Welcome to Dashlane, where our mission is to make your digital life safer, simpler, and more secure. We believe that your identity should be just that—yours—and are dedicated to creating software that lets you control your information online.
LAST UPDATED: March 15, 2019
This Policy describes how we obtain and use personal data (which can be used to identify a specific individual) and anonymous data (which can’t) about our users. Certain provisions of the Policy, which are clearly labelled, apply only to residents of the European Union. We may change this Policy at any time and will post the revised Policy here and provide current users advance notice of the changes through email, Service notices, or otherwise. We need certain Personal Data about you (i.e., email for account creation, address information to verify payments) in order to provide the Services. We try to limit this as much as possible. The Services are not directed at children, and we will remove any information we have about children when requested.
www.dashlane.com (together with its subdomains, such as the Dashlane blog, the “Site”) and the users of our mobile, desktop and web applications (each an “App” and, collectively, the “Apps”), which are available from the Site and third party sellers like the Google Play and Apple App Stores (any such seller, an “App Store”). The Apps and the Site together are the “Services.” “You” refers to any user of the Services, including, to the extent applicable, a visitor to the Site. Capitalized words used but not defined in this Policy have the meanings provided in our Terms of Service (the “Terms”) which are available at www.dashlane.com/terms.
b. EU Specific Provisions. Certain provisions of the Policy apply only to residents of the European Union (the “EU”), and are clearly labeled as such. Otherwise, the Policy applies to all users of our Services, regardless of location.
c. Changes. We may change this Policy at any time. When we do so, we will post the updated Policy on this page and, if the changes are material, will inform existing users through the Services. Any changes to the Policy will be effective immediately for new users and thirty (30) days after we post notice of such changes on the Site or inform existing users of the changes.
d. Children. The Services are not directed to children. If a parent or guardian becomes aware that his or her child (based on the jurisdiction where the child lives, which in the United States means someone under the age of 13) has provided us with Personal Data without parental consent, he or she should contact us at email@example.com. We will remove such information from our systems as soon as reasonably practicable.
e. What is Personal Data? As used in this Policy, “Personal Data” has the meaning provided in the EU General Data Protection Regulation of 2018 (the “GDPR”), and includes any information which, either alone or combined with other information we hold, identifies an individual, such as name, mailing address, email address, IP address, and telephone number. By contrast, “Anonymous Data” means any data that, alone or combined with other information available to us or a third party, does not permit identification of an individual. We collect both Personal Data and Anonymous Data as set forth below.
f. Why Do We Need Your Personal Data? We need certain Personal Data in order to provide you with certain Services. You will be asked to provide this information — and must agree to this Policy and the Terms — in order to download and use the Apps. This consent, which you may withdraw at any time, provides us with the legal basis we need to process your Personal Data. If you do not agree to this Policy, you may not use our Services.
2. Particularly Important Information (EU Users Only)
a. Who We Are: For the purpose of the GDPR, the data controller of your Personal Data is Dashlane SAS of 21 Rue Pierre Picard, 75018 Paris, France. You may contact our data protection officer at firstname.lastname@example.org.
b. Must Read Sections: Please carefully review the sections entitled “Data Security and International Transfer” and “Your Rights Regarding Personal Data.”
3. How Does Dashlane Obtain Data?
We get data that you provide (such as when you create an Account or pay for a Subscription), that others provide (when you are referred by a friend) or that we obtain automatically from your browser or through cookies. Personal Data we collect includes your email (used to create an Account) and certain billing information, although complete payment information is only stored by our payment processors. We do not and cannot know your Master Password and, because of that, we do not and cannot know what Secured Data you store on the Services. We use technology, including cookies, to collect anonymous data that we use to provide and improve the Services.
We collect information in the following ways:
a. Information You Provide.
• Registration Data. You must create an Account to use an App. To create an Account, you must provide an email address that will be used as your login. You may also choose to provide a phone number, though this is not required. The only Personal Data required to open a Dashlane Free account is your email. We store registration data for so long as your Account is active. For paid Accounts, we collect the billing data specified below. Note that for Dashlane Business Accounts, registration data includes the business name and mailing address, administrator contact information, and may include email addresses for the users of the Services.
• Billing Data. We use third party service providers (currently, Stripe and PayPal) to process payments made through the Site. We store name, address and, where applicable, the expiration information and last four digits of your credit card for tax compliance and user support purposes. All other payment information (i.e., complete credit card information) is available only to our payment processors. We do not receive or store any billing data if you pay for an App through an App Store.
