Sonatype Introduces Next Generation Dependency Management | Press Release


Sonatype, Inc. Privacy Policy

Effective July 1, 2020. At Sonatype, Inc. ("Sonatype" or "our", or "us" or "we"), we respect the privacy rights of our online visitors and recognize the importance of protecting the information we collect about you. Our Privacy Policy is designed to help you understand how we collect and use the personal information you decide to share. It also describes your data protection rights, including a right to object to some of the processing which Sonatype carries out. More information about your rights, and how to exercise them, is set out in the “Your Data Protection Rights” section of this Privacy Policy. This Privacy Policy applies to our websites located at,,,,, and their related subdomains (collectively, the "Site") and all products and services we offer on the Site (together with the Site, the "Service").

EU-U.S. Privacy Shield and Swiss – U.S. Privacy Shield

We participate in and have certified our compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on each Privacy Shield Framework, to each Framework’s applicable Principles. To learn more about each Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at

We are responsible for the processing of personal data that we receive, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to each Privacy Shield Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at

Under certain conditions, more fully described on the Privacy Shield website at, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

By using or accessing the Service, you are accepting the practices described in this Privacy Policy.

Note that if you download software or otherwise purchase products or services through the Site or Service, use of such products or services is subject to the separate Sonatype license or other terms and conditions applicable to such product or service.

The Information We Collect and How We Use It

In general, you can use our Service without providing us with any personal information. However, there are instances where you must provide us with certain personal information (as indicated below) in order to receive full access to the Service or to assist us in delivering a superior level of customer service.

We collect the following types of information:

  • Registration Information - When you register with Sonatype, you provide us with certain personal information, such as first and last name, e-mail address, username, and an account password.  We require this information to administer your registration – if you do not provide it, we will not be able to create an account for you.
  • Log Information - When you access the Service, our servers automatically record information that your browser sends whenever you visit a website and our analytics platforms may capture additional information about use of our Site. This information may include information such as your Internet Protocol address, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We do not link this automatically-collected data to personal information. We require this information to ensure that you are able to access and use the Service as it is intended – if you do not provide it, you may not be able to use all features of the Service.
  • Survey or contest entries - From time-to-time we may provide you the opportunity to participate in contests or surveys on our Site. If you participate, we will request certain personal information from you (such as name, contact information and demographic information). Participation in these surveys or contests is completely voluntary and you therefore have a choice whether or not to disclose this information.
  • Order Information - If you purchase a product or service from us, we request certain personal information from you on our order form. You must provide contact information (such as name, email and shipping address) and payment information (such as credit card number and expiration date). We require this information to be able to process payment from you – if you do not provide it, we will not be able to take payment and provide you with the requested products and services.
  • Marketing communications – We collect your marketing preferences, including any consents that you have given us. Providing us with your marketing preferences is voluntary.
  • User Communications - When you send email or other communications to us, we may retain those communications. Sending communications to us is voluntary.
  • We purchase lead data about our potential customers from third parties and combine it with information we already have about you, to create more tailored business leads.

How Do We Use This Information, and What Is the Lawful Basis for This Use?

We process this personal data for the following purposes:

  • To enable Sonatype to fulfill a contract, or take steps linked to a contract: this is relevant where you purchase products or services from us, or enter a contest. In particular we use your information:
    • to verify your identity;
    • to provide the products and services requested;
    • to take payments from you;
    • to process your entry to contests and provide prizes (where applicable);
    • to communicate with you; and
    • to provide customer service and support.
  • As required by Sonatype to conduct our business and pursue our legitimate interests, in particular we use your information:
    • to monitor usage of, and improve, our products and services (including the Site);
    • to personalize and tailor advertising on the Site and other websites to you and your interests;
    • to respond to any comments or complaints you may or others may send us about our products or services;
    • for internal planning and administration purposes, including maintaining records and accounts;
    • to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law;
    • in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation);
    • to invite you to take part in surveys and market research; and
    • to send you marketing materials (where your consent is not required).
  • Where you give Sonatype your consent, we:
    • use your information to send you direct marketing relating to our relevant products and services, or other products and services provided by us, other Sonatype companies, and carefully selected business partners and resellers (where consent is required);
    • place cookies and use similar technologies in accordance with our cookie policy (see “Cookies, Web Beacons and Similar Technologies” below) and the information provided to you when those technologies are used; and
    • publish any customer testimonials that you give (including your name) on our Site.

On other occasions where we ask you for consent, we will use your information for the purpose which we explain at that time.

  • For purposes which are required by law, in particular we use your information:
    • to respond to requests by government or law enforcement authorities conducting an investigation; and
    • to comply with legal and regulatory requirements (for example, tax laws).

Relying on our legitimate interests

We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests, which we have described above. You can obtain information on any of our balancing tests by contacting us using the details set out later in this policy.

Cookies, Web Beacons and Similar Technologies

We — as well as certain third parties that provide content, functionality, or services on our Site — use a variety of technologies to learn more about how people use the Site.  This section provides more information about some of those technologies and how they work.

  • Cookies and other Tracking Technologies - Technologies such as: cookies or similar technologies are used by Sonatype and our marketing and technology partners, affiliates, or analytics or service providers. These technologies are used in analyzing trends, administering the Service, tracking users' movements around the Site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. We may use cookies to improve our Service including by storing user preferences and tracking user trends. We also use cookies in our advertising services to help advertisers and publishers serve and manage ads across the web. We or our third-party advertisers may set a cookie in your browser when you visit a website or click on an ad supported by our advertising services. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our Site, but your ability to use some features or areas of our Site may be limited.
  • Ad Network Partners - We partner with a third-party ad network to either display advertising on our Site or to manage our advertising on other sites. Our ad network partner uses cookies and Web beacons to collect information about your activities on this and other Web sites to provide you targeted advertising based upon your interests. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by clicking here (or if located in the European Union click here). Please note this does not opt you out of being served advertising. You will continue to receive generic ads.

