Last updated: December 4, 2023

Previous version (effective November 22, 2019): https://www.panopto.com/privacy-policy-2019/

 

1. Introduction

This Panopto Authorized User Privacy Policy (this “Privacy Policy”) provides important information regarding how Panopto, Inc. and its subsidiaries and affiliates, including Panopto EMEA Limited, Panopto Asia Pte Ltd, Panopto Asia Pacific Limited, and Panopto ANZ Pty Ltd (collectively, “Panopto”, “we” or “us”), process, use, collect, disclose, and protect Personal Data (as defined below) when you use any Panopto products, software, platforms, applications, and services (the “Services”) through one of our Customers (as defined below). “Personal Data” is information about you that is personally identifiable or can be linked to you through a personal identifier, such as your e-mail address, phone number, location, or the physical address of your organization, and which is not otherwise publicly available (this definition is given here for the purpose of this Privacy Policy only, and some laws may use a different definition). This Privacy Policy does not apply to third-party services that are not under Panopto’s control; those parties’ services are governed by their own privacy policies. An organization or other third party, which is Panopto’s “Customer,” has entered into a written agreement with Panopto for the Services (the “Contract”) and has given you access to use the Services pursuant to the Contract. You, along with others in your organization, are each an “Authorized User.” The Contract contains Panopto’s commitment to deliver the Services to the Customer, which may then invite Authorized Users to access and use the Services. This Privacy Policy applies to you as an Authorized User of the Services. This Privacy Policy may change as our business evolves, so please check back regularly for updates and revisions.

 

2. Panopto is a Data Processor

The Services Panopto provides to its Customers primarily include a video hosting platform with
tools for creating, managing and distributing video, audio, written and other content
(“Content”) over the Internet. Customers are responsible, in their sole discretion, for
provisioning accounts to Authorized Users to give them access to the Services, and for removing
an account once a given Authorized User is no longer permitted to have such access. In each
case, the Customer is the controller of the Personal Data of its Authorized Users, and Panopto is
the processor carrying out data processing activities in accordance with the Customer’s
instructions.

If you use the Services through a Panopto Customer, such as an employer or school, that
Customer controls and administers your account, and may access, process, and share your
Personal Data, including the Content you create through the Services, in accordance with its
own policies and procedures. Panopto is not responsible for the privacy or security practices of
its Customers, which may differ from those set forth in this Privacy Policy.
Panopto has no direct control over the Personal Data collected by its Customers. Customers
choose the geographical region(s) for the storage of Personal Data, are directly responsible for
the configuration and administration of the Services they use, and are responsible for adhering
to legal and regulatory requirements, including the collection and maintenance of any
necessary rights, permissions, and consents for the Personal Data they collect and manage as a
controller.
In its capacity as a controller, each Customer is responsible for maintaining the privacy of the
Personal Data pertaining to its Authorized Users uploaded to the Services. Panopto processes
such Personal Data under the direction of the Customer, and has no direct relationship with the
individuals whose Personal Data it processes. Panopto is not responsible for disclosures of
information made by a Customer to its Authorized Users through the Services. If you are
concerned about your privacy while interacting with the Services or wish to exercise your rights
in connection with the Personal Data included in the Services, you should direct your inquiry or
request to the applicable Customer.

 

3. When Personal Data is Collected

We collect your Personal Data when it is provided to us by the Customer through which you
access the Services, as well as when you interact with the Services through a Customer’s
account, such as when you:

  • Upload Content into the Services
  • Appear within Content hosted on the Services
  • View, comment on, or otherwise interact with Content stored in the Services
  • Download, log into, or use a Panopto mobile or other application
  • Interact with a Panopto application programming interface (API)
  • Contact Panopto’s customer support team
  • Interact with Panopto on behalf of a Customer, such as when you are the Customer’s
    account administrator or technical contact

 

4. What Personal Data is Collected

When you use the Services, the following categories of Personal Data may be collected and
processed by Panopto:

