Privacy Statement

clock

Last Updated: December 18, 2025

Protecting your privacy is important to us. This privacy policy ("Privacy Policy") is meant to help you understand how Balena Limited ("Balena", "we", "us", and "our") collect, use and share your personal information (defined below) and to assist you in exercising the privacy rights available to you.

This Privacy Policy covers:

Scope
Personal information we collect
How we use your personal information
Lawful basis for processing European (including UK) personal information
Links to other websites and services
Who we share your personal information with
Payments
Cookies and other technologies
Your rights and choices
International data transfers
Data retention
Security
Children's information
California privacy
Changes to our privacy policy
Contact us

Scope

This Privacy Policy applies to personal information processed by us in our business, including on our website at https://www.balena.io ("Site"), our mobile applications, and other online or offline offerings (collectively, the "Services").

This Privacy Policy does not apply to any third-party websites, services or applications, even if they are accessible through our Services.

Personal information we collect

When you use our Services or otherwise engage with us, we collect information from you, including your personal information. “Personal Information” means any information related to an identified or identifiable individual and does not include data where personally identifiable information has been removed (such as anonymous data). We collect Personal Information about you from different sources listed below.

Personal Information you provide to us

Account Information. If you create an account on the Site, we'll collect certain Personal Information about you, such as your name, address, phone number, email address, company name, and social-media handles (including any social media accounts you link to your Balena account e.g. Google). If you create an account with us using your login credentials from a third-party (e.g. Github or Google), we'll be able to access and collect your name and email address and other Personal Information that your privacy settings on the third-party account permit us to access.
Communication Information. We collect Personal Information from you, such as your email address, phone number, mailing address, or social media handle, when you request information about our Services, register for our newsletter, request customer or technical support, apply for a job or otherwise communicate with us. We also collect any Personal Information contained in the contents of your correspondence with us.
Feedback and Survey Responses. We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information, which may include your Personal Information such as your name, email address and any Personal Information contained in your responses.
Order information. To process your purchase of our Services, we will need to collect your name, phone number, billing address, bank account information, VAT number, and email address. We will generate a unique order ID associated with your purchase and maintain a record of your order history.
Social Media Information. If you reach out to us via a third party, for example, if you send us a direct message on a social media platform, we may also collect your name and information related to your social media profile which is visible in the message. We will only be able to see the information which you have selected can be displayed to us. Please consult your social media profile settings for more details.‍
Job Applicant Information: If you apply for a role with us, we will use your Personal Information to administer and consider your application, which includes your name, address, communication information, and CV/resume, we may also conduct background checks to confirm your right to work.

When we take a payment from you, we don't process your financial information. This is handled by a third party (such as Stripe), but we may be provided with some parts of your financial information related to the transaction, such as the last four digits of your card and your billing address. See the Payments section for more information. We will not be able to fulfil your order unless you provide certain payment-related information.

‍Our customers may choose to use our Services to process certain data of their own, which may contain Personal Information. The information that we process through our Services is processed by us on behalf of our customers, and our privacy practices will be governed by the contracts that we have in place with our customers, and our Data Processing Addendum. If you have any questions or concerns about how such data is handled or would like to exercise your rights, you should contact the person or entity (i.e., the data controller) who has contracted with us to use the Service to process this information. Our customers control the personal information in these cases and determine the security settings within the account, its access controls and credentials. We will, however, assist our customers to address any concerns you may have, in accordance with the terms of our contract with them.

Personal Information we automatically receive about your use of the Services

Technical Information. We automatically collect technical information such as the Internet Protocol (IP) address used to connect your device to the Internet, browser type and version, browser plug-in types and versions, operating system, your device make and model, an App ID, App version, and platform / OS version. As well as the content of a request, we also receive information associated with the request, such as time zone setting, date and time and http status code associated with your device.
Interaction Information. We automatically collect information about your use of the Services including the full Uniform Resource Locators (URL), clickstream to, through and from our Services (including date and time), services and content you viewed or searched for, content response times, download errors, length of visits to certain content, interaction information (such as scrolling, clicks, and hover-overs), time and date of orders and methods used to browse away from content.
‍Location Information. We may derive your approximate regional location from your IP address. We do this in order to localise our Services to you (for example, to provide you with your local currency and language), and make sure the services displayed to you are accurate for your location.

For more information about how we process this information, please see our Cookies Policy.

Personal Information we receive from other sources.

