Perforce Privacy Policy
Last revised: July 6, 2026
Effective date: July 6, 2026
We, Perforce Software, Inc., a Delaware corporation, along with our subsidiaries and affiliates, including, Akana, Inc., Delphix Corp., Gliffy, Inc., Perfecto Mobile Inc., Perforce Software OÜ, Programming Research Limited, Puppet, Inc., Rogue Wave Software, Inc., and Zend Technologies USA, Inc. (collectively “Perforce,” “we,” “us,” or “our”), are committed to protecting the privacy and security of personal information and to transparency in how we collect and use information that relates to an identified or identifiable person. We refer to this kind of information as “personal information,” but in many jurisdictions, it is referred to as “personal data.” This privacy statement (the “Privacy Statement”) sets forth Perforce’s policies and practices for collecting and using personal information, including through our website, other online services, attendance at our events, or any other service or activity that links to this Privacy Statement (collectively, the “Services”).
This Privacy Statement explains how we process personal information for which we are the controller, or put another way, the personal information for which we determine the purposes and means of processing. It also discusses how you can control certain uses and disclosures of your personal information.
We will update this Privacy Statement periodically, or as our privacy practices change, to ensure it accurately describes how we use your information. When we do so, we will update the dates above. We recommend that you review this Privacy Statement periodically for the latest information. If we change our practices in a material way, we will provide appropriate notice to you, usually through an e-mail message or through a notification within our Services.
This Privacy Statement does not address our use of personal information outside the context of these Services, and this Privacy Statement does not address our use of personal information in the context of employees, former employees, and applicants for employment. For information about our processing of personal information in the employment context, please consult our Perforce HR Privacy Notice. In addition, this Privacy Statement does not address our processing of personal information on behalf of our customers. Please direct any questions or inquiries about our customers’ processing of personal information directly to those customers.
If you have any questions about this Privacy Statement or our use of your information, please contact us using one of the methods detailed below in Section 3.
Back to top1. How we use and share personal information
We limit the collection and processing of personal information to that information which we need for our business purposes, as explained in the following table and the text that follows it.
| Categories of individuals | Categories of personal information | Purposes | Methods of collection | Categories of third-party recipients (see below) |
| Users of any of our website or online Services (“Users”) * |
|
|
|
|
| Users who create an account for logging into the password-protected components of the Services |
|
|
|
|
| Newsletter and mailing list subscribers |
|
|
|
|
| Users of chat bot for customer, sales, and technical support |
|
|
|
|
| Users who express interest in being contacted about our products and services |
|
|
|
|
| Users who make service requests |
|
|
|
|
| Users who make online purchases or other payments |
|
|
|
|
| Users of our support forums |
|
|
|
|
| Individuals who send us feedback, testimonials, or other correspondence |
|
|
|
|
| Individuals who we identify as prospective customers who are located in geographies where Perforce does not have a presence |
|
|
|
|
| Users of Perforce products and services that collect usage telemetry ("Usage Data") |
|
|
|
|
Categories marked with an asterisk (*) in the table above are categories of personal information which we may sell or share for network advertising purposes. More information about your rights to opt-out of such processing is set forth in Section 2, below.
In the above table, the term “Service analysis, security, and administration,” includes the following:
- To facilitate account management. Perforce processes your information so you can create, use, and manage your account.
- For information security. Perforce process personal information to protect the confidentiality, integrity, and availability of the Services and the data available through the Services.
- To deliver and facilitate delivery of Services to Users. Perforce processes your information to provide you with the requested Services.
- To respond to user inquiries/offer support to Users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested Services.
- To send administrative information to Users. We may process your information to send you information about the Services or our programs, changes to our terms and policies, and other similar information.
- To evaluate and improve our Services, products, marketing, and your experience. Perforce may process your information to identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our Services, products, marketing, and your experience. Perforce may also process your information in connection with the training of our personnel.
- To comply with our legal obligations. Perforce may process your information to comply with our legal obligations, to respond to legal requests, and to exercise, establish, or defend our legal rights.
Please be aware that we use tracking technologies that share information with third parties for analytics purposes, as described in the table above. We also share information provided to us via our support chatbot with our chatbot technology partner, as described in the table above.
A. Disclosure and sharing
In addition to the sharing with the third parties listed in the table above, we may also share your personal information with:
- Affiliates. We may share your information with other companies under common ownership or control with us.
- Service providers. We share your personal information with third parties that provide services to us. We engage these kinds of third parties with contracts that require them to use your personal information only for the purpose of delivering the services for which we have engaged such third party and as required by law. These kinds of third parties provide business, professional, administrative, or technical support functions for us, such as payment processing, billing, data storage, quality assurance, and marketing. See Perforce's Subprocessor List showing the subprocessors Perforce uses to process personal information and data as defined in this Privacy Statement.
- Legal compliance recipients. We disclose personal information to the courts, the government, law enforcement agencies, litigants, and similar recipients when required by law, to comply with our legal obligations, or to advance or defend legal claims.
- Successors. We may disclose personal information associated with a part of our business to a buyer, potential buyer, or other successor to our business.