• Master Password. To create an Account, you must create a “Master Password,” which is the basis for the encryption key used to secure the information you store on the Apps. Each user (including those associated with a Dashlane Business account) must create his or her own Master Password. Dashlane’s patented “Zero-Knowledge Architecture” ensures that we do not know our users’ Master Passwords. In addition, Apps do not store Master Passwords locally unless specifically directed by the user (by choosing “Remember Password” or the equivalent, which we offer as a convenience feature to our users). Note that even if you select this option, you will have to re-enter the Master Password every fourteen days).
• Secured Data. Our Apps let you manage digital identity data, including highly sensitive information like credit card numbers and site or application credentials. Everything you store on the Apps (collectively, “Secured Data”) is encrypted and stored locally on your device(s) using a random key generated from your Master Password. Secured Data of Dashlane Premium users is also stored on Dashlane’s servers so that it may by synced among such user’s authenticated devices running the Apps. Secured Data is encrypted at all times on Dashlane servers and is not accessible to Dashlane because it is encrypted with a key generated from the Master Password.
• Support and Correspondence. You may provide certain Personal Data in connection with user support and inquiries from our Site. User support histories are maintained for so long as the associated account remains active and a reasonable time thereafter.
• Feedback. If you provide us with Feedback, we will collect your e‑mail address as well as the content of your email in order to respond to you. We may use any Feedback without limitation as described in the Terms.
• Other Data. We may also collect other types of information in the manner disclosed by us at the time such information is collected.
b. Data Collected from You About Others. The Services let you invite others to try the Apps. If you use this feature (or if you are invited using this feature), Dashlane will store the invitee’s email address and the message sent to him or her in order to follow up with the invitee (and, if applicable, credit the referrer with any referral bonus or equivalent). We will let the invitee know who referred him or her to Dashlane, and provide the opportunity to request that his or her information be deleted from our systems. The referrer or invitee may email email@example.com to request removal of this information.
c. Data Collected by Technology.
• Device and Browser Data. We automatically log the following information about you and your computer or mobile device when you access the Services: operating system name and version, device identifier, location data for mobile devices, browser type, browser language, and IP address. Some of this data is collected using cookies, as explained below. This data is used to secure your Account, ensure the Services are presented in the correct language and optimized for your device, facilitate customer support, and for tax and compliance purposes. This data is kept in our system for as long as your Account exists and a reasonable time thereafter.
• Usage Data. We collect data about the use of the Services (for example, tracking functions, use of features, and interactions with the Apps and the Site) in order to provide and improve the Services (“Usage Data”). Usage Data is kept logically separated from all Personal Data, and is Anonymous Data as defined above. We may use Usage Data for any lawful purpose.
• Aggregated Data. In addition to Usage Data, we may derive information about the use and users of our Services by aggregating data from large numbers of users (i.e., number of users within a particular jurisdiction). This “Aggregated Data,” like Usage Data, is Anonymous Data, and is primarily used to help analyze and improve the Services. We may use Aggregated Data for any lawful purpose.
i. We collect certain information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device until you delete them) to provide you with a more personal and interactive experience on the Services.
ii. We use two broad categories of cookies: (1) first party cookies, which we serve directly to your device, and are only used by us, and (2) third party cookies, which are served by service providers on our Services, and may be used by such service providers to recognize your computer or mobile device when it visits other websites.
iii. Cookies We Use
Type of Cookie
These cookies are essential to the proper functioning of our Services (i.e., they allow you to log in to your account). Without these cookies, the Services will not work correctly or cannot be provided, and we only use these cookies to provide the Services.
These cookies remember choices you make when you use the Services, such as your language preferences and which features of the Services you have activated. These cookies provide you with a more personal experience and ensure you don’t have to re-enter your preferences each time you use the Services.
These cookies are used to collect information about traffic to our Site and Usage Data. The information gathered does not identify any individual and does not include any Personal Data. The information is aggregated and anonymous. We use this information to monitor the level and nature of activity on the Services and to improve them.
We use Google Analytics and Heap for this purpose.
When we place advertisements on third party sites, we often include a cookie on a particular page of the Site that tracks what advertisement a user clicked on to come to the Site. The cookie is used to generate a unique identifier for the user so that we can properly track the performance of advertisements but does not include any Personal Data.
Note that we do not allow the placement of advertisements on our Site or Services.
iv. Disabling Cookies. You can typically remove or reject cookies in your browser settings. To do this, follow the instructions provided by your browser (usually located within the “settings,” or “tools” facility). Many browsers are set to accept cookies until you change your settings. Rejecting cookies may impair (or prevent) the functioning of the Services.
4. How Does Dashlane Use Your Personal Data?
We use Personal Data to validate your Account, provide the Services, provide user support, and communicate with you. We do not perform any automated decision making or profiling with your Personal Data.
a. General. Dashlane uses Personal Data to provide the Services and respond to your requests, including to:
• Establish, maintain, and secure your Account.
• Identify you as a user and provide the Services you request.
• Perform fraud detection and authentication.
• Improve the Services and your interactions with them.
• Send you administrative notifications, such as security or support and maintenance advisories. You will receive these notices even if you opt out of receiving marketing communications as set forth below.
• Provide you with the correct interfaces and options required by the jurisdiction from which you are accessing the Services.
• Respond to customer support inquiries and other requests.
• Promote the Services or send you other Dashlane marketing information. EU users must actively choose to receive marketing communications. Users elsewhere (and those in the EU who have previously opted in) may always elect to stop receiving such communications.
b. Automated Decision Making and Profiling. We do not use your Personal Data for automated decision-making. However, we may do so in the future to comply with applicable law, in which case we will inform you of any such processing and provide you with an opportunity to object.
5. How Does Dashlane Share PERSONAL DATA?
We never sell our users’ Personal Data. To provide the Services, we share Personal Data with service providers who are contractually obliged to comply with all applicable laws (i.e., GDPR) and who only have access to the Personal Data required for them to provide the relevant Services. Where you direct us to share Secured Data that contains Personal Data through the Services, we will do so. We may share Personal Data among our various affiliates, all of whom are bound by this Policy, and with an acquirer if Dashlane is sold or merged. We have no way to access Secured Data. Finally, we can disclose Personal Data where required by law or where we believe it is necessary to protect our rights or those of our other users.
Dashlane will never sell your Personal Data or use it except as stated in this Policy. We share your Personal Data in the following circumstances:
• Third Parties You Designate. We may share Personal Data you store on the Services with third parties where you have provided your consent to do so (i.e., by using the Services’ “sharing” or “emergency contact” features). While such data is transferred through the Services, we do not have access to it, as noted elsewhere in this Policy).
• Service Providers. We provide Personal Data to third party service providers solely as required to provide the Services, create accounts, provide technical support, process payments, or enable communication between you and Dashlane. We review the security and data privacy practices of all such service providers to ensure that they comply with all applicable laws and this Policy. We have Data Processing Addenda in place with all service providers who access Personal Data of EU users. Secured Data stored by our data hosting provider is encrypted at all times as described above.
• Affiliates. This Policy applies to all entities that are owned by, or under common control with, Dashlane, Inc. (“Affiliates”). We share Personal Data among Affiliates as required to provide the Services and respond to requests. Certain Affiliates are located in the United States, where privacy and related laws are not deemed adequate by European regulators to hold and protect the Personal Data of EU residents. To offer the levels of protection required by European law, we have Data Processing Addenda or equivalent documents in in place among our EU and US Affiliates, in addition to the other measures indicated below.
• Corporate Restructuring. If Dashlane or its business or assets are acquired by, or merged into, another company, that company will possess any Personal Data in our possession at such time, and will assume our rights and obligations under this Policy. Accordingly, we may share Personal Data in connection with or during negotiation of any such transaction. Personal Data and other information may also be transferred as a business asset in the event of Dashlane’s insolvency, bankruptcy, or receivership.
• Other Disclosures. Regardless of your choices regarding Personal Data, Dashlane may disclose your Personal Data (a) where required to comply with applicable laws or governmental orders; (b) if we believe in good faith that it is necessary to protect the rights or property of Dashlane or other users of the Services, including in investigating any violation or potential violation of the law, this Policy, or our Terms.
6. Data Security and International Transfer
We strive to protect the safety and security of all data in our possession, including Personal Data, through a variety of means, and we continually work to improve and update these practices. However, we cannot and do not guarantee the security of Personal Data we process. As noted elsewhere in this Policy, Personal Data may be transferred to jurisdictions with less strict privacy and related regulations than those in your home country, including the U.S., but we employ technical and other measures that comply with EU regulations to protect Personal Data when processed in the U.S.
a. We use robust physical, organizational, technical, and administrative measures to safeguard Personal Data, and we regularly re-assess and revise our policies and practices to improve security. While we go to great lengths to protect your Personal Data, no method of data transmission or storage is totally secure; therefore, we cannot guarantee the security of Personal Data in our control. If you believe that any of your Personal Data may have been compromised by us or the use of the Services, please contact us immediately at firstname.lastname@example.org.
b. Your information, including Personal Data that we collect from you, may be transferred to, stored at and processed by us, our Affiliates and service providers outside your home country, including in the United States, where data protection and privacy regulations may not offer the same protections as in other parts of the world. When we do so, we will take the steps described in this Policy, including Sections 5 and 10, which are designed to ensure that all Personal Data we or our vendors process (regardless of where it originates) is handled as required by the EU. By using the Services, you agree to the transfer, storing or processing of your data in accordance with this Policy.
