Privacy Policy

TRANSFERS OF PERSONAL DATA

The Service is hosted and operated in the United States (“U.S.”), with development, support and maintenance operations in other countries (and hosting soon to come in the European Union (“EU”), through InVision and its service providers. If you do not reside in the U.S., laws in the U.S. (and other countries) may differ from the laws where you reside. By using the Service, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to InVision in the U.S. and will be hosted on U.S. servers, and you authorize InVision to transfer, store, host and process your information to and in the U.S., and possibly other countries. You hereby consent to transfer of your data to the U.S. pursuant to either, at InVision’s discretion, the EU-U.S. or Swiss-U.S. Privacy Shield Framework, the details of which are further set forth below, or the standard data protection clauses promulgated by the European Commission, a copy of which can be obtained at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087.


EU PERSONAL DATA

If you are located in the EU, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) related to your Personal Data, as further described below. InVision will be the controller of your Personal Data processed in connection with the Service, unless you access the Service through an enterprise account, or other InVision account that is controlled by a third party (e.g. your employer).


EU-U.S. and Swiss-U.S. Privacy Shield Participation

InVision complies with the EU-U.S and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EU or Switzerland to the United States, respectively. InVision has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of (1) Notice; (2) Choice; (3) Accountability for Onward Transfer; (4) Security; (5) Data Integrity and Purpose Limitation; (6) Access and (7) Recourse, Enforcement and Liability (collectively, the “Privacy Shield Principles”). If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern with respect to all Personal Data transferred from the EU or Switzerland to the U.S. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. As further set forth in the Privacy Shield Principles, we remain potentially liable if a third party processing Personal Data received from the EU or Switzerland on our behalf processes that Personal Data in a manner that is inconsistent with the Privacy Shield Principles (unless we can prove that we are not responsible for the event giving rise to the damage). InVision is subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to any failure to comply with the Privacy Shield Principles. EU and Swiss individuals with inquiries or complaints regarding U.S. privacy practices should contact us at privacy@invisionapp.com or follow the process set forth in the section titled “Privacy Shield Inquiries” below.

NOTICE OF WHAT INFORMATION WE COLLECT AND HOW WE USE IT

Types of Personal Data We Collect

InVision collects Personal Data about you when you provide it directly to us, when third parties such as our business partners (e.g. companies with whom we integrate our Service), service providers (such as our advertising service providers) provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Service. We collect the following Personal Data from you in connection with the Service:


Contact Information: information we collect to identify or contact you, we collect typical “business card information” such as your first and last name, physical address, email address, telephone number, or Twitter handle. For example, this is the basic information that we collect when you register for our flagship design and prototyping Service.

Financial Account Information: information that you provide in connection with your purchase of the Service (or a purchase made through the Service), including credit card number, credit card expiration date, credit card verification code, bank account number, bank account title, bank name, branch location, and routing number. You must only provide us with Financial Account Information for accounts and credit cards that you have the lawful right to access.

Transaction Information: information related to transactions you conduct on the Service, including when you register for a webinar, event or download special content, and your interactions with the Service (for example the functionality you use and the links clicked on the Service).

User Account Information: information that identifies you to the Service, such as your user name, email address, password, and IP address. For example, we use this information to authenticate you when you log in to the Service, and use the IP address to help maintain your web session security while using the Service.

User Content: to the extent that you choose to input Personal Data as part of such content, images, comments, and other content, information, and materials that you post to or through the Service.

Important Note: Users of our Services should not use end-customer personal data (e.g. actual or “live” end-customer data) when building designs and prototypes. Industry practice is to use “dummy data” that does not refer to actual people. Please also do not provide us with any sensitive personal data while building your designs and prototypes. For example, do not provide personal health information or personal financial information (except for limited financial data when purchasing the service as set forth above). If this type of data is necessary to make your prototype “come alive”, use dummy data instead. Please see our knowledge base for more information and a tool to easily import such dummy data.