Privacy Policy

Our Privacy Policy is below. You must accept it to use our software, but we know it can be hard to follow. To help you understand what you are agreeing to, each section starts with a short “non-legal” summary. The summaries are for informational purposes only and are not technically part of the Policy.  

LAST UPDATED: April 2, 2026

1. INTRODUCTION 

a. General. This Privacy Policy (the “Policy”) describes how Dashlane, Inc. and its affiliates (“Dashlane” or “we”) collects, uses and shares information about visitors to our website at www.dashlane.com (together with subdomains such as the Dashlane blog, the “Site”) and users of our web extensions and mobile and web applications (each an “App” and, collectively, the “Apps”). The Apps and the Site together are the “Services.” “You” or “user” refers to anyone who uses the Services or visits the Site. Capitalized words used but not defined in this Policy have the meanings provided in our Terms of Service (the “Terms”). This Privacy Policy does not apply to our employees, independent contractors, or job candidates.

b. See our U.S. State Privacy Rights Notice At Collection for additional information if you are a U.S. resident. 

c. Personal and Anonymous Data. “Personal Data” means information that, either alone or when combined with other information in the holder’s possession, identifies an individual, such as name, mailing address, email address, IP address, or telephone number. “Anonymous Data” means data that cannot be used to identify individuals. We collect and use both Personal and Anonymous Data as described below. 

d. Privacy Laws. An increasing number of laws like the California Consumer Privacy Act (“CCPA”) and the European Union’s General Data Protection Legislation (“GDPR”) govern how entities collect, store, and use Personal Data (collectively, “Privacy Laws”). Privacy Laws grant individuals defined rights to know and control how companies use their Personal Data. As much as possible, we design our policies to comply with the most protective Privacy Laws, and we apply these policies to all users. Our U.S. State Privacy Rights Notice At Collection specifically addresses rights U.S. users may have over their Personal Data  based on the Privacy Laws in effect where they live. 

e. Business Users. Certain clearly labelled sections of the Policy only apply to users who access the Services under an Account provided by their employer or similar entity (each, a “Business User” or “B2B User”, and such Accounts, a “B2B Account”). Our use of B2B User Personal Data that we process on behalf of business customers is governed by our agreements with such customers. Please direct questions about how we process Personal Data on behalf of your employer, to your employer.

f. Changes. We may change this Policy at any time. When we do so, we will post the updated Policy on this page, changing the last updated date above, and, if the changes are material, inform users through email or in-App messaging. In some cases we may ask for your consent to the change.

g. Children. The Services are not directed to children, but they can use the Services as members of a Family Plan. If you become aware that a child (based on the jurisdiction where the child lives) has provided Personal Data without parental consent, please contact legal@dashlane.com and we will promptly remove the information from our systems.

h. Why Do We Need Your Personal Data? We need certain Personal Data to provide the Services. You will be asked to provide this information to download and use the Apps. This consent, which you may withdraw at any time, provides the legal basis we need to process the Personal Data of non-Business Users. You are not required to provide Personal Data, but we may not be able to provide the Services or respond to inquiries if you don’t.

i. Secured Data. This Policy primarily addresses data that Dashlane uses to process payments, troubleshoot issues, and administer Accounts. This is distinct from the information our users store on our Services (“Secured Data”). Dashlane cannot access Secured Data; it is encrypted with keys that are unique to each user, that we do not have, and there is no “backdoor” or equivalent mechanism that lets us access Secured Data. See our Security Whitepaper for detailed information. 

2. WHAT PERSONAL DATA DOES (AND DOESN’T) DASHLANE COLLECT? 

Following is a general overview of the types of Personal Data we collect.  We do not collect all data for every user. See the following sections of the Policy for details about how we obtain and use this information.  

• Identifiers include name, email address, and mailing address, as well as government-issued identifiers like a driver’s license or social security number. We need an email address from every user to create an Account. Unless we need to verify your identity in connection with Account restoration, we never ask users for government IDs or the equivalent. When we do so, we use a third party to validate such information, and they inform us only whether the user passed or failed the identity check. 

