 

Certain Dashlane personnel can access Event Data to analyze the use of the Services and provide user and  technical support. Both Event Data and Behavioral Data are used by the Services to automatically generate  context-appropriate alerts (e.g., account set-up notices), and to generate aggregated data. 

• Aggregated Data. We derive additional information about the use of the Services by aggregating Usage Data  (e.g., number of users within a particular jurisdiction, most popular features). Aggregated data is  Anonymous Data, is owned by Dashlane, and is primarily used to help analyze and improve the Services. 

• Cookies. As described in our Cookie Policy, we use cookies and similar technologies to recognize you and/or  your device(s) and provide a more personal and seamless experience when interacting with the Site and Services. Cookies that are not essential to the operation of the Services can be disabled at any time here.  

d. Data obtained from Third Parties.  

• Business Users. If you are a B2B User, your B2B Admin may provide your email or SSO information as part  of Account creation. 

• Service Providers. We receive information about users from our service providers (such as when validating  an Account with a payment processor or when monitoring App performance with analytics services). We  may also obtain user information from publicly available sources like social media accounts, review sites,  and forums. We obtain information about Business Prospects from data enrichment services. We carefully  review the legal terms and business and security practices of all service providers from which we receive  this information to ensure that they comply with applicable laws and this Policy. 

4. HOW DOES DASHLANE USE PERSONAL DATA? 

a. General. Dashlane uses Personal Data to provide and promote the Services and respond to your requests,  including to: 

• Establish, maintain, and secure your Account. 

• Identify you as a user and provide the Services you request. 

• Perform fraud detection and authentication. 

• Measure Usage Data to improve the Services and your interactions with them.  

• Send you administrative notifications, such as payment reminders or support and maintenance  advisories. You will receive these notices even if you opt out of marketing communications.  

• Provide you with interfaces and options you request or as required by the jurisdiction from which you  access the Services.  

• Provide personalized information by identifying whether you have used specific features within the  Services, visited pages on our Site, or seen one of our advertisements. 

• Respond to support inquiries and other requests.  

• Send Dashlane marketing information, including announcements about offerings from selected  Dashlane partners. Where required by local laws, users must opt-in to receive marketing  communications. Otherwise, marketing communications are activated by default, but users may  always opt out of them at any time. Note that opting out of marketing communications will not affect  delivery of administrative notifications described above. 

• Manage advertising efforts on third-party sites and platforms as described below.  

b. Automated Decision Making and Profiling. We do not use Personal Data for automated decision-making. 

5. HOW DOES DASHLANE SHARE PERSONAL DATA?

Dashlane will never sell your Personal Data (as “sell” is normally defined – see Section 8 for information about “sales”  as defined in California) or use it except as stated in this Policy. We share your Personal Data in the following  circumstances:  

• Third Parties You Designate. You may use the Services’ “sharing” feature to make certain Secured Data  available to others. While this data is transferred through our servers, we do not have access to it, as  noted elsewhere in this Policy. 

• Service Providers. We share Personal Data with service providers solely as required to provide the  Services, including to create Accounts, provide support, process payments, or enable communication  between you and Dashlane (for example, Personal Data related to customer support requests is  available to our support agents on Zendesk). We review the security and data privacy practices of all service providers to ensure that they comply with applicable laws and this Policy. Secured Data stored  by our data hosting provider (AWS) is always encrypted as described above. The Subprocessors List discloses what service providers have access to Personal Data in connection with our delivery of the  Services.  

• Marketing. We provide hashed emails and/or device IDs to service providersto optimize our advertising  efforts (e.g., ensuring that current users are not shown Dashlane ads on other sites). These providers are prohibited from using this information for any other purpose, including augmenting profiles they  maintain. We provide hashed emails of Business Prospects to data enrichment providers to improve  marketing efforts.  

