Terms

Privacy

Privacy Notice

Data Processing Addendum

Global Applicant Privacy Notice

Cookie List

Privacy Program

Ethics and Compliance

Trust Center

Privacy Notice

Last updated: January 9, 2025

Fivetran Inc. ("Fivetran") respects your right to privacy. This Privacy Notice explains who we are, how we collect, store, share and use personal data about you, and how you can exercise your privacy rights. This Privacy Notice applies to personal data that we collect, including through our website at www.fivetran.com, within our product(s) and on other websites that Fivetran operates and that link to this Privacy Notice (collectively “Websites”).

If you have any questions or concerns about our use of your personal data, then please contact us using the contact details provided under the “How to contact us” heading at the bottom of this Privacy Notice.

What personal data does Fivetran collect and why?

Broad Categories of personal data collected:

Broad Categories Collected	Examples
Identifiers	Name, contact information, and other personal data that can directly or indirectly identify a user
Select Information in Customer Records	Name, contact information, and company information
Commercial Purchasing Information	Records of products and services purchased
Internet or Network Activity	Browsing history, search history, and information regarding a user’s interaction with an Internet Website, application, or advertisement.
Information Typically Detected by Senses	Audio information (call recordings)
Employment Information	Role, title, and other relevant employer information
Inferences Drawn from other Personal Data	Buying intent and other relevant information to market or provide the services

The personal data that we may collect about you broadly falls into the following categories of sources:

Information that you provide voluntarily
Certain parts of our Websites may ask you to provide personal data voluntarily; for example, we may ask you to provide your contact details in order to register an account with us, for technical support, to subscribe to marketing communications from us, to register for an event, to access content, and/or to submit inquiries to us. The personal data that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal data.
Information that we collect automatically
When you visit our Websites, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal data under applicable data protection laws.

Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Websites, including the pages accessed and links clicked.

Collecting this information enables us to better understand the visitors who come to our Websites, where they come from, and what content on our Websites is of interest to them. We use this information for internal analytics purposes and to improve the quality and relevance of our Websites to our visitors.

Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology” below. When you use our products and services, we may collect certain information automatically in order to provide our products and services, to improve our products and services, to investigate potential security issues, and to prevent fraud or misuse of our products and services. When you communicate with us, we may also automatically collect information related to our correspondence with you, such as emails and text messages sent or received.

Information that we obtain from third party sources
From time to time, we may receive personal data about you from third-party sources– including, but not limited to, lead generation providers, partners, content syndication providers, third-party enrichment tools, and meeting maker vendors–but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal data to us.

The types of information we collect from third parties—including, but not limited to, name, contact information, title and/or role within your organization, internet activity, and company data–is used to market our services to you.

Sensitive Personal Data

We may collect sensitive personal data, or special category personal data, from customers as a part of providing our services. We do not use sensitive personal data for any other commercial purpose, we do not sell sensitive personal data, and we do not share sensitive personal data for online advertising.

Who does Fivetran share my personal data with?

We may disclose your personal data to the following categories of recipients:

To our group companies and third-party services providers who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Websites), or who otherwise process personal data for purposes that are described in this Privacy Notice or notified to you when we collect your personal data. A list of our current subprocessors is available here https://fivetran.com/docs/security/subprocessors.
To our partners, to assist in (i) selling or distributing our products and services where information may be shared for the purpose of identifying prospective customers or opportunities or facilitating and managing partner relationships; or (ii) engaging in joint marketing activities where information may be shared for the purpose of organizing or sponsoring an event to which you have registered, enabling them to contact you about the event or their services where they have a lawful basis to do so, such as your consent, where required by applicable law. Sharing excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties. Fivetran will not share data from Google APIs with third party tools, such as AI models.
To any competent law enforcement body, regulator, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
To an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal data only for the purposes disclosed in this Privacy Notice.
To any other person with your consent to the disclosure.