• Customer Records overlap with Identifiers (name, address, IDs) but also include things like payment, medical, and insurance information. We process payment information (e.g., credit cards) as directed for subscriptions (but we do not keep it following processing). Internally, we assign each user a unique ID that is used only within Dashlane systems.

• Commercial Information such as records of products or services purchased, or purchasing or consuming histories. We collect information about payment history and what Dashlane plan is associated with a user or Account. 

• Internet or Other Electronic Network Activity Information such as browsing history, search history, or information regarding a users’ interaction with a website, application, or advertisement. We collect IP addresses as noted below. We collect information about which Site pages visitor interacts with, as well as which of our advertisements (if any) they saw prior to visiting the Site. Apps must be able to recognize sites or services users visit to autofill fields, but this occurs locally, on the user device, and this information is only available to Dashlane on an aggregated, anonymous basis. 

• Imprecise Geolocation data. We collect the originating IP for all Users and what IP addresses the user accesses the Services from. We retain 45 days of IP activity for all users in our production logs.  Backups of these logs are stored in a segregated environment for an additional year. In addition, we collect and share the IP addresses of certain individuals with whom Dashlane items are shared as described in Section 5. 

• Audio, Electronic, Visual, or Similar Information. We record sales, support, and user research calls, which may be audio only or audio and video, with affirmative consent. We may retain this information for up to two years.

• Professional or employment-related information. We may collect this information for administrators of B2B Accounts and prospective B2B customers. Also, if you are a B2B User, we know who your employer is.

• Inferences that can create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.  We do not collect this information for B2C users. 

• Sensitive Personal Dara. This includes items such as financial or medical account information, government ID information, racial and other “protected” demographic information, and biometric information. Although users may choose to store this information in their Secured Data, except for payment information and when required to restore access to an Account as noted above, we do not collect this information. 

3. HOW DOES DASHLANE OBTAIN DATA? 

We collect information in the following ways: 

a. Information You Provide. 

• Registration Data. You must create an Account to use an App, and to do so you must provide a valid email address (unless you are a B2B User logging in via SSO). You may also provide a phone number (to set up two-factor authentication) and / or an additional email (for example, if you change your primary email). You must provide billing data to subscribe to the Services. For B2B Accounts, Registration Data includes the business name, mailing address (if paying by invoice), and administrator contact information. It is critical to keep Registration Data current. We must be able to verify the Account owner to respond to user support requests. If you lose access to the contact email or phone number associated with your Account (if applicable), you may be locked out of your Account, and we may be unable to help you. We store Registration Data for up to 30 days after Account deletion.

• Billing Data. We use third parties to process payments made through the Site. We may store partial payment information (such as the expiration date and last four digits of a credit card) for tax compliance and user support purposes. We may be able to access the name, address, and phone number associated with a payment method on a payment processor’s service, but this information is only stored by the processor. We never have complete payment information for Accounts, nor do we receive or store Billing Data if you pay for a Subscription through the Google Play or Apple App Stores (“App Stores”). Billing Data is retained for up to 30 days after Account deletion.

• Master Password. Except for users of B2B Accounts configured for SSO login and those who use passwordless login, each user must create a “Master Password,” which is used to access their Account and generate the encryption keys that protect their Secured Data. Apps do not store Master Passwords locally unless directed to by the user. If you do so and your device is stolen or compromised, your Secured Data may be exposed. Dashlane never has access to Master Passwords.

• Secured Data. Our Apps let you manage digital identity data, including sensitive information such as credit card numbers and site or application credentials. This, and everything else you store on the Apps, is Secured Data. Secured Data is always encrypted when transmitted and stored and may only be decrypted locally on an authorized device. Dashlane cannot access Secured Data on our servers because we do not have the encryption keys, which are unique to each user. See our Security Whitepaper for details. Secured Data is deleted when you delete your account.  Secured Data is also deleted as part of the automatic deletion of accounts that have been inactive for more than 13 months.

• Support and Correspondence. You may provide Personal Data in connection with customer support requests and inquiries from our Site. Customer support histories are maintained for up to 30 days after Account deletion. 