7. How Can You Control Your Data?
You can edit your Personal Data via the “Settings” sections of the Apps. If you currently receive marketing emails and no longer wish to do so, you may unsubscribe from within any such email. Even if you do so, we will still send you operational and transactional emails (i.e., renewal notices). Uninstalling Apps from your devices will remove all data associated with the Apps.
a. Changing Your Information. You can access and modify Personal Data associated with your Account through the “Settings” or equivalent portions of the Apps. Contact us at email@example.com if you need assistance with this.
b. Email Communications. With your consent, we will periodically send you emails promoting the use of the Services, including tips on using the Apps. You can opt-out of these emails by following the unsubscribe instructions included in each email. You may also request removal by writing firstname.lastname@example.org. Note that unsubscribing from marketing communications will not affect operational and transactional communications, including breach notices from within the Apps, renewal emails, etc.
c. Applications. You can stop all collection of information by an App by uninstalling that App. You may use the standard uninstall processes available as part of your desktop or mobile device or via the mobile application marketplace or network.
8. Your Rights Regarding Personal Data (EU Users Only)
The GDPR grants EU residents certain rights regarding their Personal Data, including the right to access and modify Personal Data held by providers, and to have providers “forget” Personal Data that is no longer relevant. In many cases, you may exercise these rights from within the Services, but you may always contact us to do so as well. Please include information about which rights you are seeking to exercise if you contact us. We may need to verify your identity before fulfilling your request.
a. You have the following rights with respect to your Personal Data that we process:
• Withdraw Consent: You may withdraw your consent to our processing of your Personal Data, in whole or in part (i.e., for marketing purposes). Certain Services may be ineffective upon opt out.
• Access: You may access the Personal Data we hold about you at any time via your Account or by contacting us directly.
• Modification: You may modify the Personal Data we hold about you at any time via your Account or by contacting us directly.
• Erase and Forget. In certain situations, for example when the Personal Data we hold about you is no longer relevant or accurate, you can request that we erase your Personal Data.
• Portability: you may request a copy of your Personal Data and may always move it to other entities as you desire.
b. If you wish to exercise any of these rights, please contact us at email@example.com or as set forth below. In your request, please make clear: (i) what Personal Data is concerned; and (ii) which of the above rights you would like to enforce. For your protection, we may only implement requests with respect to the Personal Data associated with the email address you send your request from, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable, but in any event within thirty (30) days of your request. We may need to retain certain information for recordkeeping purposes or to complete any transactions that you began prior to requesting such change or deletion.
9. Contact Information; Complaints
If you have questions, concerns, or complaints about this Policy or our data collection or processing practices, or if you want to report any security violations, please contact us at support@Dashlane.com or by writing the address below:
156 Fifth Avenue, Suite 504
New York, NY 10010
EU Users Only. We hope to promptly resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, you may always contact your local data protection supervisory authority, a list of which is available here:
10. Privacy Shield
Dashlane has self-certified with the U.S. Department of Commerce that we comply with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, which provide for certain protections regarding Personal Data of citizens of these jurisdictions.
a. Dashlane complies with the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EU and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles (as defined by the Department of Commerce). If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles will take precedence. To learn more about the Privacy Shield program, the Privacy Shield Principles and to view our certification, please visit
b. As described in the Privacy Shield Principles, Dashlane is responsible for Personal Data that it receives and subsequently transfers to third parties. If third parties that process Personal Data for us do so in a manner that does not comply with the Privacy Shield Principles, we are responsible for such failure, unless we prove that we are not responsible for the event giving rise to the damage.
c. In compliance with the Privacy Shield Principles, Dashlane commits to resolve complaints about our collection or use of your Personal Data. EU or Swiss individuals with inquiries or complaints regarding this Policy should first contact us at firstname.lastname@example.org.
d. Dashlane has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit
www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. JAMS’ services are provided at no cost to you.
e. As further explained in the Privacy Shield Principles, binding arbitration before a Privacy Shield Panel will also be made available to you in order to address residual complaints not resolved by any other means. Dashlane is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
11. Employee Personal Data
Dashlane commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel regarding human resources data transferred from the EU in the context of the employment relationship. Please contact us to be directed to the relevant DPA contacts.