We may obtain information about you from other sources, including through third-party services and organizations, to supplement information provided by you. This supplemental information allows us to verify information that you have provided to us and to enhance our ability to provide you with information about our business, products, and Services.

We may collect your Personal Information from social media platforms such as Github, Facebook, Instagram, X, LinkedIn, and YouTube. If you interact with us through third-party sites, such as social media platforms, we may collect Personal Information about you. For example, if you tag us in a social media post or otherwise interact with our social media adverts, accounts and posts (for example, by liking or providing a comment on our post on a social media platform), we may collect Personal Information such as your social media profile name and picture, as well as the pictures or content you post (including likes and reactions to your posts). We will only be able to see the content you post to your social media account if your profile is set to "public" or if we are "following" you.
You may choose to create an account with us using a third-party login, such as Github and Google. You don't have to do this if you want to create an account with us, but if you do, we will collect details from the third party account, including your profile / display name, name(s) associated with that account, email address, user profile picture, date of birth, websites linked to your account, location information linked to your account, and information on the last time your account information was updated. We use this information to create and administer your account with us.hubspot
We may obtain Personal Information about you from third-party service providers such as HubSpot to enrich the Personal Information we already have about you for marketing/prospecting purposes. We may use Hubspot to collect Personal Information in the form of your work email address, job title, employer, approximate work location, professional social media accounts and other publicly available information about your professional role. For more information, please see Hubspot’s privacy policy here.
If you access and use our Services through a third party (such as your employer) we may receive the Personal Information about your use of the Services from that third party and any feedback you have about the Services. For example, we may process your log data for troubleshooting, quality assurance and ensuring our Services remain secure.

How we use your personal information

We use the Personal Information for the following purposes:

Providing the Services. We use the Personal Information that we collect through your use of the Services to operate and provide all features of the Services (including ensuring they are displayed in an optimized way for your equipment). For example, to allow you to use the Services, create an account, subscribe to newsletters, and so we can contact you in case of any issue with the Services.
Understanding usage and improving the Service. We use the Technical, Interaction and Location Information that we collect through your use of the Services to understand and analyze the usage trends and preferences of our users, to improve the Services, and to develop new products, services, features, and functionality. We also use this information to keep our Services safe and secure. We also enable Cookies and Other Technologies, for more information please see our Cookie Policy.
Providing technical support and securing our Services. We use your Technical Information and Interaction Information to provide technical support, including diagnosing and resolving any issues you report. We also use this information to manage internal operations, including troubleshooting, data analysis, testing, research, statistical purposes.
Communicating with you. We use your Communication Information and Feedback and Survey Responses as necessary to contact you for administrative purposes, respond to your requests and understand your experience of the Services, including to provide information that you request, and to respond to comments and questions.
Marketing. We use your email address to send marketing communications, including updates relating to products and services offered by us and by third parties with whom we work. When we send you emails, we track whether you open them to learn how to deliver a better customer experience and improve the Services. We will only send you marketing communications where lawfully permitted. You can opt out of receiving marketing communications at any time, see Your Rights and Choices for more information.
Administration: We use your Account Information and Order Information to fulfil our contract with you and administer your account, including facilitating payment to be taken from you (payment processed by a third party) and record the transaction in our records.
Job applications: We use your Communication Information and Job Applicant Information to review employment details provided to us about a job opening.‍
Legal: We will use your Personal Information where required to comply with the law or to bring and defend legal claims.

We may combine Personal Information collected directly from you (including automatically collected information) with Personal Information collected from other sources for these purposes.

We may also use Personal Information and other data about you to create de-identified and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access our Services, or other analyses we create.

Lawful basis for processing european (including uk) personal information

If you are in the UK or European Economic Area, we will only process your Personal Information where we have a lawful basis under UK and European data protection law for doing so. Lawful bases for processing include consent, contractual necessity, our legitimate interests or the legitimate interests of others and compliance with our legal obligations.

Contract: Where we need your Personal Information to fulfil a contract with you (or take steps to fulfil that contract), if you do not provide some Personal Information, we may not be able to progress or fulfil that contract with you. Where information is required to conclude the contract, this will be indicated to you.
Legitimate Interest: 'Legitimate interests' is a legal term used in UK and European data protection law. When we rely on legitimate interests, we mean in pursuing our own interests, we have considered your rights and interests at the same time, and concluded that these are not overridden by your rights.
‍Consent: If we rely on your consent to process your Personal Information, we will ask for this before processing.