• Feedback. If you provide Feedback, including reviews posted on social channels, App Stores, or sites like Trustpilot, or suggestions made in connection with market research, we may use Personal Data provided with the Feedback to respond to you. We may use Feedback without limitation as described in the Terms. 

• Requests for Product Information. Certain information intended to inform potential customers of Dashlane’s commercial offerings (“Business Prospects”) is available from our Site only after providing a verified email.

• Other Data. We may also collect other types of information in the manner disclosed by us when the information is collected. 

b. Data You Provide About Others. The Services let you invite others to try the Apps or join your Account. If you do this (or are invited this way), Dashlane will store the invitee’s email address and the message sent to them to follow up (and, if applicable, credit the referrer with a referral bonus). We will let the invitee know who referred them, and let them request that their information be deleted from our systems. The referrer or invitee may contact the Support Center to request removal of this information. By referring someone to Dashlane or sharing their Personal Data with us, you represent that you have their permission to do so.

c. Data Collected by Technology.  

• IP Address. We collect user IP addresses as described above. This data is used to provide cthe Services and for compliance purposes (e.g., using the region associated with an IP address to display local regulatory notices). We retain 45 days of IP activity for all users in our production logs.  Backups of these logs are stored in a segregated environment for an additional year.

• Device and Browser Data. We automatically log the following information (as applicable) when you access the Services or visit the Site: operating system name and version, device identifier, browser type, and browser or device language. Some of this data is collected using cookies, as explained in the Cookie Policy. This data is used to secure your Account, ensure the Site and Services are presented in the correct language and optimized for your device, and facilitate customer support. This data is not deleted, but is anonymized within 30 days of Account deletion.

• Usage Data. We use logs to collect data about the use of the Services (“Usage Data”). We maintain two types of Usage Data:

o “Event Data” records the Apps’ internal functions (e.g., what features are enabled, how many credentials are stored in Secured Data), and is used to provide relevant information and support to the user and to deliver, analyze, and improve the Services. Event Data does not include information about how the Services interact with third parties (e.g., while we know how many passwords a user has, we do not know which sites or services those passwords are for). Event Data is fully anonymized after an Account is deleted (even if the same user created a new Account, Event Data from the old Account could not be associated with the new one). Retention of anonymized Event Data is necessary to maintain accurate historical records of the use of the Services.  

o “Behavioral Data” is information about what users do outside of the Services (e.g., sites where autofill is used to sign in; what sites or apps a user has credentials for in their Secured Data). Behavioral Data is critical to the Services’ proper operation – Apps must recognize the site a user is logging into to populate the credentials, for example. Certain Behavioral Data is available to authorized administrators of B2B Accounts (each, a “B2B Admin”) on an individual basis so Client Admins can  improve Client security (e.g., B2B Admins can see whether an individual user has compromised credentials), but is only available to Dashlane on a fully anonymized basis (e.g. Dashlane can see what percentage of all users have credentials for a specific site, but not whether any individual user has credentials for that site).

Certain Dashlane personnel can access Event Data to analyze the use of the Services and provide user and technical support. Both Event Data and Behavioral Data are used by the Services to automatically generate context-appropriate alerts (e.g., Account set-up notices), and to generate aggregated data. 

• Aggregated Data. We derive additional information about the use of the Services by aggregating Usage Data (e.g., number of users within a particular jurisdiction, most popular features). Aggregated data is Anonymous Data, is owned by Dashlane, and is primarily used to help analyze and improve the Services.

• Cookies. As described in our Cookie Policy, we use cookies and similar technologies to recognize individuals and/or their device(s) and provide a personalized experience when interacting with the Site and Services.  Cookies that are not essential to the operation of the Services can be disabled at any time here.

d. Data obtained from Third Parties.  

• Business Users.  If you are a B2B User, your B2B Admin may provide your email or SSO information as part of Account creation.

• Service Providers; Media and Data Licensors. We receive information about users from our service providers (such as when validating an Account with a payment processor or when monitoring App performance with analytics services). We may also obtain user information from publicly available sources like social media accounts, review sites, and forums. We obtain information about Business Prospects from data enrichment services and brokers. We carefully review the legal terms and business and security practices of all service providers from which we receive this information to ensure that they comply with applicable laws and this Policy. 

