LAST UPDATED: August 1, 2020
This Policy describes how we obtain and use personal data (which can be used to identify a specific individual) and anonymous data (which can’t) about our users. Certain provisions of the Policy, which are clearly labelled, apply only to users who are citizens or residents of particular regions (e.g., the EU or California). We may change this Policy at any time by posting the revised Policy here. We will notify current users of the changes through email, in-app notifications, or otherwise. You never have to provide Personal Data, but we need certain Personal Data (like your email for account creation) in order to provide the Services. We try to collect only what we need. The Services are not directed at children, and we will remove any information we have about children who are not invited users under a Family Plan when requested.
www.dashlane.com (together with its subdomains, such as the Dashlane blog, the “Site”) and users of our mobile, desktop and web applications (each an “App” and, collectively, the “Apps”), which are available from the Site and third party sellers like the Google Play and Apple App Stores (any such seller, an “App Store”). The Apps and the Site together are the “Services.” “You” or “user” refers to any user of the Services, including, as applicable, visitors to the Site. Capitalized words used but not defined in this Policy have the meanings provided in ou Terms of Service
b. Region Specific Provisions. Certain provisions of the Policy apply only to residents of, or people subject to the laws of, jurisdictions with specific statutes governing individuals’ rights over their Personal Data (as defined below), such as the California Consumer Privacy Act (“CCPA”), the European Union’s General Data Protection Legislation (“GDPR”) and Brazil’s LGPD. These provisions are clearly labeled. Otherwise, the Policy applies to all users of our Services.
c. Changes. We may change this Policy at any time. When we do so, we will post the updated Policy on this page and, if the changes are material, inform existing users through email or the Services.
d. Children. The Services are not directed to children. However, children who are invited to use the Services by a parent or guardian (under a family plan or equivalent) may do so. If you become aware that a child (based on the jurisdiction where the child lives, which in the United States means someone under the age of 13) has provided us with Personal Data without parental consent, contact our
help center. We will promptly remove the information from our systems.
e. Personal and Anonymous Data. As used in this Policy, “Personal Data” means information which, either alone or when combined with other information we hold, identifies an individual, such as name, mailing address, email address, IP address, and telephone number. By contrast, “Anonymous Data” means data that, alone or combined with other information available to us or a third party with whom the data is shared, does not permit identification of an individual. We collect and use both Personal Data and Anonymous Data as described below.
f. Why Do We Need Your Personal Data? We need certain Personal Data to provide the Services. You will be asked to provide this information — and must agree to this Policy and the Terms —to download and use the Apps. This consent, which you may withdraw at any time, provides the legal basis we need to process your Personal Data. You are not required to provide the Personal Data that we request, but we may not be able to provide you with the Services or respond to your inquiries if you don’t.
PARTICULARLY IMPORTANT INFORMATION (CERTAIN JURISDICTIONS)
a. (EU, UK, AND BRAZILIAN USERS).
i. Who We Are. For the purpose of the GDPR, LGPD, and other legislation that requires the identification of a data controller of your Personal Data, the controller is Dashlane SAS of 21 Rue Pierre Picard, 75018 Paris, France. You may contact our data protection officer at email@example.com.
ii. Must Read Sections: Please carefully review the sections entitled “Data Security and International Transfer” and “Your Rights Regarding Personal Data.”
b. (CALIFORNIA AND NEVADA USERS).
i. Sale of Personal Data. You may opt out of all sales of your Personal Data on the
Do Not Sell my Personal Information
We never exchange Personal Data for money or any other consideration (e.g., trade it for free services)
. However, the CCPA’s definition of “sale” is very broad, and may include situations like when browsing data is sent to referral advertisers (when you click on an ad that sends you to Dashlane, we send a hashed identifier to the referring site so they can receive credit for the referral). While we only send what is needed to properly record the referral, the fact that you clicked on the link and visited Dashlane may be added to your profile by the ad publisher. This is all done on the Site with “Publisher Cookies” (as defined in our
HOW DOES DASHLANE OBTAIN DATA?
We get data that you provide (such as when you create an Account or pay for a Subscription), that others provide (when you are invited to use Dashlane by your employer), that we obtain automatically from the Apps or through cookies, and from third parties. Personal Data we collect includes your email (used to create an Account) and (for Subscriptions) certain billing information, although complete payment information is only stored by our payment processors.