Third parties we share with for a business purpose (in the last 12 months):

Broad Categories Collected	Types of third parties we share with
Identifiers	Group companies, service providers, and partners
Select Information in Customer Records	Group companies, service providers, and partners
Commercial Purchasing Information	Group companies, service providers, and partners
Internet or Network Activity	Group companies, service providers, and partners
Information Typically Detected by Senses	Group companies, service providers, and partners
Employment Information	Group companies, service providers, and partners
Inferences Drawn from other Personal Data	Group companies, service providers, and partners

Third parties we share with for a commercial purpose (including sale/online advertising in the past 12 months):

Broad Categories Collected	Types of third parties we share with
Identifiers	Group companies, partners, and any other person with your consent
Select Information in Customer Records	Group companies, partners, and any other person with your consent
Commercial Purchasing Information	Group companies, partners, and any other person with your consent
Internet or Network Activity	Group companies, partners, and any other person with your consent
Information Typically Detected by Senses	Group companies, partners, and any other person with your consent
Employment Information	Group companies, partners, and any other person with your consent
Inferences Drawn from other Personal Data	Group companies, partners, and any other person with your consent

Fivetran has no actual knowledge that it sells or shares the personal information of individuals under 16 years of age.

Legal basis for processing personal data

Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.

However, we will normally collect personal data from you only (i) where we need the personal data to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.

If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not. Please note, if you choose not to provide the requested personal data the main consequences are that (i) we may not be able to provide services to you, and (ii) your experiences with our services and marketing efforts may be less personalized.

If we collect and use your personal data in reliance on our legitimate interests (or those of any third party), this will normally be to operate our platform and to communicate with you as necessary – for example, when responding to your queries, analyzing use of and improving our platform, undertaking marketing activities for existing customers as legally permitted, and detecting or preventing illegal activities. We may have other legitimate interests and we will make clear to you at the relevant time what those legitimate interests are. We rely on these legal bases to process data for the following purposes: to help provide the services (e.g. customer support and usage data) and to market our services to existing customers as legally permitted.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided under the “How to contact us” heading at the bottom of this notice.

Cookies and similar tracking technology

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Website owners can use cookies for a variety of reasons that can include enabling their websites to work (or work more efficiently), providing personalized content and advertising, and creating website analytics.

Cookies set by the website owner (in this case, Fivetran) are called "first-party cookies." Only the website owner can access the first-party cookies it sets. Cookies set by parties other than the website owner are called "third-party cookies.” Third-party cookies enable third-party features or functionality to be provided on or through the website (e.g. like advertising, interactive content, and social sharing). The parties that set these third-party cookies can recognize your device both when it visits the website in question and also when it visits other websites that have partnered with them. Please view our cookie list for more information on the third-party vendors we use at https://www.fivetran.com/cookie-list.

Fivetran may use web beacons, tags, flash cookies, HTML5, and scripts (“Data Tools”) in our Websites or emails to help deliver cookies, count visits, understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon. Fivetran may receive reports based on the use of these technologies by our service and analytics providers on an individual and aggregated basis.

If you want to learn more about cookies, or how to control, disable or delete them, please visit http://www.allaboutcookies.org for detailed guidance. For further information on how to manage flash cookies, please click here.

Why do we use cookies?

We use first-party and third-party cookies for several reasons. Some cookies are required for technical reasons that are strictly necessary for our Websites to operate, and we refer to these as "essential" cookies. Other cookies also enable us to provide website functionality, or to enhance visitors' experience on our Websites by providing them with personalized content and advertising. This is described in more detail below.

Cookies collect certain standard information that your browser sends to the Websites such as your browser type and language, access times, and the address of the website from which you arrived at a Website. They may also collect information about your Internet Protocol (IP) address, clickstream behavior (i.e. the pages you view, the links you click, and other actions you take when you use the Websites), and product information. These are called first-party cookies and they are essential to the Websites’ operation.

Fivetran may also contract with third-party advertising networks that collect non-personally identifiable information and personal data through the Websites, emails, and on third-party websites. Advertising networks follow your online activities over time by collecting usage data through Data Tools and use this information to provide advertisements about products and services tailored to your interests. You may see these advertisements on other websites. This process also helps us manage and track the effectiveness of Fivetran’s marketing efforts.

