Privacy Policy

Effective date: 4/8/2019

Questions?  Contact us!


Quick summary

We collect your information only with your consent, or on another legal basis. We only collect the minimum amount of information that is necessary to fulfill the purpose of your interaction with us. We don't sell any personal information to any third parties, and we only use data as this privacy policy describes. No matter where you are, where you live, or what your citizenship is, we provide the same standard of privacy protection to all our users around the world, regardless of their country of origin or location.


A. What information we collect and why

If you're just browsing our website, we do not collect any personally identifiable information about you. We do collect anonymous data about use of our website, including pages viewed, browser/device type and approximate geographic location. We gather this information to improve the visitor experience and performance of our website, and for statistical purposes to track how many visitors we have and what resources are accessed most often.

If you use our demo environment, you will provide usage data (specifically HTTP request and response data) by adding a logger to your application. Usage data is only accessible with a unique URL generated when a new demo session is started, and cannot be accessed by other demo users or by our staff. We collect usage data only for display and rendering by our demo application. Usage data is retained temporarily in volatile server memory until the demo session ends, when all session data is deleted. The source code for our demo application is available for you to verify these claims.


B. What information we do not collect

If you visit our website or demo environment, we do not intentionally collect any personal information about you. We do not collect IP addresses, cookies or any other data to uniquely identify or track you.

If you use our demo environment, this interaction will also remain anonymous. Demo users are not required to create user accounts, nor do we require providing any personal information (including email address or credit card) to uniquely identify demo users. We do not store demo session data in any type of database or non-volatile storage.

We do not intentionally collect any sensitive personal information that might be present in usage data provided to our demo environment. Our terms of service assert that our demo environment is never to be used with a production application where sensitive personal information is expected. If your usage data does include sensitive personal information, you are responsible for complying with any regulatory controls regarding that data, and are consenting to temporarily retain that information on our demo server in the United States.


C. How we share the information we collect

We do not share, sell, rent or trade any collected data with any third parties for any purpose.

We do not host advertising on resurface.io, nor do we sell any information to advertisers or marketers. We may occasionally embed content from third-party sites, such as YouTube, and that content may include ads. While we try to minimize any ads our embedded content contains, we can't always control what third parties show.


D. Our use of cookies and tracking

Our online services (both website and demo environment) use first-party persistent cookies for the sole purpose of optimizing and load-balancing network communication to our services. These cookies are strictly necessary for us to provide these services. By using our website or demo application, you consent to allow storing these cookies on your computer or device. These cookies are very small and are not stored for more than one year. These cookies do not store any personal information.

We do not rely on any third-party services that create cookies or otherwise attempt to track our users. We do not use cookies or tracking technologies to enable correlating use of our online services with any other online services in any way. We do not use "supercookies" or any similar techniques for permanently tracking a user device. We do not use email tracking technologies (like pixel tags) for any emails we send. We do not ask for user consent to allow any type of user tracking, simply because we do not perform this kind of tracking.


E. How we secure your information

We take all measures reasonably necessary to protect user data from unauthorized access, alteration or destruction; to maintain data accuracy; and to help ensure the appropriate use of user data. We follow generally accepted industry standards to protect data submitted to us, both during transmission and once we receive it.

For our demo application, usage data is only retained in volatile memory on our demo server, and is never persisted to disk or stored in any kind of central database. All usage data for a demo session is deleted immediately if the demo session is ended by the user. Our demo server is recycled every 24 hours, which ends all active sessions and deletes all data stored in volatile server memory. We do not permanently retain any usage data provided to our demo environment.

Demo sessions are uniquely identified by a randomly generated 32-character alphanumeric key. This random key is used to build a unique URL for each demo session. We do not maintain any logs that might identify what demo session ids were generated by our demo application, nor do we have any other mechanism for listing what demo session ids might currently be active. Users do not have to rely on random alphanumeric strings generated by our application, but can can generate their own custom URLs as needed.

We maintain proper SSL certificates and require use of HTTPS by default for all our online services. Our logging libraries only transmit usage data over secure HTTPS unless specifically configured otherwise. While we strongly advise using HTTPS, we do still allow HTTP for some kinds of testing and validation.

No method of transmission or temporary retention of user data is 100% secure. Therefore, we cannot guarantee its absolute security. Users that are very concerned about security may request a dedicated demo environment, or may run the demo application on their own infrastructure.


F. How to report a complaint

If you have questions or concerns about the way resurface.io is handling your data, please contact us immediately. We want to help and will respond promptly.

Data Protection Officer:
Rob Dickinson
[email protected]
5323 Deer Creek Ct, Boulder CO 80301 USA

You have the right to lodge a complaint with the appropriate supervisory authority in your jurisdiction, in the unlikely event that we are unable to resolve your complaint to your satisfaction.


G. How to control the information we collect

Any usage data collected in our demo environment is only retained temporarily. Your data can be immediately purged by ending the demo session. Sessions are automatically purged every 24 hours, including those that are still being actively used.

Our logging libraries apply strict data filtering rules by default, so that common forms of personally identifying information are automatically removed from all usage data in our demo environment. Users may configure custom filtering rules to provide additional protection, or to allow logging additional detail when appropriate. Please see our online documentation or YouTube channel for more information.


H. How we communicate with you

We do not collect email addresses from our users, nor do we maintain a mailing list. Unless there are special circumstances, we will only contact you by email in response to emails sent to us. We communicate updates through our blog, our Slack channel, and through social media rather than email.


I. Global privacy practices

Information that we collect will be retained and processed in the United States in accordance with this privacy policy. However, we understand that users from different countries and regions have different privacy expectations, and we strive to meet those needs. We provide the same standard of privacy protection to all our users around the world, regardless of their country of origin or physical location.


J. Changes to our privacy policy

Although most changes are likely to be minor, Resurface Labs may change this privacy policy from time to time. We will provide notification to users of changes to this policy through our website at least 30 days prior to the change taking effect by announcing the change on our blog and Slack channel.

Revision history: