Policies and Procedures

• 2023 Terms of Use
• 2022 Terms of Use
• 2021 Terms of Use

Last updated: January 11, 2021

Buffer provides this Privacy Policy to inform you of our policies and procedures regarding the collection, use, protection, and disclosure of Personal Information received from your use of this website, located at https://buffer.com (“Site”), as well as all related websites including our subdomains, applications, browser extensions, and other services provided by us (collectively, together with the Site, our “Service”), and in connection with our customer, vendor, and partner relationships. This Privacy Policy also tells you about your rights and choices with respect to your Personal Information, and how you can reach us to update your contact information or get answers to questions you may have about our privacy practices.

In addition to the activities described in this Privacy Policy, we may process Personal Information on behalf of our commercial customers when they use the Service. We process such Personal Information as a data processor of our commercial customers, which are the entities responsible for the data processing. To understand how a commercial customer processes your Personal Information, please refer to that customer's privacy policy.

If you are a California resident, our Privacy Notice for California Residents includes additional information about your rights and how we collect, use, and share information.

Registration with, use of, and access to the Service is subject to this Privacy Policy and our Terms of Use located at https://buffer.com/legal#terms. All terms not defined in this Privacy Policy will have the meanings set forth in the Buffer Terms of Use.

Here are the sections below:

1. Personal Information We May Collect
2. Personal Information Provided by You
   Personal Information Collected from Connected Social Media Accounts
   Personal Information Automatically Obtained from Your Interactions with the Service
3. How We May Use Your Personal Information
4. How We Share Your Personal Information
5. How We Protect Your Personal Information
6. Your Rights and Choices
7. Data Transfers
8. Children's Privacy
9. Updates to this Privacy Policy
10. Your California Privacy Rights
11. How to Contact Us

1. Personal information we may collect

For the purpose of this Privacy Policy, “Personal Information” means any information relating to an identified or identifiable individual. We obtain Personal Information relating to you from various sources described below.

Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. If you do not provide Personal Information when requested, you may not be able to benefit from our Service if that information is necessary to provide you with the service or if we are legally required to collect it.

2. Personal information provided by you

Registration
If you desire to have access to certain restricted sections of the Site or request to receive marketing materials, you may be required to become a registered user, and to submit the following types of Personal Information to Buffer: your name, email address, phone number, full user name, password, city, and time zone.

Customer Support
We may collect information through your communications with our customer support team or other communications that you may send us and their contents.

Making a Purchase
When you make payments through the Service, you will need to provide Personal Information such as your credit card number and billing address.

Social Media
In order to allow you to post to your social media platforms, we may ask you to provide your username, account ids, social handle, timezones, and email address.

Other
We may also collect your contact details when you provide them in the context of our customer, vendor, and partner relationships.

2a. Personal Information Collected from Connected Social Media Accounts

If you connect your third party social media account to your Buffer account, we may collect certain information stored in your social media account such as:

Facebook
Buffer may allow you to connect a Facebook page or profile to your Buffer account, in which case we will access certain information from Facebook regarding your account. In particular, we may collect profile image, display name, username / page ID or profile ID, access tokens, sent posts. This includes the content of your post and engagement data (such as click rates, likes, re-shares, impressions, as well as general engagement counts), to the extent permitted by applicable law. This data will only be used by Buffer to provide you with the Service you expect and will not be shared with any third parties.

Twitter
Buffer may allow you to connect a Twitter profile to your Buffer account, in which case we will access certain information from Twitter regarding your account. In particular, we may collect profile image, display name, username / profile ID, access tokens, and sent posts. This includes the content of your post and engagement data (such as click rates, likes, retweets, re-shares, impressions, as well as general engagement counts), to the extent permitted by applicable law. This data will only be used by Buffer to provide you with the Service you expect and will not be shared with any third parties.

