SmartBear Privacy Policy

LAST UPDATED: June 29, 2020

SmartBear Software, Inc. and its affiliates (collectively, “SmartBear”, “we”, “us”) is a global organization offering software tools used by developers, testers and operations team members to deliver high quality software and applications. We offer products for code review, API and UI development, testing, and operations and end user experience monitoring across desktop, web, mobile, Internet of things devices, and cloud platforms (“Services”).

This Privacy Policy (“Privacy Policy”) is intended to describe our practices regarding personal information collected through our websites products, and services. Please visit for the list of sites, products, and services covered by this Privacy Policy (collectively, the “Sites”).

Due to the global nature of the SmartBear Sites and Services, our data processing practices may vary among the jurisdictions in which we operate in order to comply with applicable legal requirements. Please note that certain rights, requirements, and disclosures in this Privacy Policy may be subject to exemption or otherwise may not apply to you based, for example, on applicable law or regulations. If you reside in a relevant geographic location, please see the Region Specific Disclosures section for more information.


As described in this Privacy Policy, we may collect personal information from or about you in order to provide, enhance, market, and offer our Sites and Services. This section describes the categories of personal information we may collect, including personal information we have collected in the past twelve months. You are not required to give us all the personal information identified in this Privacy Policy; however, if you do not provide requested personal information, we may not be able to provide you with some or all of the Services.

We may collect the following categories of personal information about you:

  • Identifiers, which includes name; address (including billing and shipping address); telephone number; email address; fax number; screen name; user ID and password; IP address or MAC address;
  • Commercial information, which includes payment or financial information;
  • Information relating to Internet activity or other electronic network activity, which includes operating system type and version; web server type and version; PHP version; database type and version; cookie information; device information; browsing activities, and platform or mobile application use data; referring domain; destination domain and destination path; performance, security, software configuration and availability of our software on your servers and network; website user statistics and website and portal use and viewing activity records; communication preferences
  • Educational information, which includes your education history; grades
  • Professional information, such as employer or organizational affiliation for a customer or partner; the contents of your resume;
  • Geolocation data, which includes geographic information derived from a customer’s IP address or MAC address; latitudinal and longitudinal data
  • Audio, electronic, or visual information, which includes screen sharing views; any data in any files uploaded, emailed or otherwise provided by customers;
  • Characteristics of protected classifications under California or federal law, such as financial information (such as credit card number, expiration date), and other; and
  • Other information, including the contents of your communications with us, whether via email, social media, telephone or otherwise., and inferences we may make from other personal information we collect

We collect personal information from the following categories of sources:

  • Directly from You. For example, (i) if you visit our websites, respond to a survey, participate in a telephone interaction, fill out a registration form or otherwise agree to use our software (ii) if you fill out a form or communicate with us through one of our websites to receive information about our business to business services or to schedule a demonstration of our online, media, marketing, or data services products or programs, and (iii) if you expressed interest in being contacted by us at a trade show in which we participated or hosted.
  • Directly from our customers or their agents. For example, from documents or files that our customers provide to us including, but not limited to, suppression lists/do not call lists and IP addresses corresponding to individuals who have either opted-out of Client communications or who have visited customer’s websites, or related to the products or services our customers are purchasing from us.
  • Indirectly from our customers or their agents. For example, through information we collect from our customers in the course of providing services to them.
  • Directly and indirectly from activity on our websites. For example, from observing your actions on our websites or through your submission of an online form requesting a demonstration or walkthrough for one of our products or services.
  • From Third Parties that contract with us or interact with us in connection with the services we perform. For example, from (i) vendors and partners that help us to build contact lists, supplement or update your information in our database, or confirm/verify our records and information are accurate and up to date, (ii) third parties that may contact you, on our behalf, to provide you relevant content and/or to become a member, or (iii) third parties (including, other B2B contact providers) that integrate their services with ours or provide us access to their services

Mobile Devices
When you use your mobile device to interact with us or use the Services, we may receive information about your mobile device, including, as noted above, a unique identifier for your device. We and our service providers and third parties we collaborate with, including ad networks, may use cross-device/cross-context tracking. For example, you might use multiple

browsers on a single device, or use various devices (such as desktops, smartphones, and tablets), which can result in your having multiple accounts or profiles across these various contexts and devices. Cross-device/cross-context technology may be used to connect these various accounts or profiles and the corresponding data from the different contexts and devices.