Below we set out examples of why we process your Personal Information and the lawful bases for doing so:

Contract: We may use your Personal Information to take steps to enter into any contract or carry out our obligations arising out of a contract with you. For example:

managing your information and administering your account with us;;
providing access to certain areas, functionalities, and features of our Services;
keeping a record of orders, you place, including recording receipt of payment or refunds;
processing your financial information and other payment methods for products or Services purchased;
communicating with you about your account or your activities on our Services and policy changes; and
enforcing our Terms of Service and policies.

Legitimate Interest: We may use your Personal Information when we have a legitimate interest in doing so. For example, to:

ensure content from our Services is presented in the most effective manner for you and your device;
detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity;
improve, upgrade, or enhance our Services;
provide relevant and tailored content to you;
understand how you engage with us;
provide information you request from us, including responding to any queries you have submitted; and
to consider any Personal Information you provide regarding a potential employment opportunity with us.

Consent: When you give your consent (for example, for us to send you our marketing communications and deliver certain cookies), you may withdraw this at any time. Please see Your Rights and Choices for further information.

Where permitted in our legitimate interest, or with your prior consent (where required by law), we will use your Personal Information for marketing analysis or to provide you with promotional update communications by email about our products, events, newsletters and services.

Legal obligation. We may use your Personal Information where you have given your consent to do so. For example:

to comply with tax and accounting obligations;
to comply with a court order; and
to bring and defend legal claims.

Links to other websites and services

The Services may contain links to other websites, and other websites may reference or link to our website or other Services such as Facebook, X, Github, Instagram, YouTube and Linkedin. These other websites are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

Who we share your personal information with

We may share your Personal Information with the following categories of third parties:

Service Providers. We may share any Personal Information we collect about you with our third-party service providers acting in accordance with our instructions. The categories of service providers to whom we entrust Personal Information include: IT and related services; information and services; payment processors; customer service providers; and vendors to support the provision of the Services. These organisations (which may include third party suppliers, agents, sub-contractors and/or other companies in our group) will only use your Personal Information to the extent necessary to perform their support functions. We also maintain a list of our sub-processors on our Site here.
Business Partners. We may provide personal information to business partners with whom we jointly offer products or services. In such cases, our business partner's name will appear along with ours.
Affiliates. We may share personal information with our affiliated companies for the purposes set out in this Privacy Policy.
Advertising Partners. We do not use or share your information, including personal information, to advertise any third party's products or services via the Services. We may use and share your Personal Information with third-party advertising partners to market our own Services and grow our Services' user base, such as to provide targeted marketing about our own Services via third-party services. If you prefer not to share your personal information with third-party advertising partners, you may follow the instructions below set out in Your Rights and Choices.‍
Share Content with Friends or Colleagues. Our Services may offer various tools and functionalities. For example, we may allow you to provide information about your friends through our referral services. Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services.

We will also disclose your Personal Information in the following circumstances:

Disclosure in the event of merger, sale, or other asset transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may disclosed to a prospective buyer of such businesses or assets subject to the terms of this Privacy Policy as permitted by law .‍
Disclosures to protect us or others. We may disclose any Personal Information we process about you, to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our or others' rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

Payments

Payments are made through a payment processing provider, for example, we use Stripe. You will be providing credit or debit card information directly to such payment provider which operates a secure server to process payment details, encrypting your credit/debit card information and authorising payment. Information which you supply to these third parties is not within our control and is subject to their own privacy policy and terms and conditions. We may retain the last four digits of your card number for our own records.

For Stripe services see here https://stripe.com/gb/privacy-center/legal and here https://stripe.com/privacy

Cookies and other technologies

We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies ("Cookies") to automatically collect information through the Services. For more information on our use of Cookies, please see our Cookies Policy.

Your rights and choices

Depending on your location and in accordance with applicable law, you may have the right to:

to find out what Personal Information we hold about you;
to be provided with a copy of your Personal Information;
to request the correction or deletion of your Personal Information;
to request that we restrict the processing of your Personal Information (while we verify or investigate your concerns with this Personal Information, for example);
to object to the further processing of your Personal Information; and
to request that your provided Personal Information be moved to a third party.

