PRIVACY COMPLIANCE
Privacy at Rippling
At Rippling, we know privacy is essential for maintaining our customers' trust. We're committed to protecting personal data and are transparent about our privacy practices.
Our privacy principles
Clear and transparent
We strive to inform you of our role, and our privacy and data security policies, practices, and technologies.
A global approach
Our products, business practices, and customer agreements are built to comply with global data privacy laws.
Contractual commitments
Our Data Processing Agreement provides a competitively benchmarked and future-proofed set of terms.
Safe and secure
We maintain robust administrative, technical, and physical controls to protect all personal data.
Our role with respect to your data
Customers are in control
We act as a data processor (sometimes known as a "service provider") for most of the data we handle for our customers. This means that we collect and process personal data only as instructed or permitted by our customers, or as otherwise required or permitted under applicable laws. In other words, our customers control this data.
Read our Data Processing Addendum and learn how we collect and process personal data on behalf of our customers.
Committed to transparency
We act as a data controller with respect to the personal data we collect or generate for our own purposes when you visit, interact with, or use (or apply to use) Rippling services. This means we independently determine how and why that data is processed. This covers the account information that you provide to us in connection with the creation or administration of your Rippling user account such as name and contact details, and the personal data we collect when you do things like:
Receive communications from us, or interact or communicate with us, including via email, phone, mail, or our branded social media pages.
Complete a questionnaire, promotional entry, a support ticket, or other information request forms.
Register or take part in our marketing, learning, or training events.
We are committed to ensuring transparency when it comes to when and how we use your data for our own purposes as set out in our User Privacy Notice.
FAQs
Who are Rippling’s sub-processors and how are they vetted?
Please see our Sub-processors page (login required) for names, locations, and activities of the sub-processors we engage in our capacity as a processor for our customers.
Rippling identifies, evaluates, and engages sub-processors through our vendor management program, which includes putting written contracts in place that govern the sub-processor relationship. In addition, all potential vendors are vetted and approved through Rippling’s security review process before we begin using their services.
In which countries does Rippling store or process personal data?
Rippling is a global company with personnel located around the world. While our main data stores are in the United States, the personal data we collect may be stored or processed in your region (if different to the US), or in any other country where we have employees, contractors, or sub-contractors, such as India, UK, Canada, and Ireland.
How does Rippling handle cross-border data transfers?
Where we engage in any cross-border personal data transfers, we do so in compliance with applicable laws, and the terms of any applicable Privacy Notice or Data Processing Agreement. Specifically, we rely on Standard Contractual Clauses as our legally-recognized form of data transfer to manage transfers of EU and UK personal data outside of the EU and UK.
Does Rippling have a Data Protection Officer?
Yes, Rippling appoints a Data Protection Officer in regions where required, including the EU. If you would like to contact our Data Protection Officers, please reach out to privacy@rippling.com.
How does Rippling handle law enforcement information requests with respect to customer data?
If a government authority sends Rippling a demand for customer content, we will attempt to redirect them to the customer to whom the request relates. Where that is not possible, Rippling will only respond to a legal request if it is sent by an official law enforcement agency through valid and enforceable legal process that compels Rippling to produce the information, or in the case of an emergency where there is a danger of a death or serious physical injury to a person that Rippling may have information necessary to prevent. Unless prohibited from doing so or there is clear indication of illegal conduct in connection with the use of Rippling products or services, we will notify customers before disclosing information.
Please see this page for more information about how we handle law enforcement information requests.
Who do I contact to exercise my rights under privacy laws?
If you have any questions or want to exercise any of your rights regarding the personal data we process on behalf of your organization (such as your current or former employer), please contact your organization’s administrator.
If you have any questions about or want to exercise any of your rights regarding the personal data we handle in our capacity as a controller (as outlined above), please contact us at privacy@rippling.com or as otherwise described in the "How to Contact Us" section of our User Privacy Notice.
Does Rippling sell personal data to any third parties?
No, Rippling does not sell personal data. However, we may use certain personal data subject to our User Privacy Notice (i.e. where we do not act on behalf of our customers) for the purposes of targeted advertising. To opt in or opt out of our “sale” and “sharing” of your personal data, as those terms are defined under various US state privacy laws, please visit Your Privacy Choices.
See Rippling in action
Rippling is a single platform that can help your business manage all of its employee data and operations, no matter its size.