To the extent permitted by applicable law, we may use personal information collected in connection with our Services, including:

  • To operate the SmartBear Products and Services and provide support .our business functions;
  • To fulfill customer requests, such as to create a SmartBear Products and Services account or complete customer purchases.;
  • To protect against criminal activity, claims and other liabilities;
  • To send customers information regarding the SmartBear Products and Services and issues specifically affecting SmartBear Products and Services.;
  • To respond to reviews, comments, or other feedback provided to us.;
  • To support and personalize our Services, websites, mobile services, and advertising.;
  • To protect the security and integrity of our Services, content, and our business.;
  • To provide customer support.;
  • For benchmarking, data analysis, audits, developing new products, enhancing the SmartBear Products and Services, facilitating product, software and applications development, improving our services, conducting research, analysis, studies or surveys, identifying usage trends, as well as for other analytics purposes.;
  • To meet our contractual requirements;
  • To comply with applicable legal or regulatory requirements and our policies;
  • To communicate with our customers; to inform customers and users of products, programs, services and promotions;
  • To market, advertise, and provide our Services; and
  • For any other lawful purpose for which the information is collected.

Aggregated and Anonymized Personal Information

To the extent permitted by applicable law, we may use, process, transfer, and store data about individuals and customers or partners in an anonymous (or pseudonymous) and aggregated manner. We may combine such aggregated personal information with other information, collected online and offline, including information from third party sources. We may also use information in other ways with consent or as permitted by applicable law. for benchmarking, analytics, A/B testing, metrics, research, reporting, machine learning and other business purposes, as permitted by applicable law.


To the extent permitted by applicable law, SmartBear may share and disclose information, including personal information, as set forth below:

  • Customers. We may share personal information with our customers and their service providers and other platforms that may assist those customers.
  • Affiliates and Agents. We may share personal information with our affiliates or any business partners or agents acting on our behalf.
  • Service Providers. We may share personal information with our service providers, agents, vendors and other third parties we use to support and advertise the SmartBear Services and our business. We share personal information with such third parties to provide services to us. A listing of our subprocessors, service providers that may receive access to and process personal information of our customers, may be found at:
  • Advertising and Marketing. To the extent permitted by applicable law, we may share personal information with third parties for marketing, advertising, promotions, contests, or other similar purposes.
  • Mergers, Acquisitions, Divestitures. We may share, disclose or transfer personal information to a buyer, investor, new affiliate, or other successor in the event SmartBear, or any affiliate, portion, group or business unit thereof, undergoes a business transition, such as a merger, acquisition, consolidation, reorganization, divestiture, liquidation or dissolution (including bankruptcy), or a sale or other transfer of all or a portion of any assets of SmartBear or any affiliates or during steps in contemplation of such activities (e.g., negotiations and due diligence).
  • Law Enforcement and National Security. We may share personal information with legal, governmental, or judicial authorities, as instructed or required by those authorities or applicable laws, or to comply with any law or directive, judicial or administrative order, legal process or investigation, warrant, subpoena, government request, regulatory request, law enforcement or national security investigation, or as otherwise required or authorized by law.
  • Protection of Rights, Property or Safety. We may also share personal information if, in our sole discretion, we believe disclosure is necessary or appropriate to protect the rights, property or safety of any person, or to protect against fraud or other illegal activity,.

SmartBear may also disclose personal information for other purposes or to other third parties when an individual has consented to or requested such disclosure, or where a customer has obtained permission from such individual, or where such disclosure is otherwise legally permitted for legitimate business purposes, and, for customer data, with such customer’s authorization or otherwise in accordance with SmartBear’s agreement with such customer and pursuant to applicable law.


We may use cookies and similar technologies to operate and improve the SmartBear Products and Services, as well as to simplify our interaction with you. A "cookie" is a unique numeric code that we transfer to your computer so that we can keep track of your interests and/or preferences and recognize you as a return visitor to the websites. We may use cookies, log files, pixel tags, web bugs, web beacons, clear GIFs, Local Storage Objects (LSOs) such as HTML5 and Flash or other similar technologies to collect information about the ways you interact with and use the SmartBear Products and Services, to support and enhance features and functionality, to monitor performance, to personalize content and experiences, for marketing and analytics, and for other lawful purposes. We may also engage third party service providers to provide advertisements and promotions on our behalf, or authorize third parties to advertise and market products and services via the SmartBear Products and Services.

We may use the following types of cookies and similar technologies:

  • Strictly necessary cookies required for the operation of the SmartBear Products and Services. They include, for example, cookies that enable you to log into secure areas.
  • Analytical/performance cookies that collect information about how you use the SmartBear Products and Services. They allow us to recognize and count the number of visitors and to see how visitors move around our website. This helps us to improve the way our website works. These cookies are sometimes placed by third party providers of web traffic analysis services.
  • Functionality cookies that remember choices you make and recognize you when you return. This enables us to personalize our content, greet you by name and remember your preferences (for example, your choice of language or region).
  • Targeting cookies that collect information about your browsing habits such as the pages you have visited and the links you have followed. We use this information to make our website more relevant to your interests, and, if we enable advertising, to make advertising more relevant to you, as well as to limit the number of times you see an ad. These cookies are usually placed by third-party advertising networks. They remember the other websites that you visit and this information is shared with third-party organizations, for example, advertisers.

Most internet browsers accept cookies by default. You can block cookies by activating the setting on your browser that allows you to reject all or some cookies. The help and support area on your internet browser should have instructions on how to block or delete cookies. Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you to when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may not have access to all of the features available through the SmartBear Products and Services.

For more information, visit the help page for your web browser or see or visit which has further information about behavioral advertising and online privacy.

We may use third party analytics such as Google Analytics or similar analytics services. For information on how Google processes and collects your information regarding Google Analytics and how you can opt-out, please see

We may use third-party advertisers to serve or track advertisements on or relating to the SmartBear Products and Services. These third parties may use cookies and other tracking and analytical technologies to, among other things, record which ads your browser has loaded and which pages you were viewing when ads were delivered or accessed. Information so collected is subject to the privacy policies of those third parties, which you should carefully review. We have limited or no control over third party use of cookies.


To the extent required by applicable law, or in our discretion otherwise, you can limit certain uses of personal information. Where consent is the basis of processing, you may at any time withdraw the consent you provided for the processing of your personal information for the purposes set forth in this Privacy Policy by contacting us as set forth below, provided that we are not required by applicable law or professional standards to retain such information.

If you would like to stop receiving newsletters or other marketing or promotional messages, notifications, or updates, you may do so by following the unsubscribe instructions that appear in these e-mail communications, by going to our Unsubscribe Page, or by mail at 450 Artisan Way, Somerville, MA, 02145 USA; Attn: General Counsel, Legal Dept. to opt-out of direct marketing. Please be advised that you may not be able to opt-out of receiving certain service or transactional messages from us, including legal notices.

Please note that if you do not provide consent, if you withdraw your consent or object to processing, or if you choose not to provide certain personal information, we may be unable to provide some or all of the services to you.


The SmartBear Products and Services may provide links to other websites, mobile applications, resources , or Internet locations over which SmartBear does not have control (“External Web Sites”). Such links do not constitute an endorsement by SmartBear of those External Web Sites. SmartBear is providing these links to you only as a convenience. We have no control over and are not responsible for External Web Sites, their content, or any goods or services available through the External Web Sites. Our Privacy Policy does not apply to External Web Sites. Your use of External Web Sites is subject to the terms of use and privacy policies located on the External Web Sites., and we encourage you to read the privacy policies of any External Web Sites with which you choose to interact.


We implement technical and organizational security measures designed to secure and protect personal information. Please note, however, we cannot fully eliminate security risks associated with the storage and transmission of personal information.


8.1 Notice to Individuals in the EEA

PRIVACY SHIELD NOTICE: We have certified our compliance with the EU-U.S. and Swiss- U.S. Privacy Shield with regards to the personal information of users of the SmartBear Products and Services who are residents of the European Union (“EU”), European Economic Area (“EEA”) and Switzerland that we receive and process through the SmartBear Products and Services. We certify that we adhere to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, liability, and enforcement (“Privacy Shield Principles”) for Personal Data of users of the SmartBear Products and Services in the countries participating in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. To learn more about the Privacy Shield program, and to view our certification, please visit We may also process Personal Data submitted relating to individuals in Europe via other compliance mechanisms, including use of the European Union Standard Contractual Clauses or Binding Corporate Rules. We are responsible for the processing of Personal Data we receive under the Privacy Shield Framework and subsequently transfer to a third-party agent, and may be liable for onward transfers in violation of the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

Our legal bases for processing personal information are:

  • To comply with legal obligations;
  • To perform contracts;
  • To pursue our legitimate interests, including:
    • engaging in commerce,
    • offering the SmartBear Products and Services,
    • preventing fraud,
    • correcting and addressing technical, service or security problems, o ensuring information and network security,
    • direct marketing and advertising, and
    • complying with industry practices.
  • Your consent (for example, when you sign up to our mailing list).

Data Retention

We retain personal information pursuant to our records retention program, for as long as is necessary for the purposes set out in this Policy, unless a longer period is permitted or required under applicable law or is needed to resolve disputes or protect our legal rights, in accordance with the principles set forth in Article 5(1) of the GDPR. We may retain anonymized, aggregated data indefinitely, to the extent permitted under applicable law.

The criteria used to determine the period for which personal information about you will be stored varies depending on the legal basis under which we process such personal information:

Legitimate Interests

For a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the data subjects.

Contractual Necessity

For the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the limitation period for legal claims that could arise from the contractual relationship.

Legal Obligation

For the duration of time we are legally obligated to keep the information.


For the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain personal information about you erased (see Data Subject Rights below).

Automated Decisions

To the extent permitted by applicable law, we may collect data in an automated manner and make automated decisions, including using machine learning algorithms, about individual users of the SmartBear Products and Services in order to provide or optimize the SmartBear Products and Services offered and/or delivered, for security or analytics purposes, and for any other lawful purpose. To the extent permitted by applicable law, we may use automated decisions, for example, to display advertisements and offers based on the individual’s preferences.

International Data Transfers

The SmartBear Sites and Services may be provided using resources and servers located in various countries around the world, including the United States and other countries. Therefore, personal information about individuals or customers may be transferred, processed and stored outside the country where the SmartBear Sites and Services are used, including to countries outside the European Union (“EU”), European Economic Area (“EEA”) or Switzerland, where the level of data protection may not be deemed adequate by the European Commission. If you are located outside of these jurisdictions, the transfer of personal information may be necessary to provide you with the requested information, products, and services and/or to perform any requested transaction. By using any portion of the Sites or Services, you acknowledge and consent to the transfer of your information as set forth herein.

Data Subject Rights

Individuals from the EEA whose personal information we process subject to the GDPR have certain rights as required by law, including the right of access, erasure and data portability, as well as the right to rectification, to restrict processing, to withdraw consent, and to object to processing as follows.

  • Access: Individuals have the right to know if we are processing personal information about them and, if so, to access and obtain a copy of personal information about them, as well as information relating to the processing of that data.
  • Rectification: Individuals have the right to have us correct or update any personal information about them that is inaccurate or incomplete without undue delay.
  • Restriction: Individuals have the right to restrict or limit the ways in which we process personal information about them where the accuracy of the personal information is contested by them, where data has been obtained by us unlawfully, where the individual has objected to our processing of the data (see right of objection below) and we are considering whether to cease processing, or where we no longer need to process the personal information.
  • Objection: Individuals have the right to object to our processing of their personal information where we are relying on legitimate interests as our legal basis and their rights override our legitimate interests in processing their personal information. Individuals also have the right to object to our processing of their personal information for direct marketing purposes.
  • Withdrawal of Consent: Where we rely on consent as the basis for processing personal information, individuals have the right to withdraw their consent.
  • Erasure: Individuals have the right to request deletion or erasure of their personal information in a number of circumstances where required by law. These include where we no longer require the personal information for the purposes for which it was collected, the individual has withdrawn consent or, where we are relying on legitimate interests as a legal basis, and the individual’s rights override our legitimate interests.
  • Portability: Individuals have the right to obtain a copy of the personal information we hold about you in a structured machine-readable format and to have it transmitted to another controller. This right only occurs where we are relying on your consent or performance of a contract as our legal basis and the processing is carried out automatically.
  • Make a Complaint: Individuals also have the right to make a complaint about our personal information handling practices to their local data protection authority.

To assert one of your legal rights described in this Section 12.1, or if you have questions about this Section or our data handling practices, please contact us using our interactive webform or per the details provided below and provide sufficient details so that we can respond appropriately. We will process any requests in accordance with applicable law and within a reasonable period of time. We may need to verify the identity of the individual submitting a request before we can address such request. If the request relates to data our customers collect and process through the SmartBear Sites and Services, we will refer the request to that customer and will support them in responding to the request. For SmartBear customers, certain information may be reviewed, corrected and updated by logging into the SmartBear Sites and Services account and editing the profile information.

In compliance with the Privacy Shield Principles, SmartBear commits to resolve complaints about our collection or use of your Personal Data. Residents of a country participating in the Privacy Shield Framework may direct any questions or complaints concerning our Privacy Shield compliance to our Privacy Shield and Data Protection Contact. We will work with you to resolve your issue.

If we have not responded to a concern relating to data processed under the Privacy Shield Framework in a timely manner, or we have not addressed the concern satisfactorily, you may contact our U.S.-based dispute resolution provider, at no cost, at If neither SmartBear nor our independent dispute resolution provider resolve your complaint, you may have the possibility to invoke binding arbitration through the Privacy Shield Panel. However, prior to initiating such arbitration, a resident of a country participating in the Privacy Shield Framework must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from our designated independent dispute resolution provider; and (3) contact the U.S. Department of Commerce (either directly or through a European DPA) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.

U.S. Federal Trade Commission Enforcement. SmartBear’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Compelled Disclosures. SmartBear may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Privacy Shield and Data Protection Contact. Unless otherwise specified, the data controller of personal information uploaded to the SmartBear Products and Services is the SmartBear customer for whom such Services are provided and SmartBear is the processor of such data for such customer. In certain cases, SmartBear may also be the controller of aggregated, anonymous or pseudonymous data relating to the SmartBear Products and Services. Our Privacy Shield and Data Protection Contact for the personal information collected in connection with the SmartBear Products and Services is:

Attn: General Counsel, Legal Dept. SmartBear Software Inc.
450 Artisan Way
Somerville, MA 02145

Phone: +1 (857) 997-0693

8.2. California Privacy Rights

To help you further understand what we do with the above categories of personal information, we have provided you with the a matrix detailing the sources, purposes, and any sharing related to each category. You may review that matrix by scrolling down to “Table 1” of this Privacy Policy.

We do not sell personal information, or otherwise provide personal information to third parties, other than service providers receiving information to perform services for us on our behalf.

We disclose the following categories of personal information for a business purpose:

  • Identifiers;
  • Commercial information;
  • Information relating to Internet activity or other electronic network activity;
  • Educational information;
  • Professional information;
  • Geolocation data;
  • Audio, electronic, or visual information;
  • Characteristics of protected classifications under California or federal law; and
  • Other information.

Your Rights Under California Law

If you are a California resident, subject to applicable law, you have the following rights under California law with respect to your personal information:

  • Right to Know. You have the right to request what personal information we collect, use, disclose, and/or sell, as applicable.
  • Right to Delete. You have the right to request the deletion of your personal information that is collected or maintained by us.
  • Right to Non-Discrimination. You have the right not to receive discriminatory treatment by us for the exercise of the privacy rights described above.

You may also authorize someone to exercise the above rights on your behalf. In order to authorize another person to exercise your rights under California law, with respect to your personal information, you must (i) provide written permission to the person acting on your behalf, and (2) you must verify your identity directly with SmartBear by contacting us through one of the methods identified in this Privacy Policy. If we have collected information on your minor child, you may exercise the above rights on behalf of your minor child.

The above rights are subject to our being able to reasonably verify your identity and authority to make these requests. These rights are also subject to various exclusions and exceptions under applicable laws.

If you are a California resident and wish to seek to exercise these rights, please reach us in one of the following ways:

  • Interactive webform
  • Mail:
    • General Counsel, Legal Dept.
    • SmartBear Software
    • 450 Artisan Way
    • Somerville, MA 02145
  • Please consult the other sections of our Privacy Policy for further information on our practices regarding your personal information.

Shine the Light Law

Under California’s “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family or household use may be entitled to request and obtain from us, once per calendar year, information about customer information we have shared, if any, with other businesses for such other businesses’ own direct marketing uses. If applicable, this information would include the categories of resident information and the names and addresses of those businesses with which we shared such resident information for the immediately prior calendar year. To obtain this information, please contact us as indicated below. Please include sufficient personal identification information so that we can process the request, including that you are a California resident.

8.3 Canadian Residents

Canadian residents may have additional rights under Canadian law. Please see the information provided by the Office of the Privacy Commissioner of Canada for additional details. You, and we, confirm that it is our wish that this document and all other related documents be drawn up in English.

Vous reconnaissent avoir exigé la rédaction en anglais du présent document ainsi que tous les documents qui s'y rattachent.

For all authorized SmartBear Services which are obtained through the Atlassian Marketplace, meaning or any other webpage, application, interface, service or in-product experience at which Atlassian Pty Ltd (“Atlassian”) makes available cloud and downloadable applications, plug-ins or extensions that are designed to interoperate with

Atlassian’s own software and cloud offerings (“Atlassian Marketplace”), Atlassian is not responsible for the privacy, security or integrity of Your data collected or processed by SmartBear or by the SmartBear Products and Services through the Atlassian Marketplace.


If you have any questions about this Privacy Policy, or our collection, use, sharing or storage of information about you, you can contact us by email at, use our interactive webform, or write to the following address:

Attn: General Counsel, Legal Dept. SmartBear Software
450 Artisan Way
Somerville, MA 02145

Phone: +1 (857) 997-0693


SmartBear may update this Privacy Policy from time to time in our sole discretion to reflect changes to our information and privacy practices. SmartBear will post any updated Privacy Policy on this page at or in the SmartBear Products and Services, or with any notice to individual users if required by applicable law. SmartBear encourages you to review this Privacy Policy regularly for any changes. The date of last revision is shown at the “Last Updated” legend at the top of this page.