• Affiliates. This Policy applies to all entities that are owned by, or under common control with, Dashlane,  Inc. (“Affiliates”). We share Personal Data among Affiliates as required to provide the Services and  respond to requests. Certain Affiliates are in the United States, where privacy and related laws are not  deemed adequate by European regulators to hold and protect Personal Data. To offer the levels of  protection required, we have GDPR-compliant Data Processing Addenda in place among our EU and US  Affiliates, in addition to the other measures indicated below. 

• Dashlane B2B Admins. Certain B2B Users have access to two “spaces” in their Apps: a “business space”  to store Secured Data related to their work, and a “personal space” for anything else they want to store  on the Services. The Services allow B2B Admins to view information about the use of Services by the  B2B Users associated with their Account, including Event Data, as well as certain Behavioral Data on an  individual basis. For example, a B2B Admin can see the Password Health scores of Business Users associated with their Account, which sites or services an individual Business User has stored credentials  for in their business space, and whether those credentials have been compromised. 

• Corporate Restructuring. If Dashlane or its business or assets are acquired by, or merged into, another  company, that company will then possess the Personal Data we hold, and will assume our rights and  obligations under this Policy. Accordingly, we may share Personal Data in connection with any such  transaction. Personal Data and other information may also be transferred as a business asset in the  event of Dashlane’s insolvency, bankruptcy, or receivership. 

• Other Disclosures. We will inform you of any other disclosures of your Personal Data and obtain your  consent prior to such disclosure. However, regardless of your choices regarding Personal Data,  Dashlane may disclose your Personal Data (a) where required to comply with law enforcement 

directives, applicable laws or governmental orders; or (b) if we believe in good faith that doing so is  necessary to protect our rights, those of other users, or the Services. However, because of our zero knowledge architecture, we are unable to provide Secured Data, even if we are subject to a valid order.  To the extent permitted by law, we will inform affected users of legally-mandated disclosures of  Personal Data. 

6. DATA SECURITY AND INTERNATIONAL TRANSFER 

a. We use robust physical, organizational, technical, and administrative measures to safeguard all data we hold  or process, and we regularly reassess and revise our policies and practices to improve security. While we go to great lengths to protect your data, no method of data transmission or storage is totally secure; therefore,  we cannot guarantee the security of data in our control. If you believe your data may have been compromised  by us or the use of the Services, please contact our Support Center immediately. 

b. Your information, including Personal Data that we collect from you, may be transferred to, stored by, and  processed by us, our Affiliates, and service providers outside your home country, including in the United  States, where data protection and privacy regulations may not offer the same protections as in other parts of  the world. When we do so, we take all legally mandated steps designed to ensure that all Personal Data we  or our service providers process (regardless of where it originates) is properly protected. By using the Services,  you agree to the transfer, storing, or processing of your data in accordance with this Policy. 

7. HOW CAN YOU CONTROL YOUR DATA?  

a. Changing Your Information and Privacy Settings. You can access and modify Personal Data associated with  your Account, and modify your privacy and data preferences, through the “My Account” or “Settings” sections  of the Apps. Contact our Support Center if you need assistance. 

b. Email Communications. With your consent, we will periodically send you emails promoting the use of the Services, including tips on using the Apps, or highlighting offerings from select Dashlane partners. You can opt out of these emails by following the unsubscribe instructions included in each email, or by changing your  privacy and data settings in the Services. You may also request removal through our Support Center.  Unsubscribing from marketing communications will not affect operational and transactional communications,  including breach notices and other alerts in the Apps, renewal emails, etc.  

c. Applications. You can stop all collection of information by an App by uninstalling that App. You may use the  standard uninstall process for the relevant device or platform. Uninstalling an App does not delete your  Account. To do that, see the instructions here. 

