Effective Date: November 2, 2018

We may update this Privacy Policy (“Policy”) from time to time. We will post the updated Policy at this link and will provide notice on the Site when we make material changes to the Policy.

Smarsh Inc. (including Our subsidiaries MobileGuard, LLC, Cognia Cloud Limited, and Actiance, Inc.) (collectively, “We”, “Our”, “Us”) has adopted the following Policy and is committed to, and self-certifies compliance with, the Privacy Shield Framework: https://www.privacyshield.gov/list.

The Policy governs Our use of personal information collected by or received from:

  • Our corporate website www.smarsh.com, www.smarsh.eu, and www.actiance.com (the “Site”);
  • received from third-party sources, like lead generation tools, data providers or social media platforms (“Third-party Sources”);
  • tradeshows, conferences or conventions, and;
  • Our customers through their use of Our archiving platform.

This Policy does not apply to the data We collect on behalf of Our clients, or to the individuals with whom Our clients communicate. Our clients enter into a separate agreement with Us that governs the collection, processing and storage of data We receive pursuant to that agreement.

With respect to Our client relationships, the client is the data controller. Therefore, this Policy does not apply to individuals with whom Our clients communicate. There, the client’s privacy policy and privacy practices govern the relationships. This Policy does not apply to any third-party services, third party websites or third-party platforms (such as social network platforms) that We do not control. We do not knowingly collect personally identifiable information from children under 17 years of age.

This Policy is organized into two sections: the first section applies to information We collect through the Site or from Third-party Sources, and the second section applies to the information We collect via the Archive (defined in Section 2).

Privacy Programs

We comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.  We have certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view Our certification, please visit https://www.privacyshield.gov/.

With respect to individuals located in the EU, We have responsibility for the processing of personal information we receive under Privacy Shield and subsequently transfer to a third-party acting as an agent on Our behalf. We remain responsible under the EU-U.S. Privacy Shield Framework if Our agent processes personal information in a manner inconsistent with the EU-U.S. Privacy Shield Framework, consistent with any exclusions of liability thereunder.


In compliance with the Privacy Shield Principles, We commit to resolve complaints about Our collection or use of personal information. European Union individuals with inquiries or complaints regarding Our Privacy Shield policy should first contact Smarsh at: legal@smarsh.com or to Smarsh Inc., Legal Department, 851 SW 6th Ave., Suite 800, Portland, OR 97204. We will respond to your questions or complaints within 30 days. Following receipt of a complaint, if necessary, We will investigate the issue and provide you with information regarding the investigation and resolution of the complaint.

We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from Us, or if We have not resolved your complaint, please contact or visit JAMS for more information or to file a complaint at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim.  JAMS’ services are provided at no cost to you.

We commit to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel regarding human resources data transferred from the EU in the context of the Smarsh employment relationship.

Under certain conditions, an individual may invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information see:  https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
The Federal Trade Commission has jurisdiction over Our compliance with Privacy Shield.

Section 1: The Site and Third Party Sources

By using the Site, or by interacting with Us through Third-party Sources, you consent to Our collection, use and disclosure of information as specified in this Section 1.

A. Information We Collect
B. Tracking Technologies

We may use tracking technologies like cookies, clear gifs, web beacons, web bugs, or other similar technologies. We may receive reports based on the use of these technologies by Third-party sources that provide us services on an individual as well as aggregated basis. Cookies are used to identify which website or marketing campaign you came from, which areas of the Site you visited and your actions on the Site, and where you go when you leave the Site. Cookies may be “session” cookies and deleted after you leave the Site or “persistent” cookies that are stored. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, which are used to track the online movements of web users. In contrast to cookies, clear gifs are embedded invisibly on web pages, emails or advertisements and track clicks. We use clear gifs to determine whether Our marketing campaigns are successful, such as to determine whether you open an email We send or whether you click on the links within the emails We send. Generally, We use these technologies to:

  • manage content, analyze trends, monitor page visits and content downloads;
  • administer the site, track users’ movements around the site, and;
  • gather demographic information about Our user base.

As is true of most web sites, We gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information We collect about you.

We may partner with third-parties to manage Our advertising on third-party sites. Our third-party partners may use technologies such as cookies to gather information about your activities on this Site and other sites to advertise to you based upon your browsing activities and interests. If you do not wish to have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking http://www.networkadvertising.org/managing/opt_out.asp or by visiting the relevant ad network (Google Ads is available here: https://www.google.com/settings/ads). There are multiple other resources that allow you to opt out of web tracking at the browser level by following the browser’s instructions. We respect your Do Not Track choices instituted at the browser level.

C. How We Use Information We Collect

We use the information We collect or receive in the following ways:

We may link, combine or supplement the information you provide Us with other information We receive from Third-party Sources or with cookies. We do this to help understand your needs and provide you with better products and services, to identify you when you return to Our Site or to pre-populate forms. We may use anonymous, aggregate personal information for different purposes, like market analysis, traffic flow analysis and reporting, or to deliver relevant advertising and information based on click stream data. We may also use this information to examine Our traffic in aggregate, to investigate misuse of Our network, its users, or to cooperate with law enforcement.

D. How We Share Information.

We do not sell, rent or lease the information We collect to third parties.

E. Third-party Service Providers, Widgets, Websites, Ads and Content.

The Site may contain links to websites or content sponsored or provided by third parties. These sites and services may use their own cookies or data tracking technologies to collect data or information from you. We do not control the practices of these third parties or their websites or content. We are not responsible for the privacy practices or the content of these third parties. We do not share the information that you provide Us with these third parties, however, these third parties may obtain information about you if you click on a third-party link. Certain widgets on the Site (such as social media widgets), may collect information about you automatically through cookies and may combine information about your use of Our Site with information they collect in other areas. We have no control over the practices of these widgets and is not responsible for their privacy practices. Please visit the privacy policies of each of these kinds of third parties to learn more about how they collect and use your information. Some of the ads you receive on websites are customized based on predictions about your interests generated from your visits over time and across different websites from an ad network. This is called interest-based advertising and is enabled through your computer browser and browser cookies. These ads are provided based on information owned or controlled by an ad network, and subject to the ad network’s privacy policies. We provide you information on how to opt out of these types of interest based advertisements in the Notice, Access and Choice section of this Policy. We may use other third-party service providers such as an email service provider to send out emails on Our behalf, a career management platform to collect resumes, or a chat widget that allows Us to communicate with you. We may share your information with these service providers, and others, as necessary for them to perform their functions.

F. Security

No method of transmission over the Internet, or method of electronic storage, is 100% secure. We use commercially acceptable means to protect your personal information, but We cannot guarantee its absolute security.

G. Notice, Access and Choice; Data Retention and Right to be Forgotten

We do not require that you provide information through Our Site, however, if you do not choose to provide information, We may not be able to offer or provide services to you. You may opt-out of receiving promotional emails from Us by following the instructions in those emails. If you opt-out, We may still send you non-promotional communications, such as emails about your accounts, product notices, or Our ongoing business relations.

We will retain your information for as long as We determine is necessary. You may contact Us at Smarsh, 851 SW 6th Avenue, Ste 800, Portland, Oregon 97204 or legal@smarsh.com to access your information that We store and process and to request that We delete or amend your information, or to opt out of your information being shared with third parties. In some cases, We may be unable to delete your personal information, in which case We will let you know if We are unable to do so and why. We will respond to your access request within 30 days.

We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Section 2: The Connected Archive

Our customers (“Clients”) engage Us to store digital communications on their behalf. The Connected Archive (“Archive”) is the platform Our customers use to view their digital communications. Client Information and Archival Information (defined below) are governed by the services agreement between Smarsh and the applicable Client. The Archive collects the following information:

851 SW 6th Avenue
Portland, Oregon 97204