Where the processing of your Personal Information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contact us. You can change your preferences and object to receiving further marketing at any time either through your account or by following the unsubscribe instructions provided in the e-mail you receive. Please note, we need to send you certain communications regarding the Services and you will not be able to opt out of those communications – e.g., communications regarding updates to our Terms of Service or this Privacy Policy or information about billing.

If you would like to exercise any of these rights, please contact us using the details below. We will process your requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request. For more information on your specific rights under the California Consumer Privacy Act ("CCPA"), see the California Privacy section below.

If in exercising your rights and choices, your request is not satisfactorily resolved by us or you have any other concerns, you may approach your local data protection authority.

The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your Personal Information, as well as deal with any complaints that you have about our processing of your Personal Information.

If you are based in the EEA, you can find your supervisory authority here https://edpb.europa.eu/about-edpb/about-edpb/members_en.

International data transfers

Personal Information will be processed by us, and to the extent applicable our group companies, in accordance with this Privacy Policy in the U.S., the United Kingdom ("UK") and European Economic Area ("EEA").

We will take steps to handle your Personal Information subject to appropriate safeguards, as the laws regarding processing of Personal Information may be less stringent than the laws in the UK and EEA.

Where we facilitate access to or transfer your Personal Information outside of the UK and EEA, we will take steps to require the recipient to process your Personal Information subject to appropriate safeguards (for example, implementing standard contractual clauses where appropriate with group companies and third parties that we work with).

Data retention

We store Personal Information for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.When deleting Personal Information, we will take measures to render such Personal Information irrecoverable or irreproducible, and the electronic files that contain Personal Information will be permanently deleted.

Security

Balena is ISO 27001 certified. We take reasonable administrative, physical and electronic measures designed to protect the information that we collect from or about you, including your personal information, from unauthorized access, use or disclosure. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.

Children's information

The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal information from children. If you learn that your child has provided us with personal information without your consent, you may contact us as set forth below. If we learn that we have collected any personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child's account.

California privacy

The following notices apply to California residents and consumers.

California Shine the Light Law. The California "Shine the Light" law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. To make such a request from us, if entitled, please use the contact information listed below.

Information we collect

In providing our Services, we may collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer or household ("Personal Information"), as defined in the California Consumer Privacy Act ("CCPA").

We have collected the following categories of Personal Information from our consumers in our role as a business within the last twelve (12) months (as indicated with a Yes below):

Category

Examples

Collected

Identifiers

name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security, or other similar identifiers.

Yes

Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Biometric information.

Physiological, biological, or behavioral, characteristics (including DNA) that can be used to establish individual identity, or imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template such as a faceprint, a minutiae template, or a voiceprint, can be extracted and keystroke patterns or rhythms, gait patterns, or rhythms, and sleep, health or exercise data that contain identifying information.

Internet or other electronic network activity.

Browsing history, search history, information on a consumer's interaction with an internet website, application, or advertisement.

Yes

Geolocation data.

Physical location or movements.

Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

Professional or employment-related information.

Current or past job history or performance evaluations.

Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

Inferences drawn from other personal information to create a profile about a consumer.

Profile reflecting a consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Personal information categories listed in the categories above, but references in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. Note: Some personal information included in this category may overlap with other categories.

Categories of Sources from Which Personal Information is Collected

We obtain the categories of Personal Information listed above from the types and categories of sources described above in this Privacy Notice.

Business or Commercial Purposes for Collecting Personal Information

We may use, or disclose the Personal Information we collect for the business purposes describe above in this Privacy Notice.

Disclosures of Personal Information for a Business Purpose

We may disclose your Personal Information to the third parties or others as described above in this Privacy Notice, for any of the business purposes described above in this Privacy Notice.

In the preceding twelve (12) months, we have disclosed the following categories of Personal Information in our role as a business for a business purpose:

Identifiers
Internet information

Sales of Personal Information

In the preceding twelve (12) months, we have not disclosed your Personal Information to any third-party in a manner that would be considered a sale under the CCPA.

Do Not Track

Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

Changes to our Privacy Policy

Any information that is collected via our Services is covered by the Privacy Policy in effect at the time such information is collected. We may revise this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we'll notify you of those changes by posting them on the Services or by sending you an email or other notification, and we'll update the "Last Updated Date" above to indicate when those changes will become effective.

Contact Us

If you have any questions about our privacy practices or this Privacy Policy, or if you wish to submit a request to exercise your rights as detailed in this Privacy Policy, please contact us at legal@balena.io.