Skip Navigation
Book a Demo
Book a Demo

Sonatype, Inc. Privacy Policy

TRUSTe

April 30, 2025

Sonatype, Inc., and its subsidiaries (collectively referred to as “Sonatype,” “our,” “us,” and “we”), understand that you care about how we collect, use, and share information when you interact with our websites, events, contests and surveys, social media sites and handles, email, support services, products and online services (our “Services”), and we value the trust you place in us. This Privacy Policy explains:

We also include specific disclosures for residents of the state of California and of the United Kingdom, European Economic Area, and Switzerland

This Policy applies when you interact with us through our Services. It also applies anywhere it is linked. It does not apply to non-Sonatype websites, mobile applications, and events that may link to the Services or be linked to or from the Services, including local events organized and hosted by third-parties. Please directly review the privacy policies for those non-Sonatype websites, applications, and events to understand how their privacy practices may differ.

Information We Collect 

Information you give us

Some of the Services may include features or services that permit you to enter contact information and other information about you. We collect and store any information you enter on our Services. This includes:

  • Name, contact and demographic information when completing forms or registering to use our Services.
  • Payment information and associated contact information when engaging in a transaction on our site.
  • Appointment booking and event registrations you carry out through our site.
  • Email address information when subscribing to our email newsletters or marketing communications. 
  • Email address information when subscribing to our email newsletters or marketing communications.
  • Any information, audio recordings or data you provide by interacting in our support services, online forums and chatrooms, or by commenting on content posted on our Services. Please note that these comments are also visible to other users of our Services and may also be visible to the public.
  • Information you provide if you complete a survey administered by us or a service provider acting on our behalf.
  • Information you provide if you participate in a contest that we offer.
  • A record of communications and any contact information provided if you contact us.

If you apply for employment with us, we also collect and store any information that you provide in connection with your application. This includes:

  • Your name, phone number, and email address.
  • Your citizenship or immigration status.
  • Information that you voluntarily may choose to provide, such as your social media profile(s), gender, race, disability status or veteran status, current employer, professional or employment experience, and educational background.

Information We Collect Automatically

When you interact with the Services, certain information about your use of our Services is collected automatically. This includes:

  • Details of your visits to our site and information generated in the course of the use of our Services (including the timing, frequency, and pattern of service use) including, but not limited to, traffic data, Internet Protocol (“IP”) address, Internet Service Provider (“ISP”), date and time stamps, clickstream data, weblogs, other communication data, the resources that you access, and how you reached and exited the site.
  • Details regarding the device you use to access our Services, including, but not limited to, your IP address, operating system, and browser type.
  • Information about how you interact with our ads, newsletters, and marketing communications, including whether you open or click links in any correspondence.
  • Information that you make available to us on a social media platform (such as by clicking on a social media icon linked from our Services), including your account ID or username and other information included in your posts.

Third-Party Cookies and Tracking Technologies

Much of the above information is collected through cookies, web beacons, and other tracking technologies, as well as through your web browser or device. Sonatype relies on partners to provide many features of our sites and Services using data about your use of our and other sites, and how you interact with our emails.

Please visit our Cookie Notice for more information about how we use different categories of cookies and similar technologies and your options for managing their collection of data. We currently do not take steps to respond to browsers’ “Do Not Track” signals as no uniform standard to respond to such signals has been developed at this time.

You can learn more about ad serving companies and the options available to limit their collection and use of your information by visiting the websites for the Network Advertising Initiative, the Digital Advertising Alliance, and the European Interactive Digital Advertising Initiative Similarly, you can learn about your options to opt out of mobile app tracking by certain advertising networks through your device settings and by resetting the advertiser ID on your Apple or Android device.

Please note that opting out of advertising networks services does not mean that you will not receive advertising while using our Services or on other websites, nor will it prevent the receipt of interest-based advertising from other companies that do not participate in these programs. It will, however, exclude you from interest-based advertising conducted through participating networks, as provided by their policies and choice mechanisms. If you delete your cookies, you may also delete your opt-out preferences.

How We Use and Protect Your Information

We may use the information we collect from you to:

  • Provide you with our products and services, including to take steps to enter into a contract for sale or for services, process payments, fulfill orders, verify identity, process contest entries and prizes, and send service communications.
  • Enable additional features on our Services and to provide you with a personalized service.
  • Create custom audiences on social media sites.
  • Provide you with the best service and improve and grow our business, including by sending invitations to take part in surveys and market research, understanding our customer base and purchasing trends, and understanding the effectiveness of our marketing.
  • Understand how our Services are being used, track site performance, and make improvements.
  • Deliver tailored advertising on our Services based on your preferences or interests across services and devices and measuring the effectiveness of ads.
  • Enable AI analysis and training for AI models or systems, including generative AI providers, to assess and enhance your communications and interactions with Sonatype and our products.
  • Plan, conduct, and administer our business, including responding to comments and complaints about our products and services, maintaining records and accounts, and in connection with legal claims, compliance, regulatory, and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation).
  • Detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal, and to comply with legal requirements regarding the provision of products and services.
  • Process and evaluate your application for employment.

How We Secure the Information We Collect From or About You

The security of your personal information is very important to us. When you enter sensitive information (such as credit card number or your password), we encrypt that information using reasonable security measures during transmission and upon receipt. We always use a combination of physical, technical, and administrative safeguards to protect the information we collect through the Services. While we use these precautions to safeguard your information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf. If you have any questions about security on our Site, you can contact us at security@sonatype.com.

How We Share Your Information

  • Service Providers and Contractors: We engage vendors to perform certain functions on our behalf such as: billing and collection providers; auditing and accounting firms; professional services consultants; providers of analytics services; agents and providers of AI services; security vendors; employment recruiters, and IT vendors.
  • Social Media Platforms: Where you choose to interact with us through social media, your interaction with these programs typically allows the social media company to collect some information about you through digital cookies and other tracking mechanisms that they place on your device. In some cases, the social media company may recognize you through its digital cookies even when you do not interact with their application. Please visit the social media companies’ respective privacy policies to better understand their data collection practices and the controls they make available to you.
  • Companies involved in advertising: We partner with companies that assist us in advertising about our Services to others who may be interested in the Services. These companies may use tracking technologies on our website to collect or receive information from the Services and elsewhere on the internet and use that information to provide measurement services and target ads.
  • Corporate Affiliates: We share customer data with our subsidiary companies.

Cross-border Transfer of Data

If you use our Services outside of the United States, you understand that we may collect, process, and store your information in the U.S. and other countries. The laws in the U.S. regarding information may be different from the laws of your state or country. Any such transfers will comply with safeguards as required by relevant law. By using the Services, you consent to the collection, international transfer, storage, and processing of your data.

Additional Information About Our Data Collection and Sharing Practices

Customer Testimonials

We post customer testimonials on our web site which may contain personal information. We do obtain the customer's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to update or delete your testimonial, you can contact us at privacy@sonatype.com.

Sonatype Blog

Our website offers a publicly accessible blog, which is managed by a third-party application that may require you to register to post a comment. We do not have access or control of the information posted to the blog. You will need to contact or login to the third-party application if you want the personal information that was posted to the comments section removed. To learn how the third-party application uses your information, please review their privacy policy.

Sharing of Aggregated Data

We may share aggregated or de-identified data at our discretion, including with marketing agencies, media agencies, and analytics providers. These other companies will not be able to relate this data to identifiable individuals.

Lawful Requests

We may share data when we believe in good faith that we are lawfully authorized or required to do so to respond to lawful subpoenas, warrants, court orders, or other regulatory or law enforcement requests, including requests made by public authorities to meet national security or law enforcement requirements.

Combination of Information

We purchase lead data from third parties and combine it with information we already have about you in our records to create tailored business leads.

Children Under Age 16

Sonatype does not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to register for an account or event. If you are under 16, please do not attempt to send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 16 may provide any personal information to or on the Service. In the event that we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 16, please contact us at privacy@sonatype.com.

Change of Ownership or Corporate Organization

We may transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Policy.

Your Options and Rights Regarding Your Information

Please log into your account to update your contact information and payment method, as applicable.

If at any time you would like to unsubscribe from receiving future emails, you can click the unsubscribe link at the bottom of any email newsletter or marketing communication, or separately email us at privacy@sonatype.com and we will promptly remove you from all correspondence.

Your California Privacy Rights

Persons with disabilities may obtain this notice in alternative format upon request by contacting us at privacy@sonatype.com or calling toll-free: 1-888-890-1530

The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as rights to know/access, delete, correct, and limit sale and sharing of Personal Information. You also have the right to be free from discrimination based on your exercise of your CCPA rights. For more information about the CCPA, including how to exercise rights that you may have under the CCPA, please see our California Privacy Notice.

Special Information for Nevada Residents

Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to other companies who will sell or license their information to others. At this time, Sonatype does not engage in such sales.

Information for Individuals Located in the UK, EEA, and Switzerland

We process “Personal Data,” as that term is defined in the European Union’s (“EU”) General Data Protection Regulation, on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide Services; and (3) as necessary for our legitimate interests in providing the Services where those interests do not override your fundamental rights and freedom related to data privacy. Information we collect may be transferred to, and stored and processed in, the U.S. or any other country in which we or our subcontractors, Corporate Affiliates, Service Providers, and third-party partners maintain facilities, as described above.

We only retain and use your Personal Data for as long as your account is active, as needed to provide you the Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If you wish to cancel your account or request that we no longer use your Personal Data to provide Services to you, contact us at privacy@sonatype.com.

To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the information and whether we can achieve those purposes through other means, and the applicable legal requirements. If you want to learn more about our specific retention periods for your Personal Data, you may contact us at privacy@sonatype.com.

Upon expiry of the applicable retention period, we securely destroy your Personal Data in accordance with applicable laws and regulations.

Individuals located in the United Kingdom (“UK”), European Economic Area (“EEA”) or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. Contact details for data protection authorities are available here.

If you are a resident of the UK, EEA, or Switzerland, you are entitled to certain rights. Please note: in order to verify your identity, we may require you to provide us with information prior to accessing any records containing information about you. These rights include the ability:

  • to request from us access to information held about you.
  • to ask for the information we hold about you to be rectified if it is inaccurate or incomplete.
  • to ask for data to be erased if the data is no longer necessary for the purpose for which it was collected, you withdraw consent and no other legal basis for processing exists, or you believe your fundamental rights to data privacy and protection outweigh our legitimate interest in continuing the processing.
  • to request that we restrict our processing if we are processing your data based on legitimate interests or the performance of a task in the public interest as an exercise of official authority (including profiling); using your data for direct marketing (including profiling); or processing your data for purposes of scientific or historical research and statistics.

To submit a request to exercise your rights, please use the request form located here or contact us at here or contact us at privacy@sonatype.com. We may have a reason under the law why we do not have to comply with your request, or may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

Individuals located in the UK, EEA, and Switzerland also have an absolute right to opt-out of direct marketing or profiling that we carry out for direct marketing purposes. You can do this by following the instructions included in the applicable message, by setting preferences as may be otherwise indicated on the site or event page, by using the request form here or by contacting us at here If you have consented to receive direct marketing from third parties (such as affiliated Sonatype companies, business partners or independent resellers), please follow those third parties' opt-out processes.

Please note that we will send you service-related email announcements when it is necessary to do so. For instance, if our Service is temporarily suspended for maintenance, we might send you an email. You do not have an option to opt out of these emails, which are not promotional in nature.

We may transfer personal data outside the UK and EEA and Switzerland to the U.S. When required, we make such transfers from the EEA and Switzerland in compliance with the Standard Contractual Clauses for international transfers from the European Economic Area to third countries, Commission Implementing Decision (EU) 2021/914 of 4 June 2021(as modified for compliance with the Swiss Federal Data Protection Act where necessary), and from the UK in compliance with the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers issued under Section 119A of the Data Protection Act of 2018.

EU-U.S. Data Privacy Framework with UK Extension, and Swiss-U.S. Data Privacy Framework

Sonatype, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF (UK Extension), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Sonatype, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Sonatype, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

EU, UK, and Swiss individuals have rights to access their Personal Data held by Sonatype, Inc. and to correct, amend, or delete that information where it is inaccurate, or has been processing in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks of the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. EU, UK, and Swiss individuals may also opt-out of Sonatype, Inc.’s disclosure of their Personal Data to a third party (excluding a third party contracted as an agent to perform tasks(s) on our behalf and under our instruction), or use of their Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual. In the unlikely event that Sonatype, Inc. obtains Personal Data of EU, UK, and Swiss individuals that is “sensitive information” (i.e., specifying medical or health conditions, racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, or information specifying sex life), we will obtain affirmative express consent from the individual before disclosing such information to a third party or using it for a purpose other than those for which it was originally collected or subsequently authorized by the individual. In addition, Sonatype, Inc. will treat as sensitive any Personal Data received from a third party where the third party identifies and treats it as sensitive. To submit a request to exercise these rights or to opt-out of disclosure of Personal Data, please use the request form located here or contact us at privacy@sonatype.com. Additional information about rights and choices regarding Personal Data of EU, UK, and Swiss individuals is provided above at the beginning of the section “Information for Individuals Located in the UK, EEA, and Switzerland.”

In the context of onward transfers, Sonatype, Inc. shall remain liable for the processing of Personal Data it receives under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF and subsequently transfers to a third party acting as an agent on its behalf if the agent processes such Personal Data in a manner inconsistent with the EU-U.S. DPF Principles, and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles, unless Sonatype proves that it is not responsible for the event giving rise to damage.

The Federal Trade Commission has jurisdiction over Sonatype, Inc.’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Sonatype, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Sonatype, Inc. commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Sonatype’s General Counsel by using the request form located here or contact us at privacy@sonatype.com.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Sonatype commits to refer unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The TRUSTe services are provided at no cost to you.

For complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found in Annex 1 of the DPF Principles.

Changes to This Policy

We may make changes to this Policy from time to time. We will post any changes here, and such changes will become effective when they are posted. Your continued use of our Services following the posting of any changes will mean you accept those changes.

For questions or suggestions regarding our privacy practices, please contact us at:

Sonatype, Inc.

Attn: Privacy Office/Legal Department
8161 Maple Lawn Blvd, Suite 250
Fulton, MD 20759
1-888-890-1530
Email: legal@sonatype.com