ngrok Privacy Policy

Last updated on April 1, 2022

ngrok, Inc. (referred to here as “we” or “ngrok") created this Privacy Policy (this “Policy”) to inform users of the services ngrok provides (collectively referred to in this Policy as “customers” or “you”), including the ngrok.com website (the "Site"), the ngrok tunneling service (the “Proxy Service”), the downloadable ngrok agent software (the “Agent”), and any other software or services offered by ngrok in connection with any of the above services, such as the ngrok Account Management Dashboard and the ngrok API (collectively, the "ngrok Services" or the "Services") and to inform you of our practices regarding how we collect, use, and share your personal information and how you can exercise your privacy rights.

This Policy is incorporated into our Terms of Use located at https://ngrok.com/tos (the “Terms of Use”). We may update this Policy from time to time, as specified in the “Changes to This Policy” section below.

This Policy covers personal information we process when you visit our Site, when you register for or otherwise access or use the other ngrok Services, and in the usual course of business, such as in connection with our sales and marketing activities.

This Privacy Policy does not apply to sites, products, or services that display or link to different privacy policies.

PERSONAL INFORMATION WE COLLECT

The information we collect depends on the way in which you interact with ngrok, the choices you make (including your privacy settings), the Services and features you use, your location, and applicable law.

When you are asked to provide personal information, you may decline. But if you choose not to provide information that is necessary to provide certain Services, those Services may not be available or may not function completely or correctly.

Information We Collect Automatically

When you visit the Site or otherwise engage with us outside of the Services

When you visit the Site we gather certain technical information from your browser or device automatically and may store it internally or with various third-party analytics providers. To the extent that this automatically-collected data is personal information as defined in your jurisdiction, we will treat the data as personal information in accordance with this Policy.

This information we collect includes:

Geolocation data. To the extent such data is determinable from your IP address.
Identifiers and device information. Such as your device’s operating system, device identifier and other device information, user agent string, Internet Protocol (IP) address, access times, browser type, and log data detailing your interactions with our Site.
Information collected through social media and other platforms. We receive information about you when you engage with us through various third party platforms, for example, by liking us on Facebook, connecting on LinkedIn or GitHub, or following us on Twitter or Instagram. The data we exchange with these third party platforms may depend upon your privacy settings with these platforms. We are not responsible for the data protection and use practices of these third party platforms. Please see their privacy policies to learn how they use your information.

When you use the Agent and the Proxy Service

When you use the ngrok Agent to establish network access via the ngrok Proxy Service, we collect certain information from the environment where the Agent is running and from connections through the Proxy Service. This information includes:

The IP address of the network within which you are running the ngrok Agent
Details about the machine on which the ngrok Agent is running, including but not limited to its operating system and CPU architecture, and anonymized information about the hardware and software environment
The IP addresses of connections through the Proxy Service

When you use the ngrok Services other than the ngrok Agent and the Proxy Service

When you use the ngrok Services other than the ngrok Agent and the Proxy Service, we collect certain information from your browser or device automatically including:

IP addresses of all requests
Your HTTP client user agent

Information You Provide to Us

When you visit the Site or otherwise engage with us outside of the Services

Certain parts of our Site may ask you to provide personal information voluntarily. We collect and store personal information that you directly provide us through our Site, including when establishing an account, through interactions on social media, application for a job, when downloading information from our Site, and at events and via other sales and marketing activities. We will collect certain personal information so that we may fulfill your request or contact you in connection with our sales and marketing activities in accordance with your stated marketing preferences. Information we collect includes:

Contact information. Such as your name, email address, phone number, mailing address, and billing address.
Communications content. Including any data you enter into any open text fields (for example, in web forms or chat), and communications with us on social media and other platforms (like GitHub and Twitter), through phone, or messaging services (like Slack).

When you use the Agent and the Proxy Service

When we receive connections to the Proxy Service we transmit all data received by the Proxy Service (the “Proxied Data”) to the destination you’ve configured. Such Proxied Data may include personal information should you choose to include it.

We are not able to view the Proxied Data if it is encrypted before it reaches the Proxy Service and decrypted after it passes through the Proxy Service. When the Proxy Service receives unencrypted information, or when you configure the Proxy Service or the Agent to handle encryption and decryption on your behalf, we only process the Proxied Data in compliance with your configuration.

When you use the ngrok Account Management Dashboard or the ngrok API

You may provide us with information such as:

Account information: such as your email address or username and password when you sign up for an account;
Configuration data: such as domain names, IP addresses, and various authentication keys; and
Payment data: such as your payment card number, expiration date, CVV code and billing address, and your tax ID if applicable (please note that your payment card information is transmitted directly to our third-party payment processors; we only store the last four digits of your payment card number and your billing address for later reference).

When you use the ngrok Services

You may provide certain personal information to us through the use of the ngrok Services, for example, when you register for a ngrok account to access and use the Services, interact with customer support, or send us an email or communicate with us in any way. Personal information we collect may include:

Business contact information: such as your name, job title, organization, phone number, email address, and country;
Demographic data: your job title, company name, city, state, and country;
Marketing information: such as your contact preferences; and
Support data: such as personal information you provide or we otherwise access in connection with support queries we receive from you.

Information We Collect from Third Parties

Information we receive from affiliates or partners We may occasionally receive your personal information from third parties including our affiliates, marketing, and research partners. The types of information we collect from third parties may include contact information, demographic data, content, and employment affiliation. These third parties may enrich our data concerning you with additional personal information, based on personal information in our possession which we provided to them for this purpose.

Information we receive when you add a third-party integration

Also, if you integrate or link a third party service with our Services, we may receive personal information about you from that third party based on the permissions you established with such third party service, and that third party's privacy practices.

The types of information we collect from third parties may include contact information, demographic data, and content. For example, we may obtain information from a third party in response to a request for user authentication. We use this information to maintain and improve the accuracy of the records we hold about you, identify new customers, and provide a more tailored advertising experience. We may combine this information with other information we collect about you through our Site and other Services.

USE OF PERSONAL INFORMATION

ngrok uses personal information for the following business purposes identified below.

Providing the Services. We process your personal information to provide, maintain, and improve the ngrok Services.
Communicating with you about the Services. We may send you service and technical emails and other types of notifications (for example, product updates and improvements) as part of administering and providing the ngrok Services. In most cases you cannot opt out of these communications but if an opt-out is available, the communication will provide instructions to opt out.
Providing necessary functionality. We process your personal information in order to provide you with the necessary functionality required during your use of the ngrok Services.
Transmitting Proxied Data. To the extent Proxied Data includes personal information, we process it as described in the section “PERSONAL INFORMATION WE COLLECT” above.
To facilitate transactions. We process your personal information to complete transactions, and send you related information, including purchase confirmations and invoices, to perform our agreement with you.
Handling contact and support requests: If you request support, or if you contact us by other means including via a phone call, we process your personal information to perform our agreement with you, or (if we have not entered into an agreement with you) to the extent it is necessary to fulfill your requests and communicate with you.
Administering Events. We process your personal information to plan and host events or webinars for which you have registered or that you attend, including sending related communications, billing, registration and connecting you with other event attendees.
Developing and improving our Site and other Services. We process your personal information to analyze trends and to track your usage of and interactions with our Site, the other Services, and our marketing activities to the extent it is necessary for us to develop, improve and troubleshoot, and to provide you with more relevant content and service offerings, or in reliance on your consent.
Sending marketing communications. We will process your personal information for marketing purposes in accordance with your stated preferences, such as to communicate with you via email, SMS, or telephone about services, features, surveys, newsletters, promotions or events we think may be of interest to you. Please see the "Your Privacy Rights" section below, to learn how you can control the processing of your personal information for marketing purposes.
Displaying personalized advertisements and content. We process your personal information to conduct marketing research, advertise to you, provide personalized information about us on and off our Site and to provide other personalized content based upon your activities and interests to the extent it is necessary to support our marketing activities or advertise the ngrok Services or, where necessary, to the extent you have provided your prior consent. Please see the "Your Choices About Personal Information" section below for information about how you can control the processing of your personal information for personalized advertising purposes.
Promoting the security of our Services. We process your personal information to the extent necessary to promote the safety and security of our Services, to investigate and prevent fraudulent transactions, unauthorized access to the Services, and other unauthorized and/or illegal activities.
For our related business purposes. We process your personal information for data analysis, audits, fraud monitoring and prevention, developing new products and features, enhancing, improving or modifying our products and services, identifying usage trends and expanding our business activities.
Complying with legal obligations. We process your personal information when cooperating with government authorities in accordance with our legal obligations to the extent this requires the processing or disclosure of personal information to protect our rights or is necessary to protect against misuse of the ngrok Services, to protect personal property or safety, to pursue remedies available to us and limit our damages, to comply with court or other legal orders, or to respond to lawful requests.
Reviewing compliance with applicable usage terms. We process your personal information to review compliance with our agreement with you or your organization.
Other purposes: We collect and process personal information about you, as necessary to provide the ngrok Services, operate the Site and our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other interests as described in this Policy and in our notices to you. We will process your personal information for other purposes about which we notify you in advance, or for which we receive your consent to the extent such consent is required by applicable law.