• Business Transaction Partners. We may receive Personal Data in connection with an actual or prospective business transaction (for example, we may receive Personal Data from an entity we acquire or are acquired by).

4. HOW DOES DASHLANE USE PERSONAL DATA? 

a. Service Delivery and Operation. Dashlane uses Personal Data to provide and promote the Services and respond to your requests, including to: 

• Establish, maintain, and secure your Account. 

• Identify you as a user and provide the Services you request.

• Perform fraud detection and authentication.

• Enable security features of the Services.

• Facilitate your invitations to others you invite to join the Services.

• Measure Usage Data to improve the Services and your interactions with them.

• Send you administrative notifications, such as payment reminders or support and maintenance advisories. You will receive these notices even if you opt out of marketing communications. 

• Provide you with interfaces and options you request or as required by the jurisdiction from which you access the Services.

• Provide support for the Services and respond to support inquiries and other requests. 

• Manage advertising efforts on third-party sites and platforms as described below.

• To collect and share user testimonials.

b. Service Personalization. Dashlane uses Personal Data to personalize the Services and for individual users, including to:

• Understand your needs and interests.

• Provide specific functionality based on user preferences and history. 

• Provide personalized information by identifying whether you have used specific features within the Services, visited certain pages on our Site, or seen one of our advertisements.

• Remember your selections and preferences as you navigate.

c. Service Improvement and Analytics. We may use your Personal Data to analyze your usage of the Service, improve the Service, improve the rest of our business, help us understand user activity on the Service, including which features are most and least used and how visitors move around the Service, as well as user interactions with our emails, and to develop new products and services. For example, we use Google Analytics for this purpose. Learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our Site here.

d. Automated Decision Making and Profiling. We do not use Personal Data for automated decision-making. Certain cross-platform advertising described below may be considered Profiling under some Privacy Laws.  Disabling all but essential cookies or setting the slider to “active” on the Do Not Sell or Share my Personal Information page will prevent this. 

e. Marketing and Advertising. We and our third-party advertising partners may collect and use your personal data for marketing and advertising purposes:

i. Direct marketing. We may send you Dashlane marketing information, including announcements about offerings from selected Dashlane partners. Where required by local laws, users must opt-in to receive marketing communications. Otherwise, marketing communications are activated by default, but users may always opt out of them at any time. Note that opting out of marketing communications will not affect delivery of administrative notifications described above. We may personalize these messages based on your needs and interests. You may opt-out of our marketing communications as described in the Email Communications section below. 

ii. Interest-based advertising. We and our third-party advertising partners may use cookies, pixels and other technologies to collect information (including the data described in the Automatic Data Collection section above) about your interactions with the Services, our communications and other third-party online services over time, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to those or similar users on other online properties. You can learn more about your choices for limiting interest-based advertising in section 7(e) below.

f. Compliance and Protection. We may use your Personal Data to:

i. comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, court orders, investigations or requests from government authorities;

ii. protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);

iii. audit our internal processes for compliance with legal and contractual requirements or our internal policies;

iv. enforce the terms and conditions that govern the Service; and

v. prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

g. To Create Aggregated and/or Anonymized Data. We may create aggregated, de-identified or other Anonymous Data from Personal Data. We may use data for any lawful business purposes. We do not attempt to reidentify deidentified information derived from Personal fata, except to test whether our deidentification processes comply with applicable law.

h. Corporate Transactions. We may share certain Personal Data in the context of actual or prospective corporate transactions as further described below.

i. With Your Consent. We may use your Personal Data for reasons not set forth above only with your specific consent.

5. HOW DOES DASHLANE SHARE PERSONAL DATA?

Dashlane will never sell your Personal Data (as “sell” is normally defined – see our U.S. State Privacy Rights Notice At Collection for information about “sales” as defined in U.S. State Privacy Laws) or use it except as stated in this Policy. We share your Personal Data in the following circumstances:

• Third Parties You Designate. You may use the Services’ “sharing” feature to make certain Secured Data available to others. When a third party who does not have a Dashlane account (a "Guest") accesses content shared by a B2B  user, the Guest’s IP address is made available to the administrator of that B2B Account. This processing is performed for the exclusive purposes of security auditing.

• Service Providers. We share Personal Data with service providers solely as required to provide the Services, including to create Accounts, provide support, process payments, or enable communication between you and Dashlane (for example, Personal Data related to customer support requests is available to our support agents on Zendesk). We review the security and data privacy practices of all service providers to ensure that they comply with applicable laws and this Policy. Secured Data stored by our data hosting provider (AWS) is always encrypted as described above. The Subprocessors List discloses what service providers have access to Personal Data in connection with our delivery of the Services.  

• Payment Processors. Any payment information you use to make a purchase on the Service is collected and processed directly by our payment processors, such as Stripe. Stripe may use your payment data in accordance with its privacy policy.

• Marketing and Advertising Partners. We provide hashed emails and/or device IDs to service providers to optimize our advertising efforts (e.g., ensuring that current users are not shown Dashlane ads on other sites). These providers are prohibited from using this information for any other purpose. We provide hashed emails of Business Prospects to data enrichment providers to improve marketing efforts. 

• Affiliates. This Policy applies to all entities that are owned by, or under common control with, Dashlane, Inc. (“Affiliates”). We share Personal Data among Affiliates as required to provide the Services and respond to requests. Certain Affiliates are in the United States, where privacy and related laws are not deemed adequate by European regulators to hold and protect Personal Data. To offer the levels of protection required, we have GDPR-compliant Data Processing Addenda in place among our EU and US Affiliates, in addition to the other measures indicated below. 

• Dashlane B2B Admins. B2B Admins have access to certain information about individual users’ activity that is relevant to organizational security. This includes Event Data, as well as certain Behavioral Data on an individual basis. For example, a B2B Admin can see the Password Health scores of their Business Users, and, depending on the Account type, receive real-time alerts when an employee is using a compromised credential.

• Corporate Transactions. We may disclose Personal Data in the context of actual or prospective transactions such as the purchase of another entity, or the sale or merger of Dashlane.

• Other Disclosures. We will inform you of any other disclosures of your Personal Data and obtain your consent prior to such disclosure. However, regardless of choice regarding Personal Data, Dashlane may disclose your Personal Data (a) where required to comply with law enforcement directives, applicable laws or governmental orders; or (b) if we believe in good faith that doing so is necessary to protect our rights, those of other users, or the Services. However, because of our zero-knowledge architecture, we are unable to provide Secured Data to any third parties, even if we are subject to a valid order. To the extent permitted by law, we will inform affected users of legally-mandated disclosures of Personal Data.

6. DATA SECURITY AND INTERNATIONAL TRANSFER 

a. We use robust physical, organizational, technical, and administrative measures to safeguard all data we hold or process, and we regularly reassess and revise our policies and practices to improve security. While we go to great lengths to protect your data, no method of data transmission or storage is totally secure; therefore, we cannot guarantee the security of data in our control. If you believe your data may have been compromised by us or the use of the Services, please contact our Support Center immediately.

b. Your information, including Personal Data that we collect from you, may be transferred to, stored by, and processed by us, our Affiliates, and service providers outside your home country, including in the United States, where data protection and privacy regulations may not offer the same protections as in other parts of the world. When we do so, we take all legally mandated steps designed to ensure that all Personal Data we or our service providers process (regardless of where it originates) is properly protected. By using the Services, you agree to the transfer, storing, or processing of your data in accordance with this Policy.