Children Under Age 16

Sonatype does not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to register. If you are under 16, please do not attempt to send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 16 may provide any personal information to or on the Service. In the event that we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 16, please contact us at:

Sharing Your Information with Third Parties

We will not share your personal information with third parties except in the following limited circumstances:

  • We have your consent.
  • We may share your personal information with our subsidiaries, affiliated companies and third party service providers who will process it on behalf of Sonatype for the purposes identified above. In particular, these other organizations assist us with IT systems, hosting and maintenance,  marketing, advertising, product/service offerings, analytics and fulfillment of orders. We require that these parties agree to process such information based on our instructions and in compliance with appropriate confidentiality measures.
  • We may also share your personal information with a business partner or independent reseller (either within or outside the United States) so that the business partner or independent reseller can contact you and facilitate the support, renewal, and purchase of our products and services. You may receive a communication directly from one of our business partners or independent resellers. We require that these parties agree to process such information based on our instructions and in compliance appropriate confidentiality measures. To find out the names and locations of the business partners and/or independent resellers to whom we have provided your information, please contact us at the address given at the end of this Privacy Policy.
  • We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary as required by law, such as to comply with a subpoena, and to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, detect, prevent, or otherwise address fraud, security or technical issues, or (c) protect against imminent harm to the rights, property or safety of Sonatype, its users or the public as required or permitted by law.
  • We become involved in a merger, acquisition, or any form of sale of some or all of our assets. In this event, you will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information. We may share with third parties aggregate information.

We transfer personal data outside the EEA to the United States. Where we make such transfers, we do so in compliance with the EU-U.S. and Swiss – U.S. Privacy Shield Frameworks (please see the section entitled "EU-U.S. Privacy Shield and Swiss – U.S. Privacy Shield", above, for further information). 

Withdrawing Consent or Otherwise Objecting to Direct Marketing

Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. 

You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions included in the applicable message, by setting preferences as may be otherwise indicated on the Site or by contacting Sonatype at the address set forth at the bottom of this Privacy Policy. If you have consented to receive direct marketing from third parties (such as other Sonatype companies, business partners or independent resellers), please follow those third parties' opt-out processes.

Please note that we will send you service-related email announcements when it is necessary to do so. For instance, if our Service is temporarily suspended for maintenance, we might send you an email. You do not have an option to opt out of these emails, which are not promotional in nature.


This Privacy Policy applies solely to information collected by Sonatype. The Site may contain links to other third-party websites. Even if the third party is affiliated with Sonatype through a business partnership or otherwise, we are not responsible for the privacy practices of other websites. We encourage our users to be aware when they leave the Site to read the privacy policies of each and every website that collects personal information.

Social Media Widgets

Our Web site includes Social Media Features, such as the Facebook Like button and Widgets, such as the Share this button or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.

Your Data Protection Rights

In certain jurisdictions, you may have certain rights in respect of your personal information. You may have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller.

In addition, you may have the right object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the GDPR and in national legislation. We will inform you of relevant exemptions we rely upon when responding to any request you make.

To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us at, by contacting us by telephone or postal mail at the contact information listed at the end of this Privacy Policy. If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.

California Privacy Rights

Under the California Consumer Privacy Act (Cal. Civ. Code § 1798.100-1798.199)​, a California consumer has the following rights:

  • Right to know about personal information collected, disclosed, or sold
  • Right to request deletion of personal information
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for the exercise of a consumer’s privacy rights

California consumers are also entitled to certain periodic updates concerning their personal information.

For more information about the California Consumer Privacy Act, including how to exercise the above rights, California consumers should visit our CCPA Privacy Policy page.

Customer Testimonials

We post customer testimonials on our web site which may contain personal information. We do obtain the customer's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to update or delete your testimonial, you can contact us at

Sonatype Blog

Our Web site offers a publicly accessible blog. Our blog is managed by a third-party application that may require you to register to post a comment. We do not have access or control of the information posted to the blog. You will need to contact or login to the third-party application if you want the personal information that was posted to the comments section removed. To learn how the third-party application uses your information, please review their privacy policy.


We will only retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services contact us at We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. If you want to learn more about our specific retention periods for your personal data, you may contact us at

Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.


The security of your personal information is important to us. When you enter sensitive information (such as credit card number or your password), we encrypt that information using reasonable security both during transmission and once we receive it. If you have any questions about security on our Site, you can contact us at 


Sonatype regularly reviews its compliance with this Privacy Policy. Please feel free to direct any questions or concerns regarding this Privacy Policy or Sonatype's treatment of personal information by emailing us at: or by writing to us at:

Privacy Matters 
Sonatype, Inc.
8161 Maple Lawn Blvd, Suite 250
Fulton, MD 20759

We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer or personal data that cannot be resolved between Sonatype and an individual.

Terms of Service, Notices and Revisions

Please also see our Terms of Service, which describe the restrictions, disclaimers, indemnification and limitation of liability governing the use of the Service. The Terms of Service also further describe our Service and the information we use.

Notification of Privacy Policy Changes

We may update this privacy policy to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact Us

If you have any questions or suggestions regarding our Privacy Policy, please contact us online, email us at, or write to us at:

Sonatype, Inc.

Attn: Privacy Office/Legal Department
8161 Maple Lawn Blvd, Suite 250
Fulton, MD 20759