8. PRIVACY LAW RIGHTS 

Summary: 

Users subject to Privacy Laws have certain rights regarding their Personal Data, including the right to access and  modify Personal Data held by providers (like us), and to have providers “forget” Personal Data that is no longer  relevant. Most of these rights must be accessed from the privacy and data preferences in the Services, but you may  always contact us for assistance. We will never provide worse services to, or in any way punish anyone who chooses  to exercise these rights. We strongly support the intent behind these laws and will do our best to honor requests to  exercise these rights even if they do not technically apply to you.  

a. Data Controller. For the purposes of the GDPR, where we are acting as a controller, the controller is Dashlane  SAS of 21 Rue Pierre Picard, 75018 Paris, France. Inquiries regarding the processing of data subject to the  GDPR may be sent to our data protection officer at dpo@dashlane.com.  

b. Sale and Sharing of Personal Data. We never exchange Personal Data for money or any other consideration  (e.g., trade it for free services). However, when you click on an ad that sends you to the Site, we send a unique  identifier to the referring site so they can receive credit for the referral. This is deemed ”sharing” as under  California’s Privacy Laws, and you can turn this off by visiting the Do Not Share or Sell My Personal Information page. 

c. Individuals subject to Privacy Laws have some or all the following rights with respect to their Personal Data that we process. As noted elsewhere, we will honor these requests when made my any user, subject to the  requirements of the relevant Privacy Laws (if applicable). For example, a B2B User subject to the GDPR may  request that we delete their information, but in that situation the company whose Account the user is  associated with is the “Controller” of that Personal Data, and we must inform the relevant B2B Admin and  follow their instructions.  

• Withdraw Consent: You may withdraw your consent to our processing of your Personal Data, in whole  or in part (i.e., for marketing purposes). Certain Services may be ineffective upon opt out. 

• Access / Request Information: You may access the Personal Data we hold about you at any time via  your Account or by contacting us directly. 

• Modification: You may modify incorrect or outdated Personal Data we hold about you at any time via  your Account or by contacting us directly. 

• Erase and Forget. In certain situations, for example when Registration Data we hold about you is no  longer relevant or accurate, you can request that we erase it. If you delete your Account, all Personal  Data will automatically be erased within 30 days of the date of deletion. Because of the sensitive  nature of Secured Data, we will never delete a user’s Account ourselves: Accounts MUST be deleted  by the user or the “controller” or equivalent entity.  

• Portability: You may request a copy of your Personal Data and may always move it to other entities as  you choose. The Services allow you to export Secured Data at any time.  

d. If you want to exercise any of these rights, please submit the request via the “Privacy and Data Settings” page  accessible from the “Account” or “Settings” sections of the Apps (if you cannot do so directly from within  these sections). If you need assistance, please visit our Support Center or write us at the address below. In  your request, please make clear: (i) what Personal Data is concerned; and (ii) which rights you want to  enforce. For your protection, we may only fulfill requests with respect to the Personal Data associated with  the email address you send your request from, and we may need to verify your identity before doing so. We  will comply with your request promptly, but in any event within the legally mandated timeframes (e.g., thirty  (30) days for the GDPR and forty-five (45) days for the CPRA). If you are not subject to Privacy Laws, we  nonetheless try to fulfil all requests within 45 days. We will retain limited Personal Data for recordkeeping  purposes or to complete transactions that you began prior to requesting certain requests. 

e. We do not and will not discriminate against any user (such as by providing worse service or charging more  for them) who exercises any of the above rights. 

9. CONTACT INFORMATION; COMPLAINTS

If you have questions, concerns, or complaints about this Policy or our data collection or processing practices, or if  you want to report any security violations, please contact our our Support Center email legal@dashlane.com or dpo@dashlane.com, or write the address below: 

Dashlane, Inc. 

Attn: Legal  

44 West 18^th Street., 4^th Fl.  

New York, NY 10011  

Swiss, EU and UK Users Only. We hope to promptly resolve any complaint brought to our attention, however if you  feel that your complaint has not been adequately resolved, you may always contact your local data protection  supervisory authority, a list of which is available here.