  • Personal Data provided by the Customer: If you are an Authorized User, the Customer
    may provide your name, email address, and relation to the Customer in order to create
    an account for you on the Services.
  • Personal Data uploaded to the Services: The Content that you, other Authorized Users,
    and/or the Customer upload to the Services may include your Personal Data, such as
    photographic, video, and audio recordings, physical characteristics or descriptions, and
    likenesses of, or references to, you.
  • Passwords and login credentials: When you log in to the Services, we collect your user ID
    and password in order for you to access the Services. However, when you log in through
    the Customer’s systems connected to the Services, such as single sign-on or third-party
    portals, we may receive user login credentials or an anonymous identifier or token
    (depending on the configuration of those systems).
  • Information automatically collected: As is true of most websites, when you interact with
    the Services, we automatically gather certain types of information needed to deliver
    your actions and instructions over the Internet. This information is stored in our log files
    and may include Internet protocol (IP) addresses, type of device, operating system, and
    browser, unique device identifier, browser settings, where an application was
    downloaded from, usage information, events that occur within an application,
    performance data, Internet service provider (ISP), referring/exit pages, files viewed (e.g.,
    HTML pages, graphics, etc.), date/time stamp, and/or clickstream data. Similarly, if you
    contact our customer support team, we may automatically collect or request this
    information to aid in troubleshooting and error reporting.
  • Contact and billing information: If you are the Customer’s account administrator or
    technical contact, we will collect your name, email address, mailing and billing address,
    phone and fax numbers, and billing and account information, including payment details.

 

5. How Personal Data is Used

We use your Personal Data for the following purposes:

  • Provide the Services to the Customer and its Authorized Users, including performing the
    actions and instructions requested by you or the Customer
  • Diagnose and repair technical issues with the Services and provide other customer care and support services
  • Communicate Services and other relevant notifications to you
  • Protect the security and safety of the Services and our Customers, detect and prevent fraud, resolve disputes, and enforce our agreements
  • Include personalized features and recommendations within the Services that enhance your productivity and user experience enjoyment, and automatically tailor your experiences within the Services based on your activities, interests, and locations
  • Develop aggregate statistics and analytics information that enable us to operate, protect, make informed decisions about, and report on the performance of our business
  • Monitor the performance of the Services, track account usage, and test and improve the Services
  • Create audit logs to provide Customers with statistical analysis of the use of the Services and to enable us to monitor the Services, perform security audits, track errors, and report activity

 

6. Cookies and Similar Technologies

Panopto uses cookies and similar technologies in connection with the Services. A cookie is a file
containing an identifier (a string of letters and numbers) sent by a web browser, and then
stored by the browser. The identifier is sent back to the server each time the browser requests
a page from the Services. Panopto uses cookies in a number of ways, such as to authenticate an
Authorized User, help mitigate security threats, improve the performance of the Services, track
an Authorized User’s interactions with the Services, store information regarding an Authorized
User’s preferences, and collect analytics data.
You have the ability to decline or accept non-essential cookies within the Services if the
Customer through which you access the Services has selected the European Union as the
geographic region for the storage of Personal Data or if the Customer has otherwise chosen to
enable cookie settings for its Authorized Users. If you decline non-essential cookies, essential
cookies (namely those needed for the Services to be functional) will still be set. In addition, you
may be able to control the use of cookies and similar technologies at the individual browser
level. However, choosing to disable any cookies may limit your use of certain features or
functions on the Services. For more information about the cookies that Panopto uses, see the
Learn About Panopto’s Use of Cookies page.

 

7. Sharing of Personal Data

Panopto will never sell your Personal Data or share it with any third party for marketing
purposes. Your Personal Data may be shared or disclosed to a third party in the following
limited circumstances:

  • Panopto and its subsidiaries and affiliates are in different countries around the world,
    and by accessing the Services, your Personal Data may be transferred outside of your
    local jurisdiction. See the International Data Transfers section of this Privacy Policy
    below for more information on such transfers.
  • We use trusted third-party service providers to help us operate and administer certain
    aspects of the Services. For example, we use service providers for web hosting,
    customer service support, and other business operations, and such service providers
    may need access to Personal Data to complete those functions. In such cases, these
    service providers must abide by our data privacy and security requirements and are not
    allowed to use Personal Data they receive from us for any other purpose.
  • At the Customer’s discretion and choice, the Services may be integrated with other
    third-party systems, applications, or hardware, such as unified communications
    platforms, learning management systems, or video equipment. In such cases, your
    Personal Data may be shared with the companies that provide these systems,
    applications, or hardware. We encourage you to review and understand the terms and
    conditions and privacy policies of such third parties, over which we have no control or
    responsibility as to their use of your Personal Data.
  • In the event Panopto is acquired or merges with another company, the Services
    (including the Personal Data included in them) may be transferred to another entity.
  • As we believe to be necessary or appropriate, we may disclose Personal Data (a) in
    accordance with applicable laws, (b) to comply with a subpoena or other legal process,
    (c) to respond to requests from public and government authorities, (d) to enforce our
    terms and conditions, (e) to protect our operations or those of any of our affiliates, (f) to
    protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or
    others, and (g) to allow us to pursue available remedies or limit the damages that we
    may sustain.

