Stack Overflow Internal Privacy Notice
Privacy Notice that applies to Stack Overflow Internal users
This Privacy Notice is applicable to users of our Stack Overflow Internal (“Stack Internal”) platform, along with the Stack Exchange Privacy Policy, Acceptable Use Policy, and associated licensing terms.
Stack Internal is a software application tailored for sharing questions and answers within an organization, allowing authorized users to post privately within a company to share knowledge with peers and colleagues. Stack Internal is owned and operated by Stack Exchange, Inc. (referred to herein as “Stack”, “we”, “us”). We offer various levels, or tiers, of Stack Internal: Free, Basic, Business, and Enterprise, and this Privacy Notice is intended to cover all variants.
At Stack, we are committed to ensuring effective data protection practices, particularly when processing personal information, and we take the privacy of our users and our current and prospective Stack Internal customers seriously. In this Privacy Notice, you will find details about the types of personal information we collect in the course of provisioning and providing Stack Internal and the use of it, how we use that personal information, who is responsible for managing that personal information, our legal basis for doing so (as applicable), and what additional purposes the personal information will be used for and by whom.
For all other descriptions of how we collect, use, protect, share, and transfer personal information that we collect through the use of any other of our products and services, websites, or apps, or otherwise how/when you interact with us, as well as your rights, how you can exercise those rights, and how the law protects you, see our Stack Exchange Privacy Policy.
If you have any questions about this Privacy Notice, the Data Processing Addendum, the Stack Exchange Privacy Policy, or other questions related to the collection, processing, or our use of personal information in relation to , please contact us at privacy@stackoverflow.com.
Stack as Data Controller and Processor
Stack is a global company with its headquarters in the United States (US). As such, it should be appreciated that certain personal information may be accessed, used, processed, and/or transferred to the US and other countries or territories, as indicated on the Stack Internal sub-processor list.
In providing Stack Internal, we may process data in two ways: (i) as a data processor, acting on behalf of an organization, or (ii) as a data controller, acting for our own purposes. This Privacy Notice covers our obligations as a data processor, processing personal data on behalf of an organization, but we also explain when we act as a data controller.
Data Processor
When we provide the Stack Internal services, the customer acts as a business and is considered to be the data controller/exporter in respect of certain personal information that is provided to Stack by the customer and its authorized users, and Stack acts as a service provider and is considered to be the data processor/importer in respect of such personal information that is held or processed as a result. Any personal information that we process as part of the services, with the exception of the personal information referenced below that Stack acts as data controller of, will be on behalf of the customer and will be carried out based on customer’s instructions.
It should be appreciated that the customer retains the responsibility to comply with any applicable regulatory requirements, including issuing any privacy notices and establishing all required legal basis (e.g., consent), where required, in order for Stack to collect and process the personal information. As such, users are responsible for understanding their organization’s privacy policy to find out more about how personal information is processed and what rights related thereto are available and how they can be exercised. We may also be required by data protection laws to sign a Data Processing Addendum (DPA) or some other similar type of data protection agreement with an organization before we process any personal information.
Data Controller
When users interact with Stack, we will also collect and process certain information for our own purposes as a data controller. This can include certain personal information, such as billing information, login credentials, and certain contact information (e.g., name, telephone number, email address, and other contact details, such as job title).
What Personal Information Do We Collect
Personal Information Provided to Us
| Category | Details/Purpose |
|---|---|
| Account registration information | Account registration information such as first and last name, email address, job information (e.g., role and industry), company name and size, and Internet Protocol (IP) address, that we will need from customers or individuals granted access to an organization’s Private Network ("Authorized Users"). |
| Billing and account information | Billing and accounting information. |
| Sales and other contact information | Names and contact details of key contacts and representatives. |
Personal Information Generated or Collected Through the Use of Stack Internal
| Category | Details/Purpose |
|---|---|
| Access credential | In order to provide secure access to an Stack Internal instance, we require certain information to authenticate users on login, which may include a username (e.g., an email address) and password hash. |
| Application usage data | Information derived from the access and use of Stack Internal is captured via events that are collected and used in accordance with the applicable Stack Internal terms. This event data may include event identifying information, IP address, browser type and ID, date and time of the event. Inferences may be derived from such information, such as a general geographic location based on the IP address, for example. |
| Contact information | Any contact information that a customer or user chooses to provide when using the Services, including job titles and social media links. |
| Information collected from cookies and similar technologies | We use cookies and other similar technologies, as further detailed in our in our Cookie Policy, to collect information that helps us provide certain features and functions of Stack Internal. We use this information for various reasons, including to improve the quality of our services, improve user experience, and help Stack Internal customers understand their engagement with the platform. |
| Support and diagnostic data | In response to support requests, we may also collect/review data about your instance in order to diagnose, troubleshoot, and/or resolve the issue(s). In any such scenario, we will only collect the minimum amount of information required to troubleshoot and resolve your issue(s). Additional diagnostic information may be collected/processed in order to ensure the health of the Services being provided. |
Other information, such as active user counts, total questions asked and answered, error counts, and other aggregated data which at no time reveals any private, protected, or personal information contained within your instance, may be collected or generated (e.g., for Stack Internal health and/or reporting purposes).
What We Use Personal Information For
We will use certain personal information for the following purposes:
- Contacting you (e.g., for an Stack Internal sales purpose, as required under the applicable agreement terms for any reason, in response to a support ticket, notice of an updated policy or terms, etc.).
- Note that this includes marketing emails from us, but only where we have received consent to provide such emails.
- Provisioning of the services (e.g., setting up your account, logging you in, providing the service, etc.).
- Providing you with reporting and metrics relative to your engagement with the platform.
- Billing and invoice management and payment processing.
- Compliance with a legal, contractual, or regulatory obligation.
We may additionally use certain personal information where it is in our legitimate interests, including our commercial interests or a third party’s legitimate interest in using the personal information. Examples include, but are not limited to, when we carry out analysis to understand how our products are used and how we can improve them.
Whenever we rely on legitimate interests for processing, we ensure that we consider and balance our interests against the individual’s interests before processing. We do not process personal information on the basis of legitimate interest for activities where an individuals’ interests override Stack’s interests.
Who We Share Personal Information With
When using Stack Internal, certain information may be shared with authorized users of your Stack Internal instance, such as name and role/title. However, much of this data and applicable settings are within control of your company’s admins and/or users, and can be modified, updated, and/or restricted.
Additionally, we may employ third party companies and individuals (a.k.a., third-party service providers, sub-processors, etc.) to facilitate certain features and functions of the Stack Internal service, such as to host the service, to provide support services, or to assist us in analyzing how the Stack Internal service is being used (e.g., to improve the quality of our services, to provide reporting, etc.).
As provided in the Stack Overflow Internal sub-processor list, the listed third parties only have access to personal information to perform the associated tasks on our behalf and are obligated not to disclose or use it for any other purpose. To ensure this, we have entered into appropriate agreements with those third-party providers to ensure that personal information is legally and securely transferred to and processed in accordance with applicable data protection laws and governing agreements.