SHARING PERSONAL INFORMATION

We may disclose your personal information to the following categories of recipients:

Third party vendors and other service providers. We may share your personal information with our third party vendors and service providers that we use to provide services such as support ticket portals, secure transfer software, cloud hosting, marketing automation platforms, project management tools, registration services, learning management services, collaboration and communication tools, and data backup services.
Business transfers. We may share your personal information with third parties in connection with a company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business or assets by another company or third party, or in the event of a bankruptcy, dissolution, or related or similar proceedings.
Compliance with laws. We may share your personal information as required by law, subpoena, or other court or government agency order or if we reasonably believe that such action is necessary to comply with the law or the reasonable requests of law enforcement or other government agencies.
Security, safety, and protection of rights. We may share your personal information with third parties, including companies and government agencies, to enforce our Terms of Use or other agreements, to protect the security or integrity of our Services, or to exercise or protect the rights, property, or personal safety of ngrok, our customers, users, or others.
Advertising partners. We may partner with third party advertising networks, exchanges and social media platforms to display advertising on our Site or to manage and service advertising on other sites and we may share personal information with them for this purpose. Please see the section below titled “Cookies and Similar Technologies” for more information.
Third parties generally. In order to dissuade abuse, we may also include the ngrok Agent’s origin IP address in the response to all HTTP requests transmitted via the Proxy Service to that instance of the ngrok Agent. Any third party making a request through the Proxy Service will have access to that IP address.

To the extent that processing of your personal information may also take place outside the EU or EEA in third countries without an adequacy decision, there is a risk that authorities in those third countries may access the personal information for security and monitoring purposes without you being informed or being able to seek redress. To ensure an adequate level of data protection when transferring your data to such recipients, ngrok ensures to conclude standard contractual clauses of the European Commission pursuant to Art. 46 (2) (c) of the GDPR in connection with further technical measures with these recipients. We will be happy to provide you with more specific information on this via the contact details below.

STORING PERSONAL INFORMATION

Storage and processing. Information collected through the Site and other ngrok Services may be stored and processed in any country in which ngrok or its service providers maintain facilities, including the United States, countries within the European Union, and your country. We use practices designed to ensure that the data we collect under this Policy is processed according to the provisions of this Policy and applicable law wherever the data is located.
Retention. We retain personal information for as long as we have an ongoing legitimate business need to do so. We also retain personal information as needed to maintain appropriate business and financial records, protect our legal interests, resolve disputes, or comply with legal or regulatory requirements.

SECURITY

ngrok uses practices intended to protect personal information from loss, misuse and unauthorized access, disclosure, alteration, or destruction, whether in transmission or storage. Please keep in mind, however, that we do not and cannot guarantee security, and no Internet transmission is ever completely secure or error-free. You are responsible for maintaining the confidentiality of your account information, including any user name and password you use.

For additional information regarding our security practices please see https://ngrok.com/security.

YOUR CHOICES ABOUT PERSONAL INFORMATION

Communications Preferences

We would like to keep in contact with you in ways that you find helpful. If you do not want us to use your contact information to communicate with you for promotional purposes, please tell us that when you provide your contact information. You can also let us know your preference later by clicking on this link https://dashboard.ngrok.com/user and following the instructions on that page, by contacting us as specified in the “Contacting Us” section below, by accessing your account, or by following the instructions in various communications that we may send you. Keep in mind that if you opt out of receiving promotional communications, we may still send you transactional communications (for example, non-promotional emails such as technical or security notices). The preceding rights may depend on your location and your jurisdiction. We will respond to your requests within the appropriate time frames required by applicable law.

California Consumer Privacy Rights

The California Consumer Privacy Act (“CCPA”), provides California residents with the following rights:

Right to know and right to delete. You have a right to request that we inform you as to what personal information about you we collect, use, disclose, and sell. Much of the information about categories of data is already included in this Policy. You also have a right to request that we delete certain data we have about you. You may make such a “request to know” or “request to delete” your personal information (subject to our verification of your identity and a number of exceptions) by contacting us at support@ngrok.com.
Right not to receive discriminatory treatment. You have a right not to receive discriminatory treatment for the exercise of your rights under the CCPA.
Right to opt out of the “sale” of personal information. You may also have the right to opt out of the sale of your personal information. ngrok does not sell information for money. However, making a California resident’s personal information (which may include IP addresses and device IDs) available to third parties as described in this Policy, even if no money is exchanged, may be considered a “sale” under the CCPA, given its broad definition of "sale."

If you are a California resident seeking to exercise your CCPA rights, or if you are an authorized agent wishing to exercise CCPA rights on behalf of someone else, please email us at support@ngrok.com. Please note that to protect your personal information, we may verify your identity by a method appropriate to the type of request you are making.