7. HOW CAN YOU CONTROL YOUR DATA?  

a. Changing Your Information and Privacy Settings. You can access and modify Personal Data associated with your Account, and modify your privacy and data preferences, through the “My Account” or “Settings” sections of the Apps. Contact our Support Center if you need assistance.

b. Email Communications. With your consent, we will periodically send you emails promoting the use of the Services, including tips on using the Apps, or highlighting offerings from select Dashlane partners. You can opt out of these emails by following the unsubscribe instructions included in each email, or by changing your privacy and data settings in the Services. You may also request removal through our Support Center. Unsubscribing from marketing communications will not affect operational and transactional communications, including breach notices and other alerts in the Apps, renewal emails, etc. 

c. Applications. You can stop all data collection of by an App by uninstalling that App. You may use the standard uninstall process for the relevant device or platform. Uninstalling an App does not delete your Account. To do that, see the instructions here.

d. Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change their settings. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, click here.

e. Advertising choices. You may be able to limit use of your information for interest-based advertising through the following settings/options/tools:

i. Browser settings. Changing your internet web browser settings to block third-party cookies.

ii. Privacy browsers/plug-ins. Using privacy browsers and/or ad-blocking browser plug-ins that let you block tracking technologies.

iii. Platform settings. Some platforms offer opt-out features that let you opt-out of use of your information for interest-based advertising. You may be able to exercise that option for Google and Facebook at the following websites: Google; Facebook.

iv. Ad industry tools. Opting out of interest-based ads from companies that participate in the following industry opt-out programs: Network Advertising Initiative;  Digital Advertising Alliance.   

v. The AppChoices mobile app lets you to opt-out of interest-based ads in mobile apps served by participating members of the Digital Advertising Alliance.

vi. Mobile Settings. Use your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

You will need to apply these settings on each device and browser from which you wish to limit the use of your information for interest-based advertising purposes. We cannot offer any assurances as to whether the companies we work with participate in the opt-out programs described above. 

Additional options for controlling interest-based advertising are located in our U.S. State Privacy Rights Notice At Collection and Cookie Policy. 

8. PRIVACY LAW RIGHTS 

a. Data Controller. For the purposes of the GDPR, where we are acting as a controller, the controller is Dashlane SAS of 21 Rue Pierre Picard, 75018 Paris, France. Inquiries regarding the processing of data subject to the GDPR may be sent to our data protection officer at dpo@dashlane.com. 

b. Sale and Sharing of Personal Data. We never exchange Personal Data for money or any other consideration (e.g., trade it for free services). However, when you click on an ad that sends you to the Site, we send a unique identifier to the referring site so they can receive credit for the referral. This is deemed ”sharing” under California’s Privacy Laws, and you can turn this off by visiting the Do Not Share or Sell My Personal Information page.

c. Individuals subject to Privacy Laws have some or all the following rights with respect to their Personal Data that we process. We will honor these requests when made by any user, subject to the requirements of the relevant Privacy Laws (if applicable. 

• Withdraw Consent: You may withdraw your consent to our processing of your Personal Data, in whole or in part (i.e., for marketing purposes). Certain Services may be ineffective upon opt out.  

• Access / Request Information: You may access the Personal Data we hold about you at any time via your Account or by contacting us directly.

• Modification: You may modify incorrect or outdated Personal Data we hold about you at any time via your Account or by contacting us directly.

• Erase and Forget. In certain situations, for example when Registration Data we hold about you is no longer relevant or accurate, you can request that we erase it. If you delete your Account, all Personal Data will automatically be erased within 30 days of the date of deletion. Because of the sensitive nature of Secured Data, we will never delete a user’s Account ourselves; Accounts MUST be deleted by the user or the “controller” or equivalent entity. 

• Portability: You may request a copy of your Personal Data and may always move it to other entities as you choose. The Services allow you to export Secured Data at any time.

• If you are a U.S. resident, see our U.S. State Privacy Rights Notice At Collection for additional rights that you may have.

d. If you want to exercise any of these rights, please submit the request via the “Privacy and Data Settings” page accessible from the “Account” or “Settings” sections of the Apps. If you need assistance, please visit our Support Center or write us at the address below. In your request, please make clear: (i) what Personal Data is concerned; and (ii) which rights you want to enforce. For your protection, we may only fulfill requests with respect to the Personal Data associated with the email address you send your request from, and we may need to verify your identity. We will comply with your request promptly, but in any event within the legally mandated timeframes. If you are not subject to Privacy Laws, we nonetheless try to fulfil all requests within 45 days. We may retain limited Personal Data for recordkeeping purposes or to complete transactions that you began prior to requesting certain requests.

e. We do not and will not discriminate against any user (such as by providing worse service or charging more for them) who exercises any of the above rights.

9. MISCELLANEOUS 

a. Third Party Services. The Service may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

b. Contact Information; Complaints. If you have questions, concerns, or complaints about this Policy or our data collection or processing practices, or if you want to report any security violations, please contact us through our Support Center, email legal@dashlane.com or dpo@dashlane.com, or write the address below:

Dashlane, Inc. 

Attn: Legal  

44 West 18^th Street., 4^th Fl.  

New York, NY 10011  

c. Swiss, EU and UK Users Only. We hope to promptly resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, you may always contact your local data protection supervisory authority, a list of which is available here.

10. U.S. STATE PRIVACY RIGHTS NOTICE AT COLLECTION

a. General.

This State Privacy Rights Notice At Collection (the “Notice”) is part of our full Privacy Policy. Except as noted below, this Notice applies to residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, and other states to the extent they have Privacy Laws that grant their residents the rights described below (collectively the “State Privacy Laws”).

This Notice describes how we collect, retain, use, disclose, sell and share Personal Data of residents of these states for the purposes of targeted advertising, and the rights these users may have with respect to such data. Not all rights apply to all individuals; you may not be able to exercise rights that  your state does not grant. In addition, we may not be able to process your request if you do not provide the information needed we need to confirm your identity and process your request.

As used in this Notice, the term “personal information” means information that relates to a specific natural person, or that is reasonably capable of being used to identify, contact, or precisely locate a natural person, household, or a particular computing system or device. 

We do not attempt to re-identify deidentified information derived from personal information, except for the purpose of testing whether our deidentification processes comply with applicable law.

b. Your Privacy Rights

You may request to exercise the rights below. We will respond to your request in accordance with applicable law. We may decline to honor your request where an exception applies. As noted elsewhere in the Privacy Policy, we will make reasonable efforts to honor these requests even if State Privacy Laws do not apply to you. 

i. Right to know

• You can request to know whether we process your personal information.

• You can request the following information about how we have collected and used your personal information during the past 12 months and how we will continue to do so:

o The categories of personal information that we have collected.

o The categories of sources from which we collected personal information.

o The business or commercial purpose for collecting, selling, and/or sharing personal information for targeted advertising purposes.

o The categories of personal information that we sold or shared for targeted advertising purposes, and the categories of third parties to whom this information was sold or shared, categorized by the type of personal information for each type of third party.

o The categories of personal information that we disclosed for business purposes and the types of entities to whom this information was disclosed.

o The specific third parties to which we have disclosed personal information.

ii. Access. You can request a portable copy or representative summary of the personal information that we have collected about you.

iii. Correction. You can ask us to correct inaccurate personal information that we have collected about you.

iv. Deletion. You can ask us to delete the personal information that we have collected from or about you.

v. Revoke Consent. You may have the right to revoke your consent to our processing of your personal information.

vi. Opt-Out.

• Opt-out of targeted advertising. We may process and share personal information for targeted advertising purposes. You can opt out of the use of your personal information for targeted advertising purposes.  We do not otherwise “sell” personal information.

• We do not knowingly sell or "share" personal information (including Sensitive Personal Information) of minors under 18 years of age.

• Automated decision making. We do not use your personal information to engage in automated processing or profiling personal information to evaluate, analyze, or predict personal aspects related to your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements to make a decision that produces legal or similarly significant effects.   

c. Sensitive Personal Information

i. California Residents. We may collect certain categories of Sensitive Personal Information as described in this Privacy Policy. We use Sensitive Personal Information as necessary for certain business purposes, including providing goods or services as requested; ensuring safety, security; and integrity; countering wrongful or unlawful actions; short term transient use such as displaying first party, non-personalized advertising; performing services for our business, including maintaining and servicing Accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of our business; activities relating to quality and safety control or product improvement; and other collection and processing that is not for the purpose of inferring characteristics about an individual.