Instagram
Buffer may allow you to connect an Instagram profile to your Buffer account, in which case we will access certain information from Instagram regarding your account. In particular, we may collect profile image, display name, username / profile ID, access tokens, and sent posts. This includes the content of your post and engagement data (such as click rates, likes, re-shares, impressions, as well as general engagement counts), to the extent permitted by applicable law. This data will only be used by Buffer to provide you with the Service you expect and will not be shared with any third parties.

Pinterest
Buffer may allow you to connect a Pinterest page or profile to your Buffer account, in which case we will access certain information from Pinterest regarding your account. In particular, we may collect profile image, display name, username / profile ID, access tokens, sent posts, and profile boards. This includes the content of your post and engagement data (such as click rates, likes, re-shares, re-pins, impressions, as well as general engagement counts), to the extent permitted by applicable law. This data will only be used by Buffer to provide you with the Service you expect and will not be shared with any third parties.

LinkedIn
Buffer may allow you to connect a LinkedIn profile to your Buffer account, in which case we will access certain information from LinkedIn regarding your account. In particular,
we may collect profile image, display name, username / profile ID, access tokens, and sent posts. This includes the content of your post and engagement data (such as click rates, likes, re-shares, impressions, as well as general engagement counts), to the extent permitted by applicable law. This data will only be used by Buffer to provide you with the Service you expect and will not be shared with any third parties.

Additionally, if you connect Twitter, Facebook, or Instagram when utilizing Buffer Analyze we may collect: profile image, display name, username / handle, access tokens, social channels insights data and social accounts demographic data, sent tweets, social account's followers count, social account's insights data and social account's audience data.

Shopify

Buffer may allow you to connect a Shopify store to your Buffer account, in which case we will access certain information from Shopify regarding your store. In particular, we may collect your myshopify URL, store name, access tokens, and store analytics. This includes the referrals and engagement data (such as click rates, views and engagement counts), sales, and anonymized customer data, to the extent permitted by applicable law. This data will only be used by Buffer to provide you with the Service you expect and will not be shared with any third parties.

TikTok

Buffer may allow you to connect a TikTok profile to your Buffer account, in which case we will access certain information from TikTok regarding your account. In particular, we may collect profile image, display name, username / profile ID, access tokens, and sent posts. This includes the content of your post and engagement data (such as click rates, likes, re-shares, impressions, as well as general engagement counts), to the extent permitted by applicable law. This data will only be used by Buffer to provide you with the Service you expect and will not be shared with any third parties.

Google Business Profiles

Buffer may allow you to connect a Google Business Profile to your Buffer account, in which case we will access certain information from your Google Business Profile regarding your account. In particular, we may collect profile image, display name, username / profile ID, access tokens, and sent posts. This includes the content of your post and engagement data (such as click rates, likes, re-shares, impressions, as well as general engagement counts), to the extent permitted by applicable law. This data will only be used by Buffer to provide you with the Service you expect and will not be shared with any third parties.

2b. Personal Information Automatically Obtained from Your Interactions with the Service

Log Data
When you use our Service, our servers automatically record information that your browser sends whenever you visit a website (“Log Data”). This Log Data may include information such as your IP address, browser type or the domain from which you are visiting, the web-pages you visit, the search terms you use, and any advertisements on which you click.

Cookies and Similar Technologies
Like many websites, we also use “cookie” technology to collect additional website usage data and to improve the Site and our Service. A cookie is a small data file that we transfer to your computer's hard disk. A session cookie enables certain features of the Site and our service and is deleted from your computer when you disconnect from or leave the Site. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Site. Persistent cookies can be removed by following your web browser help file directions. Most Internet browsers automatically accept cookies. Buffer may use both session cookies and persistent cookies to better understand how you interact with the Site and our Service, to monitor aggregate usage by our users and web traffic routing on the Site, and to improve the Site and our Service.

We may also automatically record certain information from your device by using various types of technology, including “clear gifs” or “web beacons.” This automatically collected information may include your IP address or other device address or ID, web browser and/or device type, the web pages or sites that you visit just before or just after you use the Service, the pages or other content you view or otherwise interact with on the Service, and the dates and times that you visit, access, or use the Service. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message, to the extent permitted under applicable law.

You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Please note that if you delete, or choose not to accept, cookies from the Service, you may not be able to utilize the features of the Service to their fullest potential.

Third Party Web Beacons and Third Party Buttons
We may display third-party content on the Service, including third-party advertising. Third-party content may use cookies, web beacons, or other mechanisms for obtaining data in connection with your viewing of the third party content on the Service. Additionally, we may implement third party buttons, such as Facebook “share” buttons, that may function as web beacons even when you do not interact with the button. Information collected through third-party web beacons and buttons is collected directly by these third parties, not by Buffer. Please consult such third party's data collection, use, and disclosure policies for more information.

Links to Other Websites
Our Site contains links to other websites. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit Personal Information from you. Other sites follow different rules regarding the use or disclosure of the Personal Information you submit to them. We are not responsible for the content, privacy and security practices, and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to read the privacy policies or statements of the other websites you visit.

3. How we may use your personal information

We may use the Personal Information we obtain about you to:

• create and manage your account, provide our Service, process payments, and respond to your inquiries;
• manage account authentication such as two-factor authentication
• communicate with you to verify your account and for informational and operational purposes, such as account management, customer service, or system maintenance, including by periodically emailing you service-related announcements;
• tailor our Service (e.g., we may use cookies and similar technologies to remember your preferences);
• publish your content, comments or messages on social media platforms;
• provide tailored advertising, for Buffer services, via Google AdWords;
• aggregate your Personal Information for analytical purposes;
• provide customer support;
• operate, evaluate and improve our business (including by developing new products and services; managing our communications; determining the effectiveness of our advertising; analyzing how the Service is being accessed and used; tracking performance of the Service; debugging the Service; facilitating the use of our Service);
• send you marketing communications about products, services, offers, programs and promotions of Buffer, and affiliated companies;
• ensure the security of our Service;
• manage our customer, service provider and partner relationships;
• enforce our agreements related to our Service and our other legal rights; and
• comply with applicable legal requirements, industry standards and our policies.

4. How we share personal information

We may disclose the Personal Information we collect about you as described below or otherwise disclosed to you at the time the data is collected, including with:

Social Media Platforms
Our primary purpose for using information is to publish your content on social platforms, allow you to track metrics for analytical purposes, and engage with customers through public replies and conversations (direct messages or “DMs”).We may allow you to link your account on Buffer with an account on a third party social network platform, such asTwitter or Facebook, and to transfer your information to and from the applicable third party platform. Once you share your content to a social media platform, its use will be governed by that platform's privacy policy.
Service Providers

We engage certain trusted third parties to perform functions and provide services to us, including hosting and maintenance, error monitoring, debugging, performance monitoring, billing, customer relationship, database storage and management, and direct marketing campaigns. We may share your personal information with these third parties, but only to the extent necessary to perform these functions and provide such services. We also require these third parties to maintain the privacy and security of the personal information they process on our behalf.

Compliance with Laws and Law Enforcement
Buffer cooperates with government and law enforcement officials or private parties to enforce and comply with the law. To the extent permitted under applicable law, we may disclose any information about you to government or law enforcement officials or private parties as we believe is necessary or appropriate to investigate, respond to, and defend against claims, for legal process (including subpoenas), to protect the property and rights of buffer or a third party, to protect buffer against liability, for the safety of the public or any person, to prevent or stop any illegal, unethical, fraudulent, abusive, or legally actionable activity, to protect the security or integrity of the service and any equipment used to make the service available, or to comply with the law.
Business Transfers
Buffer may sell, transfer or otherwise share some or all of its assets, including personal information, in connection with a merger, acquisition, reorganization, sale of assets, or similar transaction, or in the event of insolvency or bankruptcy. You will have the opportunity to opt out of any such transfer if the new entity's planned processing of your information differs materially from that set forth in this privacy policy.
Other Third Parties
We may share personal information with our headquarters and affiliates, and business partners to whom it is reasonably necessary or desirable for us to disclose your data for the purposes described in this privacy policy. We may also make certain non-personal information available to third parties for various purposes, including for business or marketing purposes or to assist third parties in understanding our users' interest, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and functionality available through the service.