We do not and cannot know your Master Password and, because of that, we do not and cannot know what Secured Data you store on the Services
. We use technology, including cookies, to collect usage data that we use to provide and improve the Services. Additional information is available in our
We collect information in the following ways:
a. Information You Provide.
. You must create an Account to use an App, and to do so you must provide an email address that will be used as your login to the Services.
The only Personal Data required to open a Dashlane Free account is your email
. We store registration data until you delete your Account and for up to seven (7) days afterwards. For paid Accounts, we collect the billing data specified below. For Dashlane Business Plan Accounts, registration data includes the business name and mailing address, administrator contact information, and may include the business email addresses of Plan users. It is critical to keep your registration data current. Because the Services are designed to keep your most important information secure, we must be able to verify that you are the Account owner to respond to certain customer service requests. If you lose access to the validated email address associated with your Account or a phone number used to validate your identity (if applicable), you may be locked out of your Account, and we may be unable to help you.
. We use third party service providers (currently Stripe, Checkout.com, ProcessOut, and PayPal) to process payments made through the Site. We store the expiration date and last four digits of your credit card for tax compliance and user support purposes. Depending on the provider, we may be able to access the name, address and phone number associated with a payment method on the payment processor’s service, but complete credit card information is only stored by the processor. We do not receive or store any billing data if you pay for a Subscription through an App Store. Billing data is retained until you delete your Account and for up to seven (7) days afterwards.
. To create an Account, you must create a “Master Password,” which is used to generate the encryption keys that secure the information you store in the Apps (“Secured Data” as further defined below). Ultimately, the more secure your password is, the safer your Secured Data will be. This is because,
even if a hacker somehow obtained all the Secured Data on our servers, they would have to hack each Account separately
(because Secured Data is always encrypted when we have it, and the encryption is based on the Account’s Master Password). Each user must create their own Master Password, unless they access the Services through a Business Plan with the single sign on (SSO) feature enabled, in which case the encryption key is generated when the user is validated by the client’s SSO provider. Dashlane’s Zero Knowledge technology ensures that we do not and cannot know our users’ Master Passwords or the data used to generate the SSO encryption key, so we cannot access Secured Data. In addition, Apps do not store Master Passwords locally unless specifically directed by the user. Note that if you direct an App to retain your Master Password and your device is stolen or compromised, your Secured Data may be exposed.
. Our Apps let you manage digital identity data, including highly sensitive information like credit card numbers and site or application credentials. This, and everything else you store on the Apps, is Secured Data, and is encrypted and stored locally on your device(s) and on Dashlane’s servers using a random key generated from your Master Password. Secured Data is encrypted at all times on Dashlane servers and cannot be accessed by Dashlane because the encryption key is generated from the Master Password. See our
for detailed information about how Dashlane protects your Secured Data.
Support and Correspondence
. You may provide Personal Data in connection with user support requests and inquiries from our Site. User support histories are maintained until the associated Account is deleted and for up to seven (7) days afterwards.
. If you provide us with Feedback, including reviews posted on App Stores or sites like Trustpilot, or suggestions made via Productboard and other direct research or outreach, we may use Personal Data provided in connection with the Feedback in order to respond to you. We may use Feedback without limitation as described in the Terms.
. We may also collect other types of information in the manner disclosed by us when the information is collected.
b. Data You Provide About Others. The Services let you invite others to try the Apps. If you do this (or are invited this way), Dashlane will store the invitee’s email address and the message sent to them in order to follow up (and, if applicable, credit the referrer with any referral bonus or equivalent). We will let the invitee know who referred them to Dashlane, and let them request that their information be deleted from our systems. The referrer or invitee may contact the
help center to request removal of this information.
c. Data Collected by Technology.
Device and Browser Data
. We automatically log the following information about your computer or mobile device when you access the Services: operating system name and version, device identifier, browser type, browser language, and IP address. Some of this data is collected using cookies, as explained in the
. This data is used to secure your Account, ensure the Services are presented in the correct language and optimized for your device, facilitate customer support, and for tax and compliance purposes (e.g., using the region associated with your IP address to display local regulatory notices). This data is kept in our system until you delete your Account and for up to seven (7) days afterwards.
. Like many services, we use logs to collect data about the use of the Services (for example, use of features and interactions with the Apps and the Site) in order to provide and improve the Services (“Usage Data”). Usage Data is kept logically separated from Personal Data. Certain Dashlane personnel can access Usage Data to analyze the use of the Services and provide user and technical support. Usage Data is also used to automatically send context-appropriate messaging within the Services (e.g., account set-up notices), and to generate Aggregated Data.
. We derive information about the use of our Services by aggregating Usage Data (e.g., number of users within a particular jurisdiction, most popular features). This “Aggregated Data” is Anonymous Data, is owned by Dashlane, and is primarily used to help analyze and improve the Services.
. As described in our
d. Data obtained from Third Parties. We receive information about users from our Service Providers (such as when validating an Account with a Payment Processor), from other users (when you are invited to try the Services) or the Admins of Business Plans, from publicly available sources like social media accounts, and from data providers such as marketing partners and researchers, where they are legally allowed to share your Information with us.
HOW DOES DASHLANE USE YOUR PERSONAL DATA?
We use Personal Data to validate your Account, provide the Services, provide user support, communicate with you, and coordinate marketing efforts. We do not perform any automated decision making or profiling with your Personal Data.
a. General. Dashlane uses Personal Data to provide and promote the Services and respond to your requests, including to:
Establish, maintain, and secure your Account.
Identify you as a user and provide the Services you request.
Perform fraud detection and authentication.
Measure traffic and usage activity to improve the Services and your interactions with them.
Send you administrative notifications via email or within the Services, such as payment reminders or support and maintenance advisories. You will receive these notices even if you choose not to receive marketing communications.
Provide you with the correct interfaces and options required by the jurisdiction from which you are accessing the Services.
Provide personalized information across the Services by identifying whether you have used specific features within the Services, visited pages on our Site, or seen one of our advertisements.
Respond to customer support inquiries and other requests.
Promote the Services or send you other Dashlane marketing information, including announcements about offerings from selected Dashlane partners. EU and UK users must opt-in to receive marketing communications when creating an Account or afterwards. Users elsewhere (and those in the EU and UK who have previously opted in) may always elect to stop receiving such communications.
Manage advertising efforts on third party sites and platforms as further described below.
b. Automated Decision Making and Profiling. We do not use your Personal Data for automated decision-making.
HOW DOES DASHLANE SHARE PERSONAL DATA?
We never sell our users’ Personal Data. To provide the Services, we share Personal Data with service providers who are contractually obliged to comply with all applicable laws (e.g., GDPR) and who only have access to the data they need to provide the relevant Services. If you direct us to share Secured Data (which may include Personal Data) through the Services, we will do so. We share hashed, encrypted user emails and device ids with advertisers to refine advertising efforts (e.g., so an active user does not see Dashlane ads on third-party sites and platforms). We may share Personal Data with our affiliates, all of whom are bound by this Policy, and with an acquirer if Dashlane is sold or merged. We have no way to access Secured Data. Dashlane Business Plan Administrators can access certain Personal Data and Usage Data about the users of that Plan. Finally, we may disclose Personal Data where required by law or where we believe it is necessary to protect our rights or the Services.
Dashlane will never sell your Personal Data (as “sell” is normally defined – see Sections 2(b) and 8 for information about “sales” as defined in California) or use it except as stated in this Policy. We share your Personal Data in the following circumstances:
Third Parties You Designate
. We may share Secured Data (which may include Personal Data) with third parties where you have instructed us to do so (e.g., by using the Services’ “sharing” or “emergency contact” features). While this data is transferred through our servers, we do not have access to it, as noted elsewhere in this Policy.
. We provide Personal Data to service providers solely as required to provide the Services, including to create Accounts, provide technical support, process payments, or enable communication between you and Dashlane (for example, Personal Data needed to respond to and resolve customer support issues is available to our agents on Zendesk). We review the security and data privacy practices of these service providers to ensure that they comply with applicable laws and this Policy. Secured Data stored by our data hosting provider (AWS) is always encrypted as described above. The
discloses what service providers have access to Personal Data in connection with our delivery of the Services.
. We provide hashed emails and / or device IDs to service providers to optimize our advertising efforts (e.g., ensuring that current users are not shown Dashlane ads on other sites). Our agreements with these providers prevent them from using the information we provide for any other purpose, including augmenting profiles they maintain.