We also may disclose personal information with third parties with your prior consent or at your direction.
Because there is no consensus on how to process a web browser’s “do not track” signal, we do not currently take any action in response to it. However, we honor the Global Privacy Control signal and other universal opt-out mechanisms.
B.Security, quality, and retention of personal information
We use reasonable administrative, technical, and physical safeguards to protect personal information in our possession from misuse, interference, loss, unauthorized access, unauthorized modification, or unauthorized disclosure. While we make every reasonable effort to help ensure the integrity and security of our network and systems, please be aware that no data storage system or transmission of data over the internet or any other public network can be guaranteed to be completely secure, accurate, complete, or current.
We also take reasonable steps so that the personal information we collect is sufficiently accurate, up-to-date, and complete for the purposes for which we process or disclose the personal information.
We retain personal information for as long as is necessary for the purposes for which we use it, or for so long as required by law. What is necessary depends on the context and purpose of processing. We consider the following factors when we determine how long to retain personal information:
- retention periods established under applicable law;
- industry best practices;
- whether the purpose of processing is reasonably likely to justify further processing;
- risks to individual privacy in continued processing;
- applicable data protection impact assessment;
- information systems design considerations/limitations; and
- the costs associated with continued processing, retention, and deletion.
With respect to information we process on prospective customers, we retain such information twelve (12) months after our last communication with you, unless you request otherwise.
With respect to Usage Data, Perforce retains raw Usage Data, including installation identifiers, for a maximum of eighteen (18) months, after which such data is aggregated and installation identifiers are removed.
C. Cross-border Transfers
We are a global business and process personal information in the United States and in other countries where Perforce, along with our subsidiaries and affiliates, and our service providers operate. The countries in which your personal information is processed may have data protection laws that differ from those in your country of residence.
When we transfer personal information across borders, including to Perforce subsidiaries and affiliates within our corporate group and to our service providers, we take steps designed to ensure that the personal information continues to receive an adequate level of protection consistent with applicable law. Transfers among Perforce subsidiaries and affiliates are governed by our Intra-Group Data Transfer Agreement, under which each Perforce entity is bound to maintain appropriate safeguards for the personal information it transfers and receives. The specific safeguard we rely on for a given transfer depends on the originating jurisdiction and the recipient:
- where we transfer personal information from the European Economic Area ("EEA") to a country that is not the subject of an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914), as incorporated into our Intra-Group Data Transfer Agreement;
- where we transfer personal information from the United Kingdom ("UK") to a country that is not covered by UK adequacy regulations, we rely on the International Data Transfer Addendum to the European Union ("EU") Standard Contractual Clauses issued by the UK Information Commissioner, as incorporated into our Intra-Group Data Transfer Agreement;
- where we transfer personal information from Australia, we take reasonable steps to ensure that overseas recipients handle your personal information in a manner consistent with the Australian Privacy Principles; and
- for transfers between Perforce subsidiaries and affiliates that are not addressed by the mechanisms above, we rely on the safeguards set out in our Intra-Group Data Transfer Agreement, under which the receiving subsidiary or affiliate commits to standards of protection no less protective than those described in this Section 1C.
Where a transfer is made to a country, territory, or recipient that is the subject of an adequacy decision or adequacy regulations under applicable law, Perforce may rely on that decision or those regulations as the basis for the transfer.
You may request a copy of the safeguards we use to protect your personal information when it is transferred across borders, including a copy of the relevant Standard Contractual Clauses or the relevant module of our Intra-Group Data Transfer Agreement, by contacting us using the details in Section 3, below. To protect business secrets, other confidential information, and the personal information of others, we may redact portions of these documents before providing them.
D. Children’s privacy
We are very concerned about the safety of children using the Internet. Our products and our Services, including our website, are primarily intended for businesses rather than individual consumers. Accordingly, we do not knowingly collect any personal information from those under the age of thirteen (13). If we discover (or are informed) that we have collected personal information from a visitor under the age of thirteen (13), we will promptly delete such information.
E. Cookies
Our Services use third party cookies. For more information about cookies, how we use them, and how you can exercise control over the use of cookies in connection with your devices, please consult our Cookies Policy. Certain Perforce products also use first-party cookies and local storage in connection with in-product analytics, as described in Section 1G, below.
F. Automated Decision-Making and Profiling
We use automated tools to support certain business functions, including:
- Behavioral advertising and audience segmentation: We use automated profiling based on your browsing activity, device information, and inferred interests to deliver targeted advertisements and personalize content on our website and through third-party advertising networks.
- Lead evaluation: We may use automated tools to assess the relevance of inquiries received through our website to help prioritize sales follow-up.
- Security and fraud prevention: We use automated systems to detect and block suspicious or unauthorized access to our Services.
- Chatbot-assisted support: We use automated chatbot technology to assist with initial customer, sales, and technical support interactions.
These automated processes do not produce decisions that have legal effects on you or similarly significant consequences. A human is involved in any decision that could materially affect your rights or access to our products and services.