5. How we protect personal information

Buffer cares deeply about safeguarding the confidentiality of your personal information. We employ administrative and electronic measures designed to appropriately protect your personal information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the personal information in our possession. Please be aware that no security measures are perfect or impenetrable. We cannot guarantee that information about you will not be accessed, viewed, disclosed, altered, or destroyed by breach of any of our administrative, physical, and electronic safeguards, subject to requirements under applicable law to ensure or warrant information security.

We will make any legally-required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored personal information to you via email or conspicuous posting on our site in the most expedient time possible and without unreasonable delay, consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system , and any other disclosures that may be required under applicable law.

We also take measures to delete your personal information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrollment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

6. Your rights and choices

If you decide at any time that you no longer wish to receive marketing communications from us, please follow the unsubscribe instructions provided in any of the communications. You may also opt out from receiving commercial email from us by sending your request to us by email at hello@buffer.com.

Please be aware that, even after you opt out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the service.

In certain jurisdictions you have the right to request access and receive information about the personal information we maintain about you, to update and correct inaccuracies in your personal information, to restrict or object to the processing of your personal information, to have the information blocked, anonymized or deleted, as appropriate, or to exercise your right to data portability to transfer your personal information to another company. Those rights may be limited in some circumstances by local law requirements. For example, california residents can refer to the separate california resident privacy notice to learn more about their california privacy rights. In addition to the above-mentioned rights, you also have the right to lodge a complaint with a competent supervisory authority subject to applicable law.

Where required by law, we obtain your consent for the processing of certain personal information collected by cookies or similar technologies, or used to send you direct marketing communications, or when we carry out other processing activities for which consent may be required. If we rely on consent for the processing of your personal information, you have the right to withdraw it at any time and free of charge. When you do so, this will not affect the lawfulness of the processing before your consent withdrawal.

To update your preferences, ask us to remove your information from our mailing lists, delete your account or submit a request to exercise your rights under applicable law, please contact us as specified in the how to contact us section below.

7. Data Transfers

Buffer is based in the united states. Personal information that we collect may be transferred to, and stored at, any of our affiliates, partners or service providers which may be inside or outside the european economic area (eea) and switzerland, including the united states. By submitting your personal data, you agree to such transfers. Your personal information may be transferred to countries that do not have the same data protection laws as the country in which you initially provided the information. When we transfer or disclose your personal information to other countries, we will protect that information as described in this privacy policy.

Individuals Located in the EEA, the UK or Switzerland

If you are located in the european economic area (eea), the united kingdom, or switzerland, we comply with applicable legal requirements for the transfer of personal information to countries outside of the eea, the united kingdom, and/or switzerland. In particular, we rely on your explicit consent to transfer your personal information to buffer in the u. S. The u. S. Is considered not to provide a similar level of data protection as the eea, the united kingdom and switzerland. You can at all times revoke your consent simply by contacting us at hello@buffer.com. In addition, we may enter into Standard Contractual Clauses Issued by the european commission with our commercial customers where appropriate.

8. Children's privacy

The site is not directed to persons under 16. If a parent or guardian becomes aware that his or her child has provided us with personal information without their consent, he or she should contact us at hello@buffer.com. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will delete such information from our files.

9. Updates to this Privacy Policy

This privacy policy may be updated from time to time for any reason; each version will apply to information collected while it was in place. We will notify you of any modifications to our privacy policy by posting the new privacy policy on our site and indicating the date of the latest revision. You are advised to consult this privacy policy regularly for any changes.