The Websites may include third-party social media features, such as the Facebook Like button, and third-party widgets, such as the ‘Share This’ button or interactive mini-programs that run on the Websites. These features may collect your IP address, which page you are visiting on the Websites, and set a cookie to enable the feature to function properly. Your interaction with these features is governed by the privacy policy of the third-party company providing such features.

We use third-party advertising companies to display ads on the Websites tailored to your individual interests based on your internet activity, as well as to provide advertising-related services such as ad delivery, reporting, attribution, analytics, and market research. You can manage your preferences with regards to the receipt of tailored advertisements in the cookie settings described under the “How can you control cookies?” heading below. Please note if third-party cookies are switched off, you will continue to see advertisements, but they will no longer be tailored to your interests.

The specific types of first-party and third-party cookies served through our Websites and the purposes they perform are described in our cookie settings page and in our cookie list at https://www.fivetran.com/cookie-list.

What about other tracking technologies, like web beacons?

Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are tiny graphics files that contain a unique identifier that enable us to recognize when someone has visited our Websites or opened an email that we have sent them. This allows us, for example, to monitor the traffic patterns of users from one page within our Websites to another, to deliver or communicate with cookies, to understand whether you have come to our Websites from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of email marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, which means declining cookies will often impair their functionality.

How can you control cookies?

You have the right to decide whether to accept or reject cookies. You can exercise your cookie preferences in our cookie settings page. Our cookie consent tool automatically honors Global Privacy Control (“GPC”) and Do Not Track (“DNT”) signals. Please be aware, however, that due to technical limitations in how opt-out tools store preferences, opt-out choices you make will apply only to the device and browser you are using at the time you make the request. For example, if you opt out on your desktop browser, this choice will not automatically carry over to your mobile device or other browsers on the same device. Opt-out preferences must be selected on each device and browser individually.

You can also set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our Websites though your access to some functionality and areas of our Websites may be restricted. As the means by which you can refuse cookies through your web browser controls vary from browser to browser, you should visit your browser's help menu for more information.

In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit http://www.aboutads.info/choices/ or http://www.youronlinechoices.com, or http://www.youronlinechoices.eu/ if located in the European Union.

Artificial Intelligence

We may use artificial intelligence (“AI”) tools, including tools which automate or recommend decisions, to assist with various internal processes. When we use AI tools we will follow applicable law and ensure responsible use, employing safeguards such as

A meaningful human review of automated decisions or recommendations;
Data minimization and the facilitation of privacy rights requests;
Complying with opt-out requests when required; and
Testing automated decision-making tools for accuracy, fairness, and bias.

We may also use AI as a part of our products and services. When incorporating AI into our products and services, we strive to provide each customer with a choice on whether to utilize any AI component of our products.

How does Fivetran keep my personal data secure?

We use appropriate technical and organizational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data. Fivetran is hosted on leading cloud service providers (linked on our security page at https://fivetran.com/docs/security#physicalandenvironmentalsafeguards) and uses industry-standard security protocols to protect personal data. Personal data is stored on private servers in a protected security group. All connections between the end user and our servers are encrypted with SSL, and server software is kept continuously up to date with the latest security patches.

International data transfers

Your personal data may be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection laws that are different than the laws of your country.

To view our data residency locations, review our data residency policy at https://fivetran.com/docs/security#fivetrandataresidency. Our group companies, third-party service providers, and partners operate around the world.

However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Notice. These include complying with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and implementing applicable standard contractual clauses for transfers of personal data between our group companies, which require all group companies to protect personal data they process in accordance with applicable data protection law.

Our Data Protection Addendum is available online at https://www.fivetran.com/legal#dpa, and our Standard Contractual Clauses, when applicable, can be provided on request by contacting us at privacy@Fivetran.com. We have implemented similar appropriate safeguards with our third-party service providers and partners and can provide further details upon request.

Data retention

We retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. For more detailed information on our retention practices, see https://fivetran.com/docs/security#retentionofcustomerdata.

Your data protection rights

You have the following data protection rights:

If you wish to access, correct, update or request deletion of your personal data, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading at the bottom of this notice.
In addition, you can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading at the bottom of this notice.
You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “How to contact us” heading at the bottom of this notice.
Similarly, if we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
You have the right to opt out of the sale of your personal data, including sharing personal data for online advertising. For more information, visit our cookie settings page. Our cookie consent tool automatically honors GPC and DNT signals which are set on each individual device and browser.
We do not use or disclose your sensitive personal data, except for the purpose of providing the services to our customers.
You have the right to non-discrimination, meaning we may not discriminate against a user for exercising a privacy right.
You have the right to have your authorized agent make a data privacy request on your behalf. For more information, please contact us using the contact details provided under the “How to contact us” heading at the bottom of this notice.
You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.
If you are not satisfied with our response regarding your data privacy request, you have the right to appeal our decision. For more information, please contact us using the contact details provided under the “How to contact us” heading at the bottom of this notice. If you are not satisfied with the result of the appeal, you have the right to contact your respective attorney general depending on where you reside.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Our process for verifying data protection requests is based on matching personal data provided by the requestor in their data protection request with personal data that we have on file for the requestor. The personal data points matched vary based on what Fivetran has on the requestor, but Fivetran uses multiple personal data points for verification. During the verification process, Fivetran aims to avoid collecting additional personal data from the requestor that has not been previously collected by Fivetran.

Data Subject Access Request Metrics

Fivetran is committed to providing transparency in how we handle data protection requests. Below is a summary of aggregated data protection requests across global data protection regimes applicable to Fivetran—excluding opt-out requests given Fivetran takes an opt-in approach to online advertising in the U.S.—for the 2023 reporting period.

	Received	Fulfilled	Denied	Average time of response
Request to Access	1	1	0	1 business day
Request to Delete	59	45	14	2 business days

Legal Access Requests

If you are submitting a law enforcement, regulatory, government agency, court, or other third-party request, please contact us using the contact details provided under the “How to contact us” heading at the bottom of this notice.

EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework

Fivetran Inc. complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Fivetran Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Fivetran Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively the “Principles”), the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Fivetran Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-data-privacy-framework for more information or to file a complaint. The services of JAMS are provided at no cost to you. You also have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding our DPF compliance not resolved by any of the other DPF mechanisms. Please view the following for additional information on this process and the applicable requirements: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

Fivetran’s accountability for personal data that it receives under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF and subsequently transfers to a third party is described in the Principles. In particular, Fivetran remains responsible and liable under the Principles if third-party agents, that Fivetran engages to process personal data on its behalf, process personal data in a manner inconsistent with the Principles, unless Fivetran proves that it is not responsible for the event giving rise to the damage. The Federal Trade Commission has investigation and enforcement authority over Fivetran’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

Updates to this Privacy Notice

We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.

How to contact us

If you have any questions or concerns about our use of your personal data, please contact us at privacy@fivetran.com (we operate online), or at the following address:

Fivetran Inc., Attn: Data Protection Officer,

1221 Broadway, Suite 2400, Oakland, CA 94612, United States

We have a Data Protection Officer responsible for compliance with data protection law. Their contact details are DPO@fivetran.com.

The data controller of your personal data is Fivetran Inc. when we collect information from you for marketing purposes. Our customers are the data controller for personal data they provide to us when they use our services.

History - archived version

Privacy Notice Last Updated February 2024

Table of Contents

what personal data does fivetran collect and why?
the personal data that we may collect about you broadly falls into the following categories of sources:
sensitive personal data
who does fivetran share my personal data with?
legal basis for processing personal data
cookies and similar tracking technology
artificial intelligence
how does fivetran keep my personal data secure?
international data transfers
data retention
your data protection rights
data subject access request metrics
legal access requests
updates to this privacy notice
how to contact us
history - archived version