 

8. Protection of Personal Data

Panopto maintains an information security program, under which it has adopted security
measures to protect Personal Data against loss, theft, unauthorized access, alteration,
disclosure, or destruction.  Among other things, these measures include policies, procedures,
employee training, physical access control, and technical elements relating to data access
controls.  In addition, Panopto uses industry-standard encryption to protect Personal Data
when it is being exchanged or transmitted.  Panopto has also obtained various compliance
certifications and undergoes audits to ensure continued security and compliance best practices.

However, data transmissions over the Internet cannot be guaranteed to be 100% secure or safe
from intrusion by others. Be sure to use secure Internet connections, protect your login
credentials, and create strong passwords for your Services account. For more information
about the measures Panopto takes to protect Personal Data, see the Learn About Panopto’s
Information Security Program page.

 

9. Data Retention

We may retain your Personal Data (even after you cease to use the Services) for any lawfully
permitted period of time and as necessary to meet our legal and contractual obligations,
enforce our agreements, and enable us to investigate events and resolve disputes.

 

10. Your Rights as a Data Subject

Depending on your location, Panopto may have certain legal obligations to its Customers
relating to your Personal Data. For example, Panopto has obligations as a data processor or
service provider under the European Union’s General Data Protection Regulation, the United
Kingdom’s Data Protection, Privacy and Electronic Communication Regulations, Switzerland’s
Federal Act on Data Protection, the California Consumer Privacy Act and the California Privacy
Rights Act, and other applicable data protection laws or regulations (“Data Protection Laws”).
In addition, you (as a data subject) may have certain rights under these Data Protection Laws,
such as:

  • The right to object to processing
  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to lodge a complaint
  • The right to withdraw consent

However, it is important to keep in mind that Panopto is a service provider to its Customers,
and therefore acts as a processor, and not a controller, of your Personal Data.  If you wish to
exercise any of your rights pursuant to applicable Data Protection Laws, you should contact the
relevant Customer, which is the controller of your Personal Data and is therefore responsible
for protecting your rights under these Data Protection Laws. If you contact Panopto directly, we
may forward your request or inquiry to the relevant Panopto Customer.

 

11. International Data Transfers

As described above, Customers have control and responsibility for selecting the appropriate
geographical region(s) in which they store and upload Personal Data and administering the
Services in accordance with applicable Data Protection Laws.
Panopto is a multinational organization that is headquartered in the United States and has
subsidiaries, systems, and business functions around the world. In its capacity as a processor to
its Customers, Panopto may share Personal Data with its affiliates and service providers, which
may involve transferring it to other countries or allowing personnel at Panopto or its affiliates
or service providers to remotely access it from other countries. Where required, such
international transfers may be made pursuant to data processing agreements with standard
contractual clauses or an alternative mechanism allowed under applicable Data Protection
Laws. These other countries may have Data Protection Laws that are different from those in
your country. Regardless of location, Panopto handles Personal Data as described in this Privacy
Policy, and takes steps to ensure that any recipient of your Personal Data adheres to these
same practices.

 

12. Changes to this Privacy Policy

We may change, modify, or update this Privacy Policy at any time. When we do, we will revise
the date at the top of this page and provide a link to the archived previous version. We
encourage you to check this page frequently for any changes to this Privacy Policy.

 

13. Contacting Panopto

If you have any questions or concerns about your privacy in connection with your use of the
Services through a Customer, you should direct them to that specific Customer. As noted
above, if you contact us with any such questions or concerns, we may forward them to the
relevant Customer.
If you have any questions about this Privacy Policy, please contact us at data-
[email protected] or via mail (worldwide) at:

Panopto, Inc.
Attn: Data Protection Officer
600 River Avenue
Suite 100
Pittsburgh, PA 15212