In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. For example, we may send a message to your email address or generate a pop-up or similar notification when you access the service for the first time after such material changes are made. Your continued use of the service after the revised privacy policy has become effective indicates that you have read, understood and agreed to the current version of this privacy policy.

10. Your California privacy rights

California law affords california residents certain additional rights regarding our collection and use of your personal information. To learn more about your california privacy rights, please visit our Privacy Notice for California Residents.

11. How to contact us

Buffer inc. Is the entity responsible for the processing of your personal information. If you have any questions or comments regarding this privacy policy, or if you would like to exercise your rights to your personal information, you may contact us by emailing us at hello@buffer.com. Or by writing to us at:

Buffer Inc
2443 Fillmore St #380-7163
San Francisco, CA 94115

This Privacy Policy is effective as of
August 6, 2018.

If you have any thoughts or questions about this privacy policy please let us know at hello@buffer.com

This California Resident Privacy Notice supplements the information and disclosures contained in our Privacy Policy. It applies to individuals residing in California from whom we collect Personal Information as a business under California law.

1. Personal Information Collection, Disclosure, and Sale

For the purposes of this notice, Personal Information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, or as otherwise defined by the California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100 to 1798.199) and its implementing regulations, as amended or superseded from time to time (“CCPA”).

Personal Information does not include information that is:

• Lawfully made available from government records.
• De-identified or aggregated.
• Otherwise excluded from the scope of the CCPA.

The chart below provides the categories of Personal Information (as defined by the CCPA) we have collected, disclosed for a business purpose, sold, or used for business or commercial purposes in the preceding twelve months since this notice was last updated, as well as the categories of sources from which that information was collected, and the categories of third parties with whom we shared Personal Information. The examples of Personal Information provided for each category reflect each category's statutory definition and may not reflect all of the specific types of Personal Information associated with each category.

In the preceding twelve months, we have not sold any California resident's Personal Information.

The EU's General Data Protection Regulations (GDPR) take effect May 25, and we are fully behind the spirit of these regulations for a safe and secure Internet. We aspire to embrace privacy by design and, whenever possible, to not collect and store personally-identifiable information.

Our Privacy Policy contains mentions of the few instances where personally-identifiable information is required. Typically this will include an email address in order to log in to Buffer or a social network username in order to manage your account.

Overall, we aim for privacy by default: if data collection is not integral to the way our product works, then we won't collect it. This approach has felt very much in line with the spirit of GDPR, and we're fortunate that a lot of these data collection practices have been in place at Buffer for some time. As such, you may see few banners or forms requesting consent for us to collect personally-identifiable information for tracking or other purposes. We don't deem this information necessary to provide Buffer's service to you, and we choose not to engage in activities and strategies that make this data relevant.

At any time, you may request your information to be exported and sent to you for review, and we promptly honor any requests by you to have your information deleted and forgotten.

Here is what we've done for GDPR compliance:

Data Mapping

Status: Complete

We are auditing all areas of Buffer to determine what personal data we collect and for what purpose. In a case where collecting personal data is not essential, we are removing that collection process.

Privacy Policy

Status: Complete

We're working with a legal consultant to ensure that our policy contains the proper language, that it's easy to understand, and that it communicates clearly any instances of personal data collection.

Cookies

Status: Complete

We have added a cookie notice to all marketing pages and blogs in order to comply with the E-Privacy Directive. We do not collect personally-identifiable information with our cookies, but we do want to acknowledge the use of cookie technology on our website.

Deletion

Status: Complete

A user has the right to request that we delete all of their personal data by deleting their Buffer account.

Delete my data

Access / Portability

Status: Complete

A user can request access to a copy of the personal data that we have collected. Users who wish to request portability can reach out to us at any time.

Get in touch

Modification

Status: Complete

In Buffer, if a user asks to change their information, we can do so within our admin portal. If a user has a modification to make, they can reach out to us at privacy@buffer.com.

Data Protection Agreement

Status: Complete

We are creating a legal agreement that users and external parties can receive from us, promising the protection all personally identifiable information that we collect and store.