While we process certain categories of Sensitive Personal Information as described in this Privacy Policy, we do not process Sensitive Personal Information for purposes beyond those listed above.

ii. Residents outside California: You can opt-out of our processing your Sensitive Personal Information by electing not to provide it to us or by notifying us of your opt-out.

d. Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the State Privacy Laws.

e. Appeal. You can appeal our denial of any request validly submitted.

f. Exercising your rights under this Notice.

If you want to exercise any of these rights, please submit the request via the “Privacy and Data Settings” page accessible from the “Account” or “Settings” sections of the Apps (if you cannot do so directly from within these sections). If you need assistance, please visit our Support Center or write us at the address below. In your request, please make clear: (i) what Personal Data is concerned; and (ii) which rights you want to enforce.

We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. 

Exercising your right to opt-out of/revoke your consent to the “sale” of your personal information or “sharing” of your personal information for targeted advertising purposes.  You can submit requests to opt-out of targeted advertising and other sales of personal information, through the Support Center, or by broadcasting the Global Privacy Control signal. These signals set your opt-out preferences only for the particular browser or device you are using and any consumer profile associated with that browser or device.

g. Verification of Identity; Authorized agents. 

i. We may need to verify your identity to process your requests and reserve the right to confirm your residency. We may need to request your driver’s license or similar government ID in order to verify your identity and protect against fraudulent requests (which we will do via our third party provider of thee services). In most cases, this is not required as we can verify your identity based on the requesting email and Registration Data. As a reminder, because of the sensitive nature of Secured Data, we do not delete Accounts ourselves but require the Account owner to do so. 

ii. Under some State Privacy Laws, you may enable an authorized agent to make a request on your behalf. However, we may need to verify your authorized agent’s identity and authority to act on your behalf. Depending on the kind of request you have made, we may require a copy of a valid power of attorney given to your authorized agent pursuant to applicable law. If you have not provided your agent with such a power of attorney, we may ask you to take additional steps permitted by law to verify that your request is authorized, such as by providing your agent with written and signed permission to exercise your State Privacy Law rights on your behalf, the information we request to verify your identity, or confirmation that you have given the authorized agent permission to submit the request.

h. Personal information that we collect, use and disclose. We have summarized the personal information we collect and may disclose, sell to or share with third parties by reference below to the categories of personal information defined in the “What Personal Data does (and doesn’t) Dashlane collect?,” “How does Dashlane use Personal Data?,” and “How does Dashlane Share Personal Data?” sections of the Privacy Policy above and the categories of personal information specified in state law. The following table describes our practices currently and during the 12 months preceding the effective date of this Privacy Policy. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below. See our full Privacy Policy for descriptions of each entry in this table. 

i. Consumers under 18. We do not have actual knowledge that we have collected, sold, or shared the personal information of residents who are under 18 years of age.

j. Additional information for Nevada residents. Nevada residents have the right to opt out of the sale, as defined, of certain personal information for monetary consideration. While we do not currently engage in such sales, if you are a Nevada resident and would like to make a request to opt out of any potential future sales, please email legal@dashlane.com.

k. Additional information for Connecticut residents. We do not collect, use, or sell personal data for the purpose of training large language models (“LLMs”).

l. Retention Period for Personal Information. We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, including Sensitive Personal Information, we may consider factors such as the length of time we have an ongoing relationship with you and provide services to you; the amount, nature, and sensitivity of the personal information; the potential risk of harm from unauthorized use or disclosure of your personal information; the purposes for which we process your personal information and whether we can achieve those purposes through other means; whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); whether retention is advisable in light of our legal position, such as in regard to applicable statutes of limitations, litigation or regulatory investigations; and applicable legal requirements. For example, we will retain your personal information for as long as you have an account with us or keep using our services, and the length of time thereafter during which we may have a legitimate need to reference your personal information to address issues that may arise. When we no longer require the personal information we have collected about you, we may either delete it or de-identify it. 

m. Contact Us. If you have questions or concerns about our privacy policies or information practices, please contact us through our Support Center, email legal@dashlane.com or dpo@dashlane.com, or write the address below:

Dashlane, Inc.

Attn:  Legal 

44 West 18^th Street, 4^th Fl. 

New York, NY 10011