. This Policy applies to all entities that are owned by, or under common control with, Dashlane, Inc. (“Affiliates”). We share Personal Data among Affiliates as required to provide the Services and respond to requests. Certain Affiliates are in the United States, where privacy and related laws are not deemed adequate by European regulators to hold and protect Personal Data subject to the GDPR. To offer the levels of protection required by European law, we have Data Processing Addenda or equivalent documents in place among our EU and US Affiliates, in addition to the other measures indicated below. Our US Affiliates are also
Privacy Shield certified
Dashlane Business Plan Administrators
. Administrators of Dashlane Business Plan Accounts can see the email addresses used to access the plan and certain Usage Data, including how many credentials are stored by individual users (but not which ones), password scores, and whether a password has been re-used (but not the sites on which the passwords were re-used or the password itself).
. If Dashlane or its business or assets are acquired by, or merged into, another company, that company will possess any Personal Data we hold at such time, and will assume our rights and obligations under this Policy. Accordingly, we may share Personal Data in connection with any such transaction. Personal Data and other information may also be transferred as a business asset in the event of Dashlane’s insolvency, bankruptcy, or receivership.
. We will inform you of any other disclosures or your Personal Data, and obtain your consent, prior to such disclosure. However, regardless of your choices regarding Personal Data, Dashlane may disclose your Personal Data (a) where required to comply with law enforcement directives, applicable laws or governmental orders; or (b) if we believe in good faith that doing so is necessary to protect our rights, those of other users, or the Services.
DATA SECURITY AND INTERNATIONAL TRANSFER
We strive to protect the safety and security of all data in our possession, including Personal Data, through a variety of means, and we continually work to improve and update these practices. However, we cannot and do not guarantee the security of Personal Data we process. Personal Data may be transferred to jurisdictions with less strict privacy and related regulations than those in your home country, including the U.S., but we use technical and other measures that comply with EU regulations to protect Personal Data when processed in the U.S.
a. We use robust physical, organizational, technical, and administrative measures to safeguard all data we hold or process, and we regularly re-assess and revise our policies and practices to improve security. While we go to great lengths to protect your data, no method of data transmission or storage is totally secure; therefore, we cannot guarantee the security of data in our control. If you believe your data may have been compromised by us or the use of the Services, please contact our
help center immediately.
b. Your information, including Personal Data that we collect from you, may be transferred to, stored at, and processed by us, our Affiliates, and service providers outside your home country, including in the United States, where data protection and privacy regulations may not offer the same protections as in other parts of the world. When we do so, we will take the steps described in this Policy, including Sections 5 and 10, which are designed to ensure that all Personal Data we or our service providers process (regardless of where it originates) is secured as required by applicable law. By using the Services, you agree to the transfer, storing or processing of your data in accordance with this Policy.
HOW CAN YOU CONTROL YOUR DATA?
You can edit your Personal Data and adjust your privacy and data preferences via the “Settings” sections of the Apps. If you currently receive marketing emails and no longer wish to do so, you may unsubscribe from within any such email. Even if you do so, we will still send you operational and transactional emails (e.g., renewal notices). Uninstalling Apps from your devices will remove all data associated with the Apps. Removing your Apps does not delete your Account. To do that, see the instructions
a. Changing Your Information and Privacy Settings. You can access and modify Personal Data associated with your Account, and modify your privacy and data preferences, through the “Settings” or equivalent sections of the Apps. Contact our
help center if you need assistance.
b. Email Communications. With your consent, we will periodically send you emails promoting the use of the Services, including tips on using the Apps, or highlighting offerings from select Dashlane partners. You can opt-out of these emails by following the unsubscribe instructions included in each email, or by changing your privacy and data settings in the Services. You may also request removal through our help center. Note that unsubscribing from marketing communications will not affect operational and transactional communications, including breach notices and other updates from within the Apps, renewal emails, etc.