You may have the right to opt out of profiling used for targeted advertising. To exercise this right, visit our Privacy Request Center or submit a request using the contact information in Section 3 of this Privacy Statement. We also honor the Global Privacy Control signal and other universal opt-out mechanisms for targeted advertising purposes.
G. In-Product Analytics
Certain Perforce products, including Perfecto, BlazeMeter, Puppet, and Gliffy, incorporate in-product analytics technology provided by Pendo.io, Inc. ("Pendo"), a third-party service provider. Perforce uses Pendo to understand how users interact with these products, measure feature engagement, identify areas for
improvement, and deliver in-application guidance. Pendo processes personal information on our behalf and in accordance with our instructions, acting as a service provider under applicable law.
Information collected through Pendo. When you use a Perforce product that incorporates Pendo, the following categories of information may be collected automatically:
- Device and environment information, including operating system type and version, browser type and version, screen resolution, device type, and language settings;
- Usage and activity information, including pages or screens viewed, time spent on pages or screens, navigation paths, interactions with product features (such as clicks on buttons, links, and other interface elements), and access times and session duration;
- Network information, including IP address and general (non-precise) location information derived from IP address, such as city, state, or geographic area; and
- Unique identifiers, including a visitor identifier assigned to your account for the purpose of associating usage data with your product session.
Pendo does not collect text entered by users into form fields unless we have specifically configured such collection. The information collected through Pendo is not used for behavioral advertising or sold to third parties.
How Pendo collects information. Pendo collects information through a software agent embedded in the applicable Perforce product. Pendo uses first-party cookies and browser local storage to maintain session information. Pendo does not use third-party cookies. For more information about how cookies are used across our Services, please consult our Cookies Policy.
Purposes of collection. Perforce uses the information collected through Pendo for the following purposes:
- To evaluate and improve the functionality, performance, and usability of our products;
- To understand product usage patterns and feature adoption;
- To deliver in-application messages, guides, and onboarding content;
- To diagnose technical issues and support product development; and
- For service analysis, security, and administration, as described in Section 1, above.
Pendo as a Service Provider. Pendo processes personal information collected through our products solely on our behalf and in accordance with our instructions. Pendo does not independently determine the purposes or means of processing. Pendo is contractually required to use the personal information it processes on our behalf only for the purpose of delivering the services for which we have engaged it, consistent with our obligations described in Section 1A of this Privacy Statement. Pendo is certified under the EU-U.S. Data Privacy Framework and maintains SOC 2 Type II certification. For information about Pendo's sub-processors, please visit https://trust.pendo.io/subprocessors.
Your Choices. If you wish to opt out of in-product analytics data collection through Pendo, please contact us using the methods described in Section 3, below. Upon receiving a verified request, we will configure your account so that Pendo no longer collects or processes data associated with your use of the applicable product. Please note that opting out of in-product analytics may limit certain product features, such as in-application guides and contextual help. Your rights with respect to personal information collected through Pendo are the same as those described in Section 2 of this Privacy Statement, including the right to access, correct, and delete your personal information.
H. Product Telemetry (Usage Data)
Certain Perforce products collect Usage Data (the usage telemetry described in the table in Section 1, above) to help Perforce monitor performance, identify defects, improve product functionality, and inform development decisions. Perforce designs its collection of Usage Data to minimize the collection of personal information and, where feasible, to pseudonymize the data collected. Usage Data may nonetheless include information that constitutes personal information under applicable law, such as a randomly generated installation identifier or other online identifiers. We do not treat Usage Data that includes such identifiers as anonymous.
The specific categories of Usage Data collected vary by product and may include, without limitation, device and system information, software version and configuration data, feature usage patterns, performance metrics, error classifications, and randomly generated installation identifiers. Details about the Usage Data collected by a specific product, and any product-specific exclusions or limitations, are provided in the applicable product documentation or terms of use.
Consent for on-device storage and access. Where required by applicable law, including the ePrivacy Directive as implemented in the EEA and the Privacy and Electronic Communications Regulations in the UK, we will obtain your consent before storing information on, or accessing information already stored on, your device to collect Usage Data that is not strictly necessary to provide a product or service you have requested. Usage Data that is strictly necessary to deliver the functionality you have requested may be collected without consent.
Lawful basis and your right to object. Where we process Usage Data that includes personal information in reliance on our legitimate interests, you have the right to object to that processing at any time on grounds relating to your situation. Where we are required to obtain your consent, you may withdraw that consent at any time. Upon receipt of a valid objection or withdrawal of consent, we will cease processing the relevant Usage Data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
Your Choices. Where the applicable product documentation provides an opt-out mechanism, you may disable the collection of Usage Data by following the instructions in that documentation. Regardless of whether a product provides an opt-out mechanism, you may exercise your right to object or to withdraw consent, and you may exercise your other rights with respect to Usage Data, by contacting us using the methods described in Section 3, below. Your rights with respect to Usage Data are the same as those described in Section 2 of this Privacy Statement, including the right to access, correct, and delete your personal information.
Perforce may use and disclose aggregated, de-identified, or anonymized Usage Data, from which you can no longer reasonably be identified, for any lawful purpose. Where we describe data as anonymized, we mean data that has been processed so that it can no longer be attributed to an identified or identifiable person without the use of additional information.
I.Artificial Intelligence and Machine Learning
We do not use personal information collected through our products and services, including Usage Data, to train or develop our own artificial intelligence or machine learning models. This commitment applies to Perforce's development of proprietary AI and machine learning models and does not limit our use of third-party AI services or tools (such as large language models provided by third-party vendors) as part of our internal operations or product delivery, where such use is governed by our agreements with those vendors and this Privacy Statement's general disclosure framework. Where we use machine learning or similar automated techniques to operate, secure, analyze, and improve our products and services, including the limited automated tools described in the Automated Decision-Making and Profiling section, Perforce does so only for the purposes described in this Privacy Statement, and where we require data to build, evaluate, or improve such techniques, Perforce uses aggregated, de-identified, or anonymized data. Where Perforce uses third-party AI services to process personal information in connection with our operations or products, we do so as described in Section 1A of this Privacy Statement, and any such third-party providers are engaged under contracts that restrict their use of personal information consistent with this Privacy Statement. We will not use your personal information to train or develop artificial intelligence or machine learning models, or for any other artificial intelligence or machine learning purpose that is materially different from, or incompatible with, the purposes described in this Privacy Statement, without first providing you with notice and, where required by applicable law, obtaining your consent.
Back to top2. Your Privacy Rights
This Section 2 provides information on the rights you have with respect to your personal information as well as privacy-related information that is required to be provided to individuals in certain legal jurisdictions. Subsection A is for all users of the Services. Subsection B is for users who reside in the UK, EU, or EEA. Subsection C is for users who reside in the state of California, and Subsection D is for users residing in certain other US states.
A. For all users
Depending on the laws of the jurisdiction where you live and their applicability to us, you may have certain rights regarding your personal information. (Residents of California, other US States, the UK, or the EEA should also refer to the relevant parts of Section 2, below, for information specific to those jurisdictions.) To request to exercise your rights, please submit a request by contacting us through any of the means outlined in Section 3, at the bottom of this Privacy Statement.
Your rights may include the following:
- the right to confirm whether we process your personal information and to access a copy (from which we may, for security purposes, exclude certain personal information), including a copy that is in a portable data format, and for such access to be provided in a reasonable, practicable, and cost-effective way;
- the right to the correction of inaccurate or incomplete personal information;
- the right to the deletion of your personal information;
- the right to appeal the action we take in response to any request to exercise these rights;
- the right to learn how we obtained your personal information and how we have disclosed it;
- the right to opt-out of the use of personal information for targeted advertising, personal information sales, or profiling resulting in significant consequences;
- the right to be free of discrimination based on your exercise of your privacy rights;
- the right to attach a statement to your personal information if we decline to make a correction you request;
- the right to ask us to note a dispute about your personal information and to advise third parties where appropriate; and
- the right to opt-out of certain uses of your sensitive personal information.
Only you, or someone legally authorized to act on your behalf, may make a request to exercise rights related to your personal information. We will verify that any requests from persons other than you have your legal authorization. You may also make a request on behalf of your child.
Your request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or a legally authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We will respond to your request in accordance with the timelines set forth in applicable law.
You may also appeal the decision we make on your request by using the contact information below. When you contact us to appeal, please tell us why you believe we erred in responding to your request. We will respond to your appeal in accordance with the timelines set forth in applicable law. We do not discriminate against any person based on their requests to exercise their legal rights.
B. Your privacy rights - for residents of the UK, EU, or EE
This Section 2B of the privacy notice is for residents of the UK, EU, and the EEA, and applies solely to such individuals.
- Access/Data Export. You may have a right to access the personal data we process and to request it in a common portable format of our choice.
- Rectification. You may request that we correct any personal data that you believe is inaccurate.
- Deletion. You may request that we delete your personal data. We may delete your data entirely, or we may anonymize or aggregate your information so that it no longer reasonably identifies you.
- Restriction of Further Processing. You may request that we restrict the processing of personal data under certain circumstances. For example, you may make this request if you object to our use of your personal data for particular legitimate business interests.
- Objection. You may have the right under applicable law to object to any processing of personal data based on our legitimate interests. We may not be required to cease or limit processing based solely on that objection, and we may continue processing where our interests in processing are appropriately balanced against individuals’ privacy interests. You also have the right to lodge a complaint with a supervisory authority. In addition to the general objection right, you may have the right to object to processing:
- for profiling purposes;
- for direct marketing purposes (we will cease processing upon your objection); and
- involving automated decision-making with legal or similarly significant effects (if any).
- for profiling purposes;
We process personal data in compliance with the UK General Data Protection Regulation ("UK GDPR") and the European Union General Data Protection Regulation ("EU GDPR"). Our personal data processing typically falls under these lawful bases
- Contractual Necessity: We process personal data when necessary to fulfill our contractual duties to you, in accordance with our Terms of Service.
- Legal Obligation. We process personal data to comply with applicable laws or to protect our rights, safety, and property or those of our affiliates, users, or third parties.
- Legitimate Interests. We process personal data for purposes that are in our legitimate interests, such as securing our Services, communicating with you, improving our Services, and collecting Usage Data to inform product development. This is done only when these interests are not overridden by your data protection rights or your fundamental rights and freedoms.
- Consent. We process personal data when you have explicitly consented to such processing. If our processing of your personal data is based on your consent, you may withdraw your consent by contacting us using the information below. If we lack any other lawful basis to process your personal data, we will delete the personal data.
If you are dissatisfied with the decision we make on your request, you may appeal the decision by using the contact information below. If you contact us to appeal, please tell us why you believe we erred in responding to your request. We will respond to your appeal in accordance with the timelines set forth in applicable law. You also have the right to lodge a complaint with a supervisory authority.
Complaints — UK. If you are in the UK and you believe that our processing of your personal data infringes the UK GDPR or the Data Protection Act 2018, you have the right to complain to us directly before contacting a supervisory authority. You may submit a complaint to us by e-mail to [email protected], through the contact form available at Perforce’s Privacy Request Center, or by postal mail to the address set out in Section 3, marked for the attention of the Legal Department. To help us investigate efficiently, please describe the nature of your concern, the personal data involved, and the outcome you are seeking, and provide sufficient information for us to verify your identity. We will acknowledge your complaint within thirty (30) days of receipt, investigate it without undue delay, keep you informed of our progress, and notify you of the outcome together with our reasons. Exercising this right does not affect your right to lodge a complaint with a supervisory authority; in the UK, that authority is the Information Commissioner’s Office. We would, however, appreciate the opportunity to address your concerns first.
C. Your Privacy Rights - for California residents
If you are a California resident, you may have certain rights as a consumer regarding your personal information conferred under Cal. Civ. Code § 1798.100, et seq., known as the California Consumer Privacy Act.
- Collection of personal information
The following table shows the categories of personal information we have collected in the last twelve months.
| Category | Collected |
| A. Identifiers. | Yes |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | Yes |
| C. Protected classification characteristics under California or federal law. | No |
| D. Commercial information. | Yes |
| E. Biometric information. | No |
| F. Internet or other similar network activity. | Yes (which includes in-product analytics and Usage Data) |
| G. Geolocation data. | Yes |
| H. Sensory data. | No |
| I. Professional or employment-related information. | No |
| J. Non-public education information | No |
| K. Inferences drawn from other personal information. | Yes |
Collection of sensitive personal information
We have not collected sensitive personal information in connection with the Services in the last twelve months.
Disclosure of personal information
In the past twelve (12) months, in connection with the Services, we have sold or shared information for cross-contextual behavioral advertising purposes with the categories of third parties described in the table below.
| Category | If sold or shared, Categories of Recipients | Disclosed for a Business Purpose |
| A. Identifiers. | Third-party analytics providers and network advertisers | Service providers |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | Third-party analytics providers and network advertisers | Service providers |
| C. Protected classification characteristics under California or federal law. | Not sold or shared | No |
| D. Commercial information. | Not sold or shared | Service providers |
| E. Biometric information. | Not sold or shared | No |
| F. Internet or other similar network activity. | Third-party analytics providers and network advertisers | Service providers |
| G. Geolocation data. | Not sold or shared | Service providers |
| H. Sensory data. | Not sold or shared | No |
| I. Professional or employment-related information. | Not sold or shared | No |
| J. Non-public education information | Not sold or shared | No |
| K. Inferences drawn from other personal information. | Not sold or shared | Service providers |
Please refer to Section 1A, above, for more information on our privacy practices with regard to service providers.
Your California rights
If you are a California resident, California law permits you to request that we disclose certain information about our collection and use of your personal information including:
- the “right to know,” meaning the right to request any of the following:
- the specific pieces of personal information we collected about you;
- the categories of personal information we collected;
- the categories of sources used to collect the personal information;
- the business or commercial purposes for collecting your personal information; and
- the categories of third parties with whom we have shared your personal information
- the right to request deletion of your personal information that we collected;
- the right to have someone you authorize make a request on your behalf;
- the right to opt-out of “sale” or sharing of personal information for cross-contextual behavioral advertising purposes;
- the right to make a request for the correction of errors or inaccuracies in your personal information;
- the right to restrict the processing of sensitive personal information; and
- the right not to be discriminated against for exercising any of these rights.
Opting out of the sale or sharing of personal information
If you are a California resident, you have the right to direct us to not sell or share your personal information (the “right to opt-out”). To exercise the right to opt-out, you (or your authorized representative) may visit Perforce’s Privacy Request Center.
You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to comply with the request.
Exercising your other California rights
To exercise your other rights, including your rights to know (or for data portability), to deletion, or correction described above, please submit a request by contacting us through any of the means outlined in Section 3, below.
Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. We will verify that any requests from persons other than you have your legal authorization. You may also make a request on behalf of your child.
Your request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Restricting our use of sensitive personal information
Although you have the right to request that we restrict our processing of sensitive personal information to only that which is necessary to deliver our products and services to you, please note that we do not engage any processing of sensitive personal information in excess of that which is necessary to deliver our products and services to you. If you have any questions or requests relating to this topic, please contact us at the information provided in Section 3 below.
Disclosures for direct marketing
California’s “Shine the Light” law, Cal. Civ. Code § 1798.83, entitles California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not presently make any such disclosures. Any other inquiries regarding personal information sharing with third parties may be directed to us at the contact information set forth in Section 3, below.
D. Your Privacy Rights – For Residents of other US States
In addition to the rights described in Section 2A (which applies to all users) and Section 2C (which applies to California residents), residents of certain other US states may have specific rights under their state's comprehensive privacy law. The following information contained in this Section 2D is a non-exhaustive list of state privacy laws that may apply to you depending on your state of residence:
- Minnesota: Under the Minnesota Consumer Data Privacy Act, consumers have the right to question the result of a profiling decision and to be informed of the reason that the profiling resulted in a specific decision
- Connecticut: The Connecticut Data Privacy Act's applicability threshold is lowered from 100,000 to 35,000 consumers. Connecticut residents who process sensitive data (as defined under the Connecticut Data Privacy Act) or whose personal data is offered for sale may be covered by the law regardless of any numerical threshold.
- Colorado: The Colorado Privacy Act's right-to-cure provision expired on January 1, 2025. Colorado residents may submit privacy requests through the methods described in Section 2A above.
State-specific notes. Certain US state laws impose requirements that differ from the general framework described above. To the extent applicable to our processing activities, we note the following:
- Universal Opt-Out Mechanisms. As described in Section 1 of this Privacy Statement, we honor the Global Privacy Control signal and other universal opt-out mechanisms recognized under applicable US state laws, including the laws of California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, New Hampshire, New Jersey, Oregon, and Texas.
- Authorized Agents and Appeals. You may designate an authorized agent to submit a request on your behalf, subject to our verification of both your identity and the agent's authority. If we decline to take action on your request, you may appeal that decision by contacting us using the information in Section 3 of this Privacy Statement. When you contact us to appeal, please tell us why you believe we erred. We will respond to your appeal within the timeframe required by applicable state law. If your appeal is denied, we will provide you with information on how to contact your state's attorney general or other applicable regulatory authority to submit a complaint.
- How to Exercise your Rights. To exercise any of these rights, please submit a request through Perforce's Privacy Request Center or contact us using the methods described in Section 3 of this Privacy Statement. We will respond to your request within the timeframe required by applicable state law.
- Rights under Applicable US State Laws. Under applicable state law, you may have the right to confirm whether we process your personal data; access a copy of your personal data in a portable format; correct inaccuracies in your personal data; request the deletion of your personal data; opt out of the processing of your personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects; and appeal a decision we make regarding a request to exercise your rights. The rights set forth in Section 2A of this Privacy Statement are designed to encompass and satisfy these state-specific rights.
3. Contacting us
When you contact us, please let us know which Perforce company your request pertains to.
To make a request to opt out of sales of your personal information or to the sharing of your personal information for network advertising purposes, you may access Perforce’s Privacy Request Center.
To make a request to know what personal information we have about you, for a copy of such information, or for the deletion of such information, you may access Perforce’s Privacy Request Center, or email us at [email protected].
To request to exercise your other rights or for other privacy-related inquiries, comments, or concerns, please contact us at:
- By e-mail: [email protected]
- By phone: +1 (855) 584-2870
By postal mail at:
Perforce Software, Inc.
Attention: Privacy Request – Legal Department
400 First Avenue North, Suite 400
Minneapolis, Minnesota 55401
USA
Jurisdiction-Specific Contacts
Depending on where you are located, you may contact one of the following in addition to the general contacts set out above. When you contact us, please let us know which Perforce company your request pertains to.
- Singapore. Our Data Protection Officer for the purposes of the Personal Data Protection Act 2012 may be contacted by e-mail at [email protected], or by postal mail at Mr. Nipun Arora, InCorp Global Pte. Ltd., 36 Robinson Road, #20-01 City House, Singapore 068877.
- European Economic Area. Our EU representative for the purposes of the General Data Protection Regulation is Perforce Software OÜ, which may be contacted by e-mail at [email protected], or by postal mail at Perforce Software OÜ, Attention: Privacy Request – Legal Department, Harju maakond, Tallinn, Kesklinna linnaosa, Roosikrantsi tn 11, 10119.
- United Kingdom. Our UK representative for the purposes of the UK GDPR is Programming Research Limited, which may be contacted by e-mail at [email protected], or by postal mail at Programming Research Limited, Attention: Privacy Request – Legal Department, The Capitol Building Second Floor, Suite 3 Oldbury, Bracknell, United Kingdom, RG12 8FZ.
4. COUNTRY ANNEXES
These annexes supplement, and form part of, this Privacy Statement. They apply in addition to the body of the Privacy Statement. Where an annex conflicts with the body of the Privacy Statement, the annex prevails for individuals located in the relevant jurisdiction. Defined terms used but not defined in an annex have the meanings given in this Privacy Statement.
Annex A India
Scope and application. This Annex A applies to the processing of digital personal data to which the Digital Personal Data Protection Act, 2023 and the rules made under it (together, the “DPDP Act”) apply, including where we process such data in connection with offering goods or services to individuals (“Data Principals”) within India. For the processing described in this Privacy Statement, Perforce acts as a Data Fiduciary, meaning that we determine the purpose and means of processing your personal data. This Annex A does not apply to personal data that we process on behalf of our customers, or to personal data processed in the employment context, each of which is addressed elsewhere
Notice. We provide notice of the categories of personal data we collect, the purposes for which we process it, the manner in which you may exercise your rights, and the manner in which you may make a complaint to the Data Protection Board of India (the “Board”). This Privacy Statement, together with this Annex A, constitutes that notice. On request, we will make this notice available in English and in any language specified in the Eighth Schedule to the Constitution of India.
Lawful basis and consent. Where we rely on your consent to process your personal data, that consent is limited to the personal data necessary for the specified purpose, and you may withdraw it at any time. The consequences of withdrawing consent will be borne by you, and withdrawal does not affect the lawfulness of processing carried out before withdrawal. You may withdraw consent, or exercise any of the rights described in this Annex A, by contacting our Grievance Officer using the general contacts in Section 3 of this Privacy Statement. We will make the withdrawal of consent as easy as the giving of consent. Where permitted under the DPDP Act, we may process your personal data for certain legitimate uses without consent, including where you have voluntarily provided your personal data for a specified purpose and have not indicated that you do not consent.
Your rights as a Data Principal. Subject to the DPDP Act, you have the right to: obtain a summary of the personal data we process about you and the processing activities undertaken; obtain the identities of other Data Fiduciaries and Data Processors with whom your personal data has been shared, together with a description of the personal data shared; request the correction, completion, updating, or erasure of your personal data; nominate another individual to exercise your rights under the DPDP Act in the event of your death or incapacity; and have your grievances readily addressed through the mechanism described below. Only you, or a person lawfully authorized to act on your behalf, may make a request to exercise these rights. We will verify any request made by a person other than you.
Children’s data. We do not knowingly process the personal data of children except in accordance with the DPDP Act. Where we process the personal data of a child or a person with a disability who has a lawful guardian, we will obtain verifiable consent from the parent or lawful guardian before such processing. We will not undertake processing that is likely to cause any detrimental effect on the well-being of a child, and we will not undertake tracking, behavioral monitoring, or targeted advertising directed at children.
Data breach notification. In the event of a personal data breach, we will give intimation to the Board and to each affected Data Principal in the manner and within the timeframes prescribed under the DPDP Act.
Grievance redressal and the Data Protection Board. You may raise any grievance regarding our processing of your personal data you may make a complaint to us using the details in Section 3 of this Privacy Statement. We will respond to grievances within the period prescribed under the DPDP Act. Where you are dissatisfied with our response, or where we fail to respond within the prescribed period, you may make a complaint to the Board.
Annex B Australia
Scope and application. This Annex B applies to the handling of personal information that is subject to the Privacy Act 1988 (Cth) (the “Privacy Act”) and the Australian Privacy Principles (the “APPs”). For the processing described in this Privacy Statement, Perforce is the relevant APP entity that handles your personal information.
Open and transparent management (APP 1). We manage personal information in an open and transparent way. This Privacy Statement, together with this Annex B, describes the kinds of personal information we collect and hold, how we collect and hold it, the purposes for which we collect, hold, use, and disclose it, and how you may access and seek correction of it. This Privacy Statement and this Annex B are available free of charge, and we will provide a copy in an alternative form on reasonable request.
Collection and use (APP 3, APP 5, and APP 6). We collect personal information by lawful and fair means and only where it is reasonably necessary for our functions or activities, as described in Section 1 of this Privacy Statement. At or before the time we collect personal information from you (or as soon as practicable afterwards), we take reasonable steps to notify you of the matters required by APP 5, including the purposes of collection and the consequences if personal information is not collected. We use and disclose personal information only for the purposes for which it was collected, for a related secondary purpose you would reasonably expect, or as otherwise permitted under the Privacy Act.
Direct marketing (APP 7). Where we use or disclose your personal information for direct marketing, we provide a simple means by which you may request not to receive direct marketing communications, and we will give effect to any such request. On request, we will notify you of the source from which we collected your personal information used for direct marketing, unless it is unreasonable or impracticable to do so.
Overseas disclosure (APP 8). We may disclose your personal information to overseas recipients, including Perforce subsidiaries and affiliates and service providers. The countries in which such recipients are likely to be located include the United States, UK, Israel, India, Estonia, and Singapore. Before disclosing personal information overseas, we take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information, including by relying on the safeguards described in Section 1C of this Privacy Statement and our Intra-Group Data Transfer Agreement.
Access and correction (APP 12 and APP 13). You may request access to, and correction of, the personal information we hold about you by contacting us using the details in Section 3 of this Privacy Statement. We will respond to a request for access within a reasonable period and will give access in the manner requested where it is reasonable and practicable to do so. Where we decline access or correction, we will give you written reasons and information about how to complain, except to the extent it would be unreasonable to do so.
Automated decision-making (APP 1.7). With effect from 10 December 2026, this clause describes our use of computer programs to make, or to substantially and directly assist in making, decisions that could reasonably be expected to significantly affect your rights or interests. The kinds of personal information used in such decisions, and the kinds of decisions made, are described in Section 1F of this Privacy Statement. A human is involved in any decision that could materially affect your rights or access to our products and services.
Notifiable data breaches. Where a data breach is likely to result in serious harm to one or more individuals and we are unable to prevent that likely harm with remedial action, we will notify the affected individuals and the Office of the Australian Information Commissioner (the “OAIC”) in accordance with the Notifiable Data Breaches scheme under the Privacy Act.
Complaints. If you believe we have breached the APPs, you may make a complaint to us using the details in Section 3 of this Privacy Statement. We will acknowledge your complaint, investigate it, and notify you of the outcome within a reasonable period. If you are not satisfied with our response, you may complain to the OAIC.
Annex C Singapore
Scope and application. This Annex C applies to the handling of personal data that is subject to the Personal Data Protection Act 2012 (the “PDPA”). For the processing described in this Privacy Statement, Perforce is the relevant organization under the PDPA.
Data Protection Officer. We have designated a Data Protection Officer responsible for ensuring our compliance with the PDPA. The business contact information of our Data Protection Officer is set out in Section 3 of this Privacy Statement (Jurisdiction-specific contacts).
Notification and consent. We notify you of the purposes for which we collect, use, and disclose your personal data at or before the time of collection, and we collect, use, and disclose personal data only for purposes that a reasonable person would consider appropriate in the circumstances and for which you have given, or are deemed to have given, consent. You may withdraw your consent on reasonable notice, subject to legal or contractual restrictions; we will inform you of the likely consequences of withdrawal.
Access and correction. You may request access to, and correction of, the personal data we hold about you by contacting us using the details in Section 3 of this Privacy Statement, subject to the exceptions allowed under the PDPA.
Transfer limitation. Where we transfer personal data outside Singapore, we take steps designed to ensure that the recipient provides a standard of protection comparable to that under the PDPA, including through the safeguards described in Section 1C of this Privacy Statement and our Intra-Group Data Transfer Agreement.
Data breach notification. Where a data breach is likely to result in significant harm to affected individuals or is of a significant scale, we will notify the Personal Data Protection Commission (the “PDPC”) as soon as practicable, and in any event within three (3) calendar days after determining that the breach is notifiable, and will notify affected individuals where required.
Do Not Call. Where we send marketing messages to a Singapore telephone number, we will follow the Do Not Call provisions of the PDPA.
Contact and complaints. You may contact our Data Protection Officer using the details in Section 3 of this Privacy Statement. If you are not satisfied with our response, you may complain to the PDPC.
Annex D Brazil
Scope and application. This Annex D applies to the processing of personal data that is subject to the Brazilian General Data Protection Law (Lei nº 13.709/2018, the “LGPD”), including where we process such data in connection with offering goods or services to individuals located in Brazil or where the personal data is collected in Brazil. For the processing described in this Privacy Statement, Perforce acts as a controller (controlador).
Transparency and language. We provide the information required by Article 9 of the LGPD, including the purpose, form, and duration of processing, our identity and contact details, any shared use of data, and your rights. We make this information available in Portuguese for data subjects in Brazil.
Legal bases. We process personal data on the legal bases permitted under Articles 7 and 11 of the LGPD, including your consent, compliance with a legal or regulatory obligation, the performance of a contract, and our legitimate interests balanced against your rights and freedoms. Where we rely on consent, you may withdraw it at any time.
Your rights. Subject to the LGPD, you have the right to: confirm the existence of processing; access your personal data; correct incomplete, inaccurate, or out-of-date data; anonymize, block, or delete unnecessary or excessive data or data processed in non-compliance with the LGPD; delete personal data processed on the basis of your consent; obtain the portability of your data to another service or product provider; obtain information about the public and private entities with which we have shared your data; obtain information about the possibility of refusing consent and the consequences of doing so; and revoke your consent.
International transfers. Where we transfer personal data out of Brazil, including to Perforce subsidiaries and affiliates and service providers, we rely on a transfer mechanism permitted under the LGPD — including the standard contractual clauses (cláusulas-padrão contratuais) approved by the Autoridade Nacional de Proteção de Dados (“ANPD”) under Resolution CD/ANPD nº 19/2024, an adequacy decision recognized by the ANPD, or another lawful mechanism — together with the safeguards described in Section 1C of this Privacy Statement and our Intra-Group Data Transfer Agreement.
Data breach notification. Where a security incident may result in relevant risk or harm to data subjects, we will notify the ANPD and the affected data subjects within the timeframe and in the manner required by the LGPD and Resolution CD/ANPD nº 15/2024 (as a general rule, within three (3) business days of becoming aware of the incident).
Contact and complaints. You may contact us using the details in Section 3 of this Privacy Statement. You may also submit a complaint to the Brazilian National Data Protection Authority (Autoridade Nacional de Proteção de Dados “ANPD”).