See the full agreement

Data Protection Agreement

Within Section 7 of our DPA, we commit to displaying a list of all current sub-processors in use by Buffer. A sub-processor includes any third party that we share personally identifiable info with.

Here is that list: AWS, Bugsnag, Cloudflare, Compose, Fivetran, Fullstory, Google, GoSquared, Hotjar, HelpScout, Homerun, Hubspot, Intercom, Looker, MongoDB, Atlas, Mailchimp, Mixpanel, NiceReply, NiceReply, Pusher, Qualaroo, Sendgrid, Smooch, Stripe, Twilio, Wootric.

Cookie Statement

Like many websites, we also use "cookie" technology to collect additional website usage data and to improve the Site and our Service. A cookie is a small data file that we transfer to your computer's hard disk. A session cookie enables certain features of the Site and our service and is deleted from your computer when you disconnect from or leave the Site. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Site. Persistent cookies can be removed by following your web browser help file directions. Most Internet browsers automatically accept cookies. Buffer may use both session cookies and persistent cookies to better understand how you interact with the Site and our Service, to monitor aggregate usage by our users and web traffic routing on the Site, and to improve the Site and our Service.

We may also automatically record certain information from your device by using various types of technology, including “clear gifs” or “web beacons.” This automatically collected information may include your IP address or other device address or ID, web browser and/or device type, the web pages or sites that you visit just before or just after you use the Service, the pages or other content you view or otherwise interact with on the Service, and the dates and times that you visit, access, or use the Service. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message, to the extent permitted under applicable law.

You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Please note that if you delete, or choose not to accept, cookies from the Service, you may not be able to utilize the features of the Service to their fullest potential.

Dispute Resolution Process

In the unlikely event that a dispute arises between you and Buffer regarding our handling of your User Personal Information, we will do our best to resolve it.

Additionally, if you are a resident of an EU member state you have the right to file a complaint through our GDPR Representative, DataRep, located in Ireland. Please address complaints to:

DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland

If you are a resident of the UK you have the right to file a complaint through our GDPR Representative, DataRep, located in the UK. Please address complaints to:

DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom

Frequently asked questions about GDPR and Buffer

Q: As a social media marketer, how will the GDPR affect me?

A: If you are a business with customers in the EU, the GDPR will be applicable to you when you are handling personal data of your EU customers. We recently published this blog post about what it means for social media marketers. We hope you find it useful, but advise you to consult a legal advisor to ensure you are compliant.

Q: Does the GDPR change how I can use Buffer?

A: No. Buffer's features and functionality are unaffected by the GDPR.

Q: How does Buffer collect data—by e-mail, electronic forms, activity tracking, etc.?

A: We primarily collect data when a user sign-up for Buffer services. Where data tracking is enabled we make sure that we do not collect any personally identifiable information.

Welcome to Buffer's Guide to the Digital Millennium Copyright Act, commonly known as the “DMCA.” This page is as an overview of the statute, and should not be considered as comprehensive. However, if you've received a DMCA takedown notice targeting a file you have hosted on Buffer or if you're a rights-holder looking to issue such a notice, this page will hopefully help to lay out our policies for complying with it.

If you just want to submit a notice, you can skip to the end.

As with all legal matters, it is always best to consult with a professional about your specific questions or situation. We strongly encourage you to do so before taking any action that might impact your rights. This guide isn't legal advice and shouldn't be taken as such.

What Is the DMCA?

In order to understand the DMCA and some of the policy lines it draws, it's helpful to learn about the reasons the act was created.

Before the DMCA, an Internet-based service provider like Buffer could be liable for copyright infringement in the United States just for hosting its users' pictures, music, videos or code. This was true even if it had no actual knowledge of any infringing content. This was a problem, since even a single claim of copyright infringement can carry statutory damages of up to $150,000. With potential damages that high multiplied across millions of users, cloud-computing and user-