c. Applications. You can stop all collection of information by an App by uninstalling that App. You may use the standard uninstall process available as part of your desktop or mobile device or via the mobile application marketplace or network. Uninstalling an App does not delete your Account. To do that, see the instructions
YOUR RIGHTS REGARDING PERSONAL DATA
(EU, UK, CALIFORNIA, AND BRAZILIAN USERS)
EU, UK. Brazilian and California users have certain rights regarding their Personal Data, including the right to access and modify Personal Data held by providers (like us), and to have providers “forget” Personal Data that is no longer relevant. Most of these rights must be accessed from within the privacy and data preferences in the Services, but you may always contact us for assistance. Please include information about which rights you are seeking to exercise if you contact us. We may need to verify your identity before fulfilling your request. It should not need to be said, but we will never provide worse services to, or in any way punish anyone who chooses to exercise these rights. By the way, we strongly support the intent behind these laws, and will do our best to honor requests to exercise these rights even if you are not technically covered by one.
a. You have the following rights with respect to your Personal Data that we process. Except where indicated, these rights apply equally to users subject to the GDPR (and related laws), CCPA, and LGPD:
: You may withdraw your consent to our processing of your Personal Data, in whole or in part (i.e., for marketing purposes). Certain Services may be ineffective upon opt out.
Access / Request Information
: You may access the Personal Data we hold about you at any time via your Account or by contacting us directly.
: You may modify incorrect or outdated Personal Data we hold about you at any time via your Account or by contacting us directly.
Erase and Forget
. In certain situations, for example when the Personal Data we hold about you is no longer relevant or accurate, you can request that we erase your Personal Data. If you delete your account, all Personal Data will be erased within one year of the date of deletion.
: You may request a copy of your Personal Data and may always move it to other entities as you desire.
No Sale of Personal Data (California Users only)
: Go to the
Do Not Sell My Personal Information
page to stop all “sale” of your Personal Data. See Section 2(b) above for more information about how this works. Of course, any user can do this, regardless of jurisdiction.
b. If you wish to exercise any of these rights, please submit the request via the “Privacy and Data Settings” page accessible from the “Account” or “Settings” sections of the Apps. If you need assistance, contact th help center, email
firstname.lastname@example.org, or write us at the address below. In your request, please make clear: (i) what Personal Data is concerned; and (ii)
which of the above rights you would like to enforce. For your protection, we may only fulfil requests with respect to the Personal Data associated with the email address you send your request from, and we will need to verify your identity before doing so. We will comply with your request promptly, but in any event within the legally mandated timeframes (thirty (30) days for the GDPR and forty-five (45) days for the CCPA). We may need to retain certain information for recordkeeping purposes or to complete transactions that you began prior to requesting such change or deletion.
c. We do not and will not discriminate against any user (such as by providing worse Services, or charging more for them) who chooses to exercise any of the above rights.
CONTACT INFORMATION; COMPLAINTS
If you have questions, concerns, or complaints about this Policy or our data collection or processing practices, or if you want to report any security violations, please contact our help center, email email@example.com, or write the address below:
44 West 18th Street., 4th Fl.
New York, NY 10011
EU and UK Users Only
. We hope to promptly resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, you may always contact your local data protection supervisory authority, a list of which is available
Dashlane has self-certified with the U.S. Department of Commerce that we comply with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, which provide for certain protections regarding Personal Data of citizens of these jurisdictions.
a. Dashlane complies with the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks established by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EU and the United Kingdom and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles (as defined by the Department of Commerce). If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles will take precedence. To learn more about the Privacy Shield program, the Privacy Shield Principles and to view our certification, please visit
b. Our certification of compliance with the Privacy Shield Principles applies to both the Personal Data of our users and the Personal Data of our past and present employees collected in connection with their employment (“HR Data”). Dashlane commits to cooperate with the panel established by the EU data protection authorities (“DPAs”) and comply with the advice given by the panel regarding HR Data transferred from the EU in the context of the employment relationship. A list of DPA contacts is available
c. As described in the Privacy Shield Principles, Dashlane is responsible for Personal Data that it receives and subsequently transfers to third parties. If third parties that process Personal Data for us do so in a manner that does not comply with the Privacy Shield Principles, we are responsible for such failure, unless we prove that we are not responsible for the event giving rise to the damage.
d. In compliance with the Privacy Shield Principles, Dashlane commits to resolve complaints about our collection or use of your Personal Data. EU or Swiss individuals with inquiries or complaints regarding this Policy should first contact our help center.
e. Dashlane has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit
for more information or to file a complaint. JAMS’ services are provided at no cost to you.
f. As further explained in the Privacy Shield Principles, binding arbitration before a Privacy Shield Panel will also be made available to you in order to address residual complaints not resolved by any other means. Dashlane is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.