Privacy Policy

Last Updated: Mar 1, 2024

This Privacy Policy (“Policy”) applies to all products, services, and content offered by Wallwisher, Inc. DBA Padlet (“Padlet,” “we,” “us,” “our,” and our subsidiaries, affiliates, or holding company). For EU residents, when handling your information, Padlet may be acting as both a Controller and a Processor as those terms are defined under the European Union’s General Data Protection Regulation (“GDPR”). For California residents, when handling your information, Padlet shall act as a Service Provider under the California Consumer Privacy Act.

Overview

Padlet takes user privacy seriously. This Policy describes how we handle information collected in relation to access and use of padlet.com (the “Site”), our mobile and desktop applications (the “App”), browser extensions, blog, and related products and services (collectively, the “Service”). When you access or use the Service, you are deemed to consent to the collection, use, retention, transfer, structuring, manipulation, storage, transmission and/or disclosure (collectively, “processing”) of your information as described in this Policy and in accordance with applicable laws.

This Policy does not govern what our users do on their own padlets (i.e. custom pages that people make using the Service). When you visit a padlet page created by another Padlet user, that page may collect more information than we do and may provide information to third parties that we have no relationship with. We request you use discretion when sharing personal information on padlet pages created by other users.

This Policy also does not apply to websites or services you might access through links or other features (e.g., YouTube videos, Twitter buttons) on the Service. These other services have their own privacy policies, and we encourage you to review them before providing them with personal information.

Information you give us

We may ask for and collect the following personal information about you when you use the Service. This information is necessary for the adequate performance of the contract between you and us, for our legitimate interest in being able to provide and improve the Service, and to allow us to comply with our legal obligations. Without it, we may not be able to provide the Service as intended. We do not collect any other categories of personal data aside from those listed below. We only use the information for the purposes stated in this Policy.

Account and Profile Information

When you create an account on a Padlet Service (an “Account”), we require you to provide us information such as your username, password, and email address. This information is used for confirming your identity and providing access to the Service.

You can also provide us your photo, your name, and a short bio, so other users can better identify you when you collaborate with them. This is optional and is not necessary for you to use the Service. It does, however, allow us to personalize your experience. As a user with a Padlet account on padlet.com, you will have a publicly accessible profile where your photo, name, username, and bio will be visible. We do not expose your email address to the public. If you are using our Schools and Business products, your profile is not public.

Contact Information

When you contact us via our chat and email channels, you may provide us, in addition to the content of your message, your name and email address. If you call our support hotline, you provide us your phone number and any information you choose to provide us in relation to your inquiry. When you contact us for support or feedback, your information is used solely to respond to your request. We do not use your information for marketing.

Information About Your Accounts on Third-Party Services

Padlet provides the ability to log in to the Service using your Google, Facebook, or Microsoft account. If you authenticate yourself using any of these services, you grant us access to your email address, and, if available, your name, photo, and username associated with them. We do not receive your password.

Information Posted on Padlets (User content)

Users can create padlets where they and other users can contribute, i.e., post content. This content (“user content”) may include text, images, videos, audio, documents, files, links from the web, drawings, and maps.

The administrators of a padlet (the creator and other users appointed as such by the creator) can choose its privacy — private, password protected, members only, secret, public, org-wide. The privacy of your user content is dependent on the privacy of the padlet.

Private: Only registered Padlet users invited to the padlet can view content.

Password protected: People who have the password to the padlet can also view content.

Secret: People who have the link to the padlet can view content.

Members only (only available in Personal plans): People who are logged in to Padlet can view content.

Public (only available in Personal plans): Your content is public on the internet.

Org wide (Only available in Schools and Business plans): People in the same school or company can view content.

If you are contributing to a padlet, we advise you to exercise caution when sharing personal information regardless of the privacy level. The administrators of a padlet can change its privacy at any time; a padlet you thought was private today may become totally public tomorrow.

Public padlets give us, Padlet, the right to view, share, and promote the content on them.

Precise Location Information

We let users easily add maps to padlets. When adding a map, users can choose to add a map of their current location. Should a user choose to do so, we may request a one-time access to the user’s precise location (correct to 10 meters). The location is used only to generate the map that one time. We do not store or track your device location on an ongoing basis.

Payment Information

When you use a service that requires payment, we collect your name, email, and credit card information for the purpose of billing and charging you. Your payment information is stored in a PCI compliant way.

Information We Track Automatically

When you use the Service, we may automatically collect information, including personal information, about you and how you use the Service. This information is necessary for the adequate performance of the contract between you and us, to enable us to comply with legal obligations and given our legitimate interest in being able to provide and improve the Service.

If you use Padlet on different devices, we may associate and combine the information we collect from those different devices to help us provide a consistent service across your different devices. If we do combine any automatically-collected information with personal information, we will treat the combined information as personal information, and it will be protected as per this Policy.

Information Collected Using Cookies

Cookies are data that a website can store on a user’s web browser for a duration of time. Every website stores its own set of cookies and, by design, one website cannot read the cookies of another website.

Padlet’s cookies are used to:

  • authenticate users
  • keep users logged in while they use the Service
  • remember user preferences (e.g. timezone)

When you share links to external services on Padlet, e.g. YouTube, those services may store cookies on your browser too. We have no control over the cookies they store and what they do with them.

We collect device-specific information such as:

  • device brand, version, and type (e.g. Samsung Galaxy S9 Cellphone)
  • operating system and version (e.g. Android 8.0)
  • browser type and version (e.g. Chrome 63.0)
  • screen size and resolution (e.g. 375px wide retina screen)

This helps us measure how the Service is performing, improve Padlet for you on your particular device, and send you push notifications if you’ve opted in to receive them. You can opt out of the notifications any time from your Account Settings page.

We collect information about how people use the Service. This information includes general usage information, and may include information such as which pages or features of the Service the users have visited and which links on the Service they have clicked on.

We use this information to show meaningful analytics to Padlet users like how many times their content has been viewed by others. We do not track the identity of the visitors.

We may also use some of this information in aggregate form, that is, as a statistical measure related to all of our users that would not identify you personally to improve and enhance your experience on the Service. We, under no circumstances, sell or share this data with others.

An IP address is an address assigned to any device connected to the Internet. Depending on where you are, your IP address can be unique to your computer, or shared among many devices. An IP address can be used to locate the device it is assigned to, and in turn the user using it.

When you use the Service, we collect your IP address for:

  • detecting and preventing child sexual abuse material (CSAM)
  • detecting your country or state for tax purposes if you purchase a membership. We do not store the IP address in this case

We do not store your IP address anywhere on our service for longer than 30 days after your visit.

How Long We Retain Information

Padlet will keep information for as long as necessary to provide the Service under our Terms and Conditions and other relevant agreements between you and Padlet. We will also retain information so as to fulfill any legal requirement to which we are subject to, e.g. trade, tax, and employment law. We will discard personal information when:

  • the data subject withdraws consent to processing,
  • our contractual obligations have been fully performed and cannot be performed to any further extent, or
  • the personal information is obsolete.

We will also not keep any information the processing of which has been objected to, or for which a request for erasure has been made, beyond the legally required timeframe to complete such a request (usually 30 days).

Whom Do We Share the Collected Information With?

First and foremost, you should know that Padlet does not sell or rent your personal information to any third party for any purpose, including marketing, advertising or profiling. Padlet also does not display any traditional, contextual or personalized advertisements.

We share information we collect from you under the limited circumstances set forth below:

Information Shared With the Public Through the Service

All registered users on padlet.com have a public profile (e.g. https://padlet.com/doodlebug). The profile has the user’s profile photo, name, username, bio, and their public padlets.

These profiles are accessible to and searchable by all Padlet users. These profiles may also be indexed by search engines like Google and Bing.

Any content you post on a public padlet is also indexable by search engines and, as such, is open to the public.

If you have bought a school or business account, the above does not apply as those accounts are not public.

Information Shared With Other Padlet Users Through the Service

When you collaborate with other people, they can see your profile photo, name, and username.

Information Shared With Service Providers in Order to Operate and Improve the Services

We work with third-party vendors, service providers, and other partners to help us provide the Service by performing tasks on our behalf.

These providers have limited access to your personal information to perform these tasks, and are contractually bound to protect and use it only for the purpose for which it was disclosed and consistent with this Policy. Padlet has also entered into Data Processing Agreements with parties who process personal data on our behalf or in connection with the use of the Padlet Service.

These service providers may be located inside or outside of the European Economic Area (“EEA”). We maintain the list of providers here.

Information Shared with Third Parties

We may share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and other de-identified or non-personally identifiable information, with users, partners, press, or other third-parties in order to, for example, demonstrate how Padlet is used, spot industry trends, or to provide marketing materials for Padlet. Any aggregated information and non-personalized information shared this way will not contain any personal information and cannot be used by third parties to re-identify you.

Information shared with AI service providers to operate the Services

AI service providers are used to provide content generation services on Padlet like the “I can’t draw” and “Magic Padlet” features; as well as content moderation services to ensure that Padlet remains a safe place for all users to collaborate on.

We share only necessary information with our AI service providers and do not use your personal data to train the AI. Padlet only works with AI partners that respect our privacy agreements and have similar log retention policies.

Padlet does not claim ownership on any content created by you using the AI features.

We may disclose personal information if necessary to comply with the law, such as complying with a subpoena or other legal process. We may need to disclose personal information where, in good faith, we think it is necessary to protect the rights, property, or safety of Padlet, our employees, our community, or others, or to prevent violations of our Terms of Service or other agreements. This includes, without limitation, exchanging information with other companies and organizations for fraud protection or responding to law enforcement and government requests.

Where appropriate, we may notify users about the legal requests, unless (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law; (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon Padlet, or its users. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify that user about the request after the fact where appropriate and where we determine in good faith that we are no longer prevented from doing so.

Information Disclosed Pursuant to Business Transfers

Over time, Padlet may grow and reorganize. We may share your personal information with affiliates such as a parent company, subsidiaries, joint venture partners or other companies that we control or that are under common control with us, in which case we will require those companies to agree to use your personal information in a way that is consistent with this Policy.

In the event that all or a portion of Padlet or its assets are acquired by or merged with a third-party, personal information that we have collected from users would be one of the assets transferred to or acquired by that third-party. This Policy will continue to apply to your information, and any acquirer would only be able to handle your personal information as per this Policy (unless you give consent to a new policy). We will provide you with notice of an acquisition within 30 days following the completion of such a transaction, by posting on our homepage, or by emailing you on your email address on file. If you do not consent to the use of your personal information by such a successor company, you may request its deletion from the company.

In the unlikely event that Padlet goes out of business, or files for bankruptcy, we will protect your personal information, and will not sell it to any third-party.

Information Shared to Enforce Content Policy

To make sure that all content on Padlet conforms to our Content Policy, we run all user content, no matter the privacy, through a series of automated checks. If any content is flagged to be in violation of our Content Policy, Padlet authorized personnel may look at it to determine the appropriate action to be taken against that content. This helps us keep the Service safe and appropriate for all users.

Information You Share with Third Party Services

You may access Third Party Services through the Service, for example by watching a YouTube video on a padlet. You may also choose to share information that you provide to us with Third Party Services (e.g., by posting your padlet to Twitter or Facebook). These services have their own privacy policies which we don’t govern. We encourage you to review them before providing them with personal information.

Other than the cases above, we will share your information only if we have your consent.

How We Secure Information

The security of your personal information is important to us. We maintain administrative, technical and physical safeguards to protect against loss, theft, unauthorized use, disclosure, or retrieval of personal information. You can check out our security page for more details.

If we learn of a security breach, we will attempt to notify you electronically (subject to any applicable laws) so that you can take appropriate protective steps; for example, we may post a notice on our Site or elsewhere on the Service, and email to your email address on file. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.

Deleting Your Account

You may delete your Account at any time. You can do so from your Account Settings page on the Site or the App or by sending us a request using our support page. If you email us, we may require sufficient identifying information to be able to determine that you own the account.

When you delete your account, we delete:

  • your profile information and any other content you provide in your profile (such as your name, username, password, email address, and profile photos)
  • all the padlets you have created and all the content posted on them, whether or not that content was created by you

We do not delete the user content you posted on padlets created by other users. It will continue to be on the platform, albeit anonymized (unless you shared personal information in the user content itself). Padlets are shared documents and the creator of the padlet is ultimately the owner of the content on it. It jeopardizes the contract between you and the padlet creator if you are allowed to delete content. If you shared a Google Doc with someone and they edited it, you wouldn’t want the edits to disappear if they deleted their account the following day.

We also do not delete non-identifiable aggregate information about your usage of the service.

We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, even after you update or delete personal information you have provided us from our Service, your personal information may be retained in our backup files, archives, and server logs for up to 30 days, unless legal obligations require us to retain them for longer periods of time.

Please be aware that deleting your Account may not fully remove all content you have published on our Service from search engine indexes (e.g. Google) and network caches. We cannot control the behavior of these entities.

Your Rights

You have the choice to request correction and/or deletion of personal information we process about you. You also have the right to opt out of any marketing messages or product notifications at any time even if you have given us your consent earlier. If you are a registered user, you can access and update most information associated with your Account by logging in to the Service and checking your Account Settings page.

Your GDPR Rights

Customers based in the European Union or the European Economic Area shall have the following data subject rights in line with the European Union General Data Protection Regulation:

  • Right to withdraw consent for processing of personal information at any time
  • Right to be forgotten or to require deletion or blocking personal data which is incorrect or which has been processed illegally
  • Right to restrict or object to certain types of processing of personal information
  • Right to demand the rectification of erroneous or incomplete personal information
  • Right to obtain a copy of personal information in a structured machine-readable format and, on request, to transmit personal data to other data controllers

Your California Privacy Rights

Under the California Consumer Privacy Act, you are entitled to a copy of the data you have provided to us by sending a mail to privacy@padlet.com.

Under California Civil Code sections 1798.83-1798.84, California residents have the right to request from us a list of all third parties to which we have disclosed personal information during the previous year for direct marketing purposes. Alternatively, the law stipulates that if a business entity maintains a privacy policy that provide users with an “opt-out” mechanism for use of personal information by third parties for their marketing purposes, the business entity may as an alternative provide you with information on how you may opt-out from the use of information by third parties for direct marketing purposes.

We have not shared your personal information with any third party for direct marketing purposes. Should you need this in writing, you can contact us via the information provided later in this Policy.

Padlet does not differentiate or discriminate how we treat our users whether they exercise their rights under the CCPA.

Data Privacy Framework

Padlet has certified to the U.S. Department of Commerce that Padlet adheres to (1) the EU-U.S. Data Privacy Framework with regard to the processing of personal information received from the European Union, (2) the UK Extension to the EU-U.S. Data Privacy Framework, with regard to the processing of personal information received from the United Kingdom (and Gibraltar), and to (3) the Swiss-U.S. Data Privacy Framework with regard to the processing of personal information received from Switzerland (the “DPF”). The Federal Trade Commission has jurisdiction over our compliance with the DPF.

We remain responsible for all the personal information we receive under the DPF and that we subsequently transfer to third parties acting as agents on our behalf if they process personal information in a manner inconsistent with the DPF principles, unless we prove we are not responsible for the event giving rise to the damage.

To view our DPF certification, please visit https://www.dataprivacyframework.gov/list. Padlet is registered under the name Wallwisher, Inc.

If you have any question about our practices in relation to our participation in the DPF, or should you have any complaint in that regard, we encourage you to contact us directly at privacy@padlet.com. Further contact information can be found at the end of this document. For any complaint that we cannot resolve directly, Padlet commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) (for personal information received under the EU-US DPF), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) (for personal information received under the UK Extension to the EU-US DPF), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) (for personal information received under the Swiss-US DPF).

You may, under certain conditions, invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. Please review Annex I of the DPF for additional information.

Changes to This Privacy Policy

We may amend this Privacy Policy from time to time. In case of major changes, we will notify users by email addresses provided to us.

If you don’t agree with any changes to the Privacy Policy, you may terminate your account. By continuing to use the Service after the revised Privacy Policy has become effective, you acknowledge that you accept and agree to the current version of the Privacy Policy.

Contact Us

If you have any questions, concerns, or complaints regarding this Policy or our data processing activities, please contact us by email at privacy@padlet.com or write to us at:

Wallwisher, Inc. 981 Mission St San Francisco, CA 94103

General Data Protection Regulation (GDPR) – European Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Padlet has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

  • by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
  • by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

UK General Data Protection Regulation (GDPR) - UK Representative

Pursuant to Article 27 of the UK GDPR, Padlet has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

  • by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/
  • by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom