Privacy Policy

Updated November 20th 2018

This is the Privacy Policy of Sanity AS ("Sanity"), a Norwegian company situated in Thorvald Meyers gate 49, 0555 Oslo. Sanity reserves the right to modify this privacy policy. The latest version of the privacy policy is always accessible at www.sanity.io/legal/privacy. For Sanity, the protection and confidentiality of your data is of the utmost importance. If you have any concerns about privacy and personal data you may contact our Data Protection Officer, Erik Grinaker, at dpo@sanity.io.

Sanity collects and uses your personal data strictly within the legal limits of the data protection law of the Kingdom of Norway and, as of 25 May 2018, the EU General Data Protection Regulation no. 2016/679 (“GDPR”) as incorporated in Norwegian law. Terms that we use in this document like "personal data", "processing", "data controller" and "data processor" shall have the meaning as defined therein.

This privacy policy informs you of the kinds, extents and purposes of any collection and use of personal data, and is divided into the following sections:

  1. Which personal data we collect and use with our platform is detailed in Section 1
  2. General aspects regarding processing of personal data and your rights in Section 2
  3. Details of third party service providers and other personal data we collect and use when you visit our website Sanity.io in Appendix 1.

Please address any requests regarding privacy to privacy@sanity.io or write to us at the postal address stated above.


1. Overview of personal data we collect and use

1.1 Log in information and data you provide as a customer of sanity.io

In order to use all services offered by Sanity, you are required to register. You may register using third party identity providers, such as Google and Github. If you choose to do so, the identity providers will provide Sanity with your name, email address and profile picture (if available). Sanity will not, however, have access to your password. If direct signup with Sanity is provided, we will require you to enter your name, email address and password, and you may also provide us with other information upon login, such as your profile picture. For both options, this data is required to create and administer a user account for you and to enable you to use the service. For enterprise customers, Sanity allows signup and login via third party enterprise authentication services, if previously agreed upon and formalized in terms with said enterprise.

If you decide to use services offered by Sanity that are subject to a charge, you are required to provide the name, address, email address, and phone number of your organization (or yours if not applicable) for payment reasons. This information is also processed by our payment processor. Credit card information is never available to Sanity, but is only transmitted to and stored with our payment processor.

To provide you with a better service, user and organization data may also be stored in third-party CRM systems or similar tools (such as e.g. hubspot.com and salesforce.com) for sales and marketing purposes.

You may choose to sign up for our newsletter and service status updates provided via email. We will store your name and email address, and share this information with third party processors to deliver these services. You may choose to unsubscribe from these email updates at any time. We will also very occasionally send important service updates to all registered users via email, using the same third-party processors.

Sanity is the data controller for the personal data of our service users according to relevant data protection law.

1.2 Information within content owned by our users at sanity.io

Users can upload a variety of content, such as texts, images, videos and music files to and via the Sanity Services, defined as "Customer Data" in our General Terms and Conditions. Typical content uploaded to Sanity might be news articles or a shop’s production information. This data may occasionally, but not usually, contain data that may be qualified as personal data. In this context, Sanity is only a processor of data on behalf of the user and not the data controller.

Except for complying with its obligations under mandatory law and contractual terms, Sanity is not legally responsible for data content uploaded by the user and is neither interested in this data nor will analyze this data in any way. Sanity will only process and store this data within the framework of the provision of the service, in the scope described in the General Terms and Conditions and our Agreement with you or the entity with which you are connected to.

1.3 Data collected through the use of APIs and SDKs

Sanity allows customers to integrate their uploaded content into their internal systems and/or third-party systems delivered by other parties through an Application Programming Interface (API). Sanity by design does not determine what systems it may be configured to interoperate with but typical examples of classes of such systems are content delivery (e.g. HTML rendering systems, native mobile applications, digital signage systems) and content optimisation (e.g. e-commerce personalization services, A/B/N-testing or similar) systems.

The SDKs can, however, be configured by the user/client of our service to send the identity (user ID) of logged-in users to our APIs in order to facilitate, for example, access control. This would be a user-based decision/parameter defined by client and therefore out of our control.

Sanity logs the originating IP address of an end user to avoid fraudulent use (e.g., denial of service attack).

1.4 Information gathered through automatic data collection

When you access the Sanity Services via a browser, the Command Line Interface (CLI), or other means, certain data is automatically transmitted for technical reasons. The following data is logged and stored separately from any other data you may transmit to us for a limited time: IP address, date and time of access, browser type and version, operating system, URL of the website visited prior to ours, amount of data transmitted, and performance numbers such as latencies and caching. This data is collected for purposes of security, troubleshooting, and aggregate statistics, and is never associated with any particular individual.

Logged-in users will also transmit authentication information through cookies or headers to allow our systems to authenticate and authorize the request and make decisions based on the logged-in user. This information is never stored together with the access logs mentioned above, but other information that is explicitly provided by the user to perform operations may, however, be logged and associated with the user in order to provide audit logs and similar.

When visiting our website at sanity.io we collect aggregate statistics about your actions on our website and store these with a third-party processor for analytics and statistics to improve our website and service. The collected data does not include any personal information, and it is not possible for us to trace this back to any individual.

If the user should encounter any errors while using our services, we will temporarily log information relevant to the error, including the information listed above, with a third party processor in order to notify us of the error and aid with debugging.

1.5 Cookies

Sanity stores so-called “cookies” to provide you with a wide range of functionalities. “Cookies” are tiny files stored on your computer through your browser. If you do not wish to receive “cookies”, you may deactivate storing “cookies” on your computer by changing your browser settings accordingly. Please note that the functioning of the website may be impaired and the range of functionalities may be limited if you deactivate “cookies”. The cookies we use are described in more detail in Appendix 1. You may deactivate cookies in your web browser. For more information, please visit http://www.youronlinechoices.com/

1.6 Further information

If you decide to use services offered by Sanity that are subject to a charge, Sanity may offer you the possibility to enter further information and/or flag issues using the customer account management tool on your profile page. The information requested by Sanity will then depend on your request and will be specified in the input mask. In addition, free-text fields allow you to enter more information. Sanity will use the information you enter to process your request.

Sanity also offers a free newsletter service. In its newsletter, Sanity informs subscribers about changes to the Sanity Services. You may opt out of the newsletter at any time. Each newsletter contains a link to opt out of receiving any future newsletters.

2. General Aspects of Data Processing and Privacy

2.1 Legal basis and purpose of our processing

We process your data because it is necessary for the fulfillment of a contract with you and/or because it is necessary to perform our legitimate objective of providing the Sanity Services to our Customers. This includes, but is not limited to:

  • To provide services and information to our Customers
  • To handle inquiries and requests from our Customers
  • To create and administer records about an account that you register with us
  • To give our Customers information and updates about their orders.
  • To provide access to resources and information that you have requested from us
  • To provide you with technical support based on your individual needs
  • To improve our website, like the navigation and content of our sites
  • For website and system administration and security
  • To process transactions from our Customers
  • To fulfil our legal obligations regarding financial transactions
  • For general business purposes, including improving customer service
  • To help us improve the content and functionality of the Sanity Services
  • To better understand our users and protect against wrongdoing
  • To enforce our Terms of Service, and to generally manage our business
  • For recruitment purposes, if you apply for a job at Sanity

2.2. Third party access to your data

Sanity employs third-party processors under contract as part of providing our services to you, who may process your personal data in cases where we are the data controller. In these cases, we only share the necessary information to enable them to carry out their tasks. Such external service providers are carefully selected in order to ensure your privacy and to fulfil our obligations under the GDPR. Service providers may only use the data for the purposes under the agreement entered into between Sanity and the service provider. More information about our specific third-party processors is included in Appendix 1.

We also employ a limited number of third-party subprocessors for processing customer-controlled data, listed in Appendix 1. Sanity will notify customers before changing subprocessors that have access to customer-controlled data, and allow the customer to cancel their contract before the switch if they object.

If it serves investigations of illegal use of our services or is required to pursue legal claims, personal data may be shared with law enforcement agencies, public bodies and third-party victims’ claims based upon court orders or other binding orders from public bodies. Such transfer of data will be made in accordance with applicable laws and regulations.

2.3 Deletion of your data

Your data will be deleted from our systems and third-party processors once it is no longer required for the aforementioned purposes. We delete or anonymize logs within 90 days of collection. If you delete your user account, your personal data will be removed from our systems without unreasonable delay, and at the latest within 90 days, unless applicable legislation or legal process prevents us from doing so. To the extent that Sanity is legally obliged to archive data, such data will be blocked and will not be available for productive use.

Customer-controlled data may be deleted via our API. We retain a complete history of all changes to a dataset, including deleted documents, with a maximum retention period given by the project’s plan. Custom retention periods can be configured for the entire dataset or by document type for customers with our custom history retention feature. Customers can also permanently delete a document and all history via a purge mutation through our API. Note that user-specified document IDs will be retained in our systems indefinitely (until the entire dataset is deleted), for technical reasons - we strongly recommend that document IDs never contain personal or sensitive data. Deleted assets may remain available in public CDN caches until the configured expiry time.

Data may in certain cases remain in the systems of our subprocessor Google Cloud Platform for as long as 180 days, as outlined in their terms of service, although it will generally be removed much sooner. This data is not available to us.

2.4 Location of your data

Sanity is based in Norway and will primarily access your data from our regular place of business in Norway. Your personal data will be stored on servers within the EU/EEA hosted by our subprocessor Google Cloud Platform - primarily in data centers in St. Ghislain, Belgium, but also at other Google data centers throughout the EU. Your data may be stored transiently or cached in any country in which Google or its agents maintain facilities.

We also employ certain third-party processors outside of the EU (primarily in the US) to deliver our services, which may process personal data for which we are a controller. Under such circumstances, adequate safeguards for such transfer to third countries are in place, including EU-U.S. Privacy Shield and data processing agreements compatible with EU standard clauses accepted by the European Commission. For a complete list of processors, please see Appendix 1.

Customer-controlled data is always permanently stored within the EU.

2.5 Your rights

You are entitled, upon request, to disclosure regarding your personal data that we are storing or are otherwise processing. You are also entitled to have any incorrect personal data corrected and rights to blocking or deletion of your personal data. Under certain conditions, you have the right to object to processing of your personal data, and as far as the EU Regulation 2016/679 (GDPR) has entered into force you may ask to receive your personal data in a structured and commonly used format so that it can easily be transferred to you or another data controller you appoint (this is known as “data portability”).

If you have any complaints regarding our processing of your personal data, we encourage you to contact us. Please address any requests in such matters to privacy@sanity.io or write to us at the address stated above. We also inform you that you are entitled by law to file a complaint with the Norwegian Data Inspectorate (datatilsynet.no).

3. Final remarks

This privacy policy is governed by the laws of Norway, and any dispute in relation to this policy shall be dissolved by Norwegian courts, with Oslo Tingrett as the legal venue.

Appendix 1: Third-Party Processors

Sanity uses a number of third-party processors to deliver our services to you, as described in section 2.2. These processors, and the purposes of the processing, is listed below for your information. This appendix is updated independently of our privacy policy.

Customer-controlled data

The following subprocessors are employed under contract to process customer-controlled data in order to deliver our services, as described in section 2.2. We will notify customers before changing these processors.

Google Cloud Platform

Sanity uses services provided by Google Ireland Limited, with offices at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google acts as a subcontractor and data processor, inter alia for hosting our services and all related data through their Google Cloud Platform offering. For further information regarding Google Cloud Platform Service specific terms, please visit: https://cloud.google.com/terms/service-terms. For information regarding Google Cloud Platform Data Processing and Security Terms, please visit: https://cloud.google.com/terms/data-processing-terms.

Sanity-controlled data

The following third-party processors are employed under contract to process Sanity-controlled data in order to deliver our services, as described in section 2.2. We reserve the right to change these processors at our own discretion, without notifying customers beyond updating this list, provided the data, terms, and purposes of the processing are compatible with our current terms of service and privacy policy.

Operations

Google Cloud Platform

Sanity uses services provided by Google Ireland Limited, with offices at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google acts as a subcontractor and data processor, inter alia for hosting our services and all related data through their Google Cloud Platform offering. For further information regarding Google Cloud Platform Service specific terms, please visit: https://cloud.google.com/terms/service-terms. For information regarding Google Cloud Platform Data Processing and Security Terms, please visit: https://cloud.google.com/terms/data-processing-terms.

Sentry.io

Sanity uses services provided by Sentry.io for recording, notifying, and tracking errors in our web applications. For more information on Sentry’s privacy policy and terms of service, please visit: https://sentry.io/privacy/

Payments

Stripe

We use Stripe for payments, analytics, and other business services. Stripe collects identifying information about the devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection. You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy.

Identity services

Sanity allows website visitors to create a user account and log in with the following third-party identity providers:

GitHub

Sanity allows signup and login through GitHub, a Git repository hosting service of GitHub Inc., 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA. For more information, see GitHub’s Privacy Statement at: https://help.github.com/articles/github-privacy-statement/.

Google Accounts

Sanity allows signup and login through a Google Accounts, provided by Google. For more information, see Google’s Privacy Statement at www.google.com/intl/en/policies/privacy/.

Other third-party enterprise authentication services

For enterprise customers, Sanity allows signup and login via third party enterprise authentication services, if previously agreed upon and formalized in terms with enterprise.

Web analytics and marketing

Google Analytics and Google Tag Manager

Sanity uses Google Analytics and Google Tag Manager, web analytics services provided by Google Inc. (“Google“), for aggregate statistics about our website usage. This also collects information for remarketing purposes. The information gathered is anonymous, and cannot be traced back to individuals.

Google Marketing Services

When users visit Sanity.io they may choose to opt-in to seeing advertising about Sanity elsewhere on the internet. Sanity uses Google Marketing Services to allow more targeted ads for our website on sites using Google Display Network and Google Search Ads. This is called “remarketing”. The user data is processed pseudonymously by Google Marketing Services. You can find further information on Google’s data usage on: https://www.google.com/policies/technologies/ads and https://www.google.com/policies/privacy.

Twitter Marketing Services

Twitter remarketing service is provided by Twitter Inc. You can opt-out from Twitter's interest-based ads by following their instructions: https://support.twitter.com/articles/20170405. You can learn more about the privacy practices and policies of Twitter by visiting their Privacy Policy page: https://twitter.com/privacy

Embeds

In order to display tweets from twitter and the github stars on our repositories Sanity.io has embeds from Twitter and Github. These embeds load from the respective sites and thereby expose your IP address to these third-parties.

Sales and Communication

Hubspot

Sanity uses HubSpot as a CRM system, to store contact, sales, and marketing information about current and potential customers. For more information, see: https://legal.hubspot.com/privacy-policy.

MailChimp

Sanity uses MailChimp to manage our newsletter subscriptions and send newsletter emails. For more information, see: https://mailchimp.com/legal/privacy/.

Postmark

Sanity uses Postmark to send service-related emails, such as user invitations and project notifications. For more information, see: https://postmarkapp.com/eu-privacy.

StatusPage.io

Sanity uses StatusPage.io, provided by Atlassian, to notify our users of service interruptions, via web and email. For more information, see: https://www.atlassian.com/legal/privacy-policy.

Zapier

Sanity uses Zapier to integrate certain website functionality (e.g. contact forms and newsletter signups) with our other third-party providers. For more information, see: https://zapier.com/privacy/.

Support

Gitter

Sanity uses Gitter for discussion with users. Gitter maintains its own discrete signup flow and therefore their own terms of service and privacy agreement. Usage of the Sanity Service is not contingent on the use of Gitter.

Lighthouse

Sanity uses Lighthouse for bug tracking. Lighthouse maintains its own discrete signup flow and therefore their own terms of service and privacy agreement. Usage of the Sanity Service is not contingent on the use of Lighthouse.

Slack

Sanity uses Slack for discussion with enterprise users. Slack maintains its own discrete signup flow and therefore their own terms of service and privacy agreement. Usage of the Sanity Service is not contingent on the use of Slack.