ADDITIONAL DISCLOSURES FOR CALIFORNIA CONSUMERS

California law requires us to provide California consumers with certain additional information regarding how we collect, use, and share your "personal information" (as defined in the CCPA). Throughout this Policy, we discuss in detail the specific pieces of information we collect from you or your device and discuss how we use and share such information.

The categories and sources of personal information we may collect are described in the “Personal Information We Collect” section of this Policy. The business and commercial purposes for which we collect this information are described in the “Use of Personal Information” section of this Privacy Policy. The categories of third parties to whom we disclose this information for a business purpose are described in the “Sharing Personal Information” section of this Policy.

COOKIES AND SIMILAR TECHNOLOGIES

We use cookies, web beacons, mobile analytics, and similar technologies to operate our Site and other Services and to help collect data, including other identifiers and device information and usage data.

A cookie is a small bit of text that we and others return to your browser in response to requests made to our Services. The text is stored and returned to our Services automatically within subsequent requests. The text in a cookie may consist of a random string of numbers and letters that uniquely identifies your device or your logged-in account, but it may contain other information as well. Our Site and other Services may use both session cookies and persistent cookies. A session cookie enables certain features of the Services and is usually deleted from your computer when you close and restart your browser. A persistent cookie remains after you close your browser and may be returned to our servers on subsequent visits to the Site or use of the Services.

We and others may collect information using Web beacons. Web beacons are electronic images that may be used on our Site or other Services or in our emails. When your web browser loads a page that contains a web beacon, it automatically connects to the web server that hosts the image (typically controlled by a third party). This connection allows that web server to log information about your device and to set and read that web server’s own cookies. In the same way, accessing third party content on our Site (such as embedded videos, plug-ins, or ads) may result in your browser connecting to the third party’s web server hosting the content. We may include web beacons in our email messages or newsletters to tell us if you open and act on them.

We, and our analytics and advertising partners, use these and other technologies on our Site and other Services to collect personal information (such as the information in cookies we and our partners store in your browser or the IP address of your device) when you use our Site or other Services. When your browser or application connects to a third party analytics or advertising partner, that third party may collect information about your online activities over time and across different websites or online services via the use of persistent cookies. They can also create inferences about you from this information.

Third Party Cookie Controls

The third party analytics, support partners, and marketing providers we use with respect to our Site and other Services include:

Google Tag Manager for analytics and marketing purposes (to learn more see https://www.google.com/policies/privacy/partners).
Google Analytics for analytics (to learn more see https://www.google.com/policies/privacy/partners and to opt-out visit https://tools.google.com/dlpage/gaoptout).
Hubspot for analytics and marketing purposes (to learn more, including how to opt out, see https://legal.hubspot.com/privacy-policy)
Segment for analytics and marketing purposes (to learn more, including how to opt out, see https://segment.com/legal/privacy/)
Olark for support chat and marketing purposes (to learn more, including how to opt out, please visit https://www.olark.com/privacy-policy)

Some of these companies are also members of associations that provide a simple way to opt out of analytics and ad targeting, which you can access at:

United States: NAI (https://www.networkadvertising.org/managing/opt_out.aspx) and DAA (https://www.aboutads.info/choices/)
Canada: Digital Advertising Alliance of Canada (https://youradchoices.ca/)

Web Browser Cookie Controls

Most web browsers are configured to accept cookies by default. If you prefer, you can adjust your browser settings to instruct your web browser not to accept cookies. You may also be able to use your browser’s settings to delete specific cookies. If your browser is set to refuse all cookies, this could affect certain features of our Site or other Services. Similarly, if you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, may be deleted.

Email Web Beacons

You can disable web beacons in email messages by changing the settings in your email application to prevent the automatic downloading of images.

Do Not Track

Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our Site and other Services do not currently respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described above.

Note that if you make the choices described above, some personal information may still be collected by our partners to help us perform analytics and advertising-related functions. If you access the opt out page (or settings) from other devices or browsers, you will need to revisit those pages or settings to opt out from those other devices or browsers. Additionally, making these choices will not opt you out of the use of previously collected personal information or all interest-based advertising.

CHANGES TO THIS POLICY

This Policy may be revised from time to time. If this Policy changes, the revised policy will include a new effective date, and we will notify you of such changes by posting the revised policy on this page. Please be sure to check the Policy whenever you submit personal information or use our website. If we make any material changes to this Policy, we will provide you with additional notice or obtain consent to the extent required by applicable law.

CONTACTING US

If you have any questions, complaints, or concerns about how your information is handled, please email us at support@ngrok.com. You can also contact us at our physical address which is 237 A St #26741, San Diego, CA, 92101, USA.

To view the previous version of ngrok’s Privacy Policy, click the link below.