InVision is committed to compliance with the California Consumer Privacy Act (CCPA), a new California law that went into effect January 1st, 2020.
We understand that compliance with a new set of privacy laws can be challenging. We hope that this page will be useful for our customers to understand and exercise their rights under the CCPA, and provide our customers with some clarification about InVision’s role and obligations under the CCPA.
Our legal and security experts have closely analyzed the requirements of the CCPA and continue to monitor new guidance on best practices for implementing the requirements of the CCPA.
If you are an EU user or need any further information about how InVision complies with the GDPR, please visit our GDPR compliance page.
What InVision is doing
InVision implemented its company-wide CCPA compliance strategy in advance of the January 2020 due date. Below are a few examples of initiatives InVision has undertaken in order to satisfy CCPA requirements that apply to both InVision and our customers:
- We are maintaining an information security policy comparable with ISO27000 series standards and we are maintaining security in the delivery of our Services in accordance with SOC2 standards (or any successor standards). These standards mirror many of the security and privacy requirements of CCPA and will help give our customers a transparent framework to measure our development and data management practices. Assurance that InVision maintains and follows these standards are affirmed through our annual SOC 2-type 2 audit. For more detailed information, review our security practices.
- We are committed to provide our authorised users with the ability to access, update, rectify, export and erase their personal information themselves (for any further details on how authorised users can manage their data, please visit our rights management page).
- We are holding vendors that handle personal data to required data management, security, and privacy practices and standards.
- We are ensuring that InVision staff that process InVision customer personal information have been trained in handling that data and are bound to maintain the confidentiality and security of that data.
Does Invision process the personal information of its customers?
What personal information does InVision process when providing its Services?
For most users, this is limited to “business card” information of users that register for the service - meaning their names and e-mail addresses, and an IP address. We may obtain your phone number if we need to reach out for a support issue, and you can put your picture or avatar on your account if you would like to personalize your interactions with other users.
Please bear in mind that as a service provider of design, prototyping, and design management services, when building designs and prototypes with InVision, InVision does not process your end-customer data or have access to your internal IT systems. It is an industry standard to use ‘dummy data’ when building designs and prototypes, and this is a firm requirement under our terms of service with our customers.
What is InVision’s role?
Where you are using our Services and making decisions about the personal information that is being processed in the Services (for example when uploading and using Customer Content, or selecting the Third Party Services you wish to connect to the Services), you are acting as a Business and InVision is acting as a Service Provider (as defined under the CCPA).
Where does InVision store and process my personal information?
Our goal is to provide our customers with secure, fast, and reliable services. Today, InVision stores data in its AWS data center located in the U.S. In order to bring you world class products, and to provide support and maintenance (e.g. 24x7 support coverage), InVision may also allow employees and contractors located outside the U.S. (e.g. in the EU, Argentina, Australia, Canada, Israel and the United Kingdom) to access certain data for product development, and customer and technical support purposes. We ensure that all such disclosures are compliant with the law and that all use will be for the limited purpose described.
How can I exercise my consumer rights under the CCPA?
Please refer to our rights management page for information on how you can do things like access, rectify, export or erase your personal information. You can also contact us directly at [email protected] if you have any additional requests or questions.
How does the verification process work?
InVision takes all reasonable precautions to verify your identity in connection with fulfilling its responsibilities under the CCPA. InVision will verify each request based on the following process:
To initiate a request under CCPA, you must contact InVision via [email protected] from the email address associated with your personal information. Once we receive your request, we will send a confirmation response to which you will need to reply before we will be able to proceed.
Can I opt out of the sale of my personal information?
InVision does not sell personal information as defined under CCPA. You can decide to opt out of our marketing communications by managing your emails preferences.
Does InVision enter into CCPA compliant data processing Addendum (DPA)?
InVision will enter into CCPA data processing addendum with our customers who are a business (as defined by the CCPA) and have purchased a subscription to our design collaboration platform via a written agreement. We provide a CCPA-compliant DPA that is tuned to our service, and we invite such customers to complete and execute our CCPA-compliant DPA—InVision Customer Data Processing Addendum. Just follow the prompts through the form to complete your information.
For additional information, we recommend starting with the following resources:
- Privacy: You own your data, and we’re committed to protecting your privacy.
- Security: InVision maintains customer security as our highest priority.
- Compliance: We maintain strict standards for achieving legal, regulatory and industry compliance frameworks such as SOC, PCI and CSA-Star.
- Policies and reports: We actively promote our information security policy library allowing customers insight into our data handling requirements. Contact us If you need any further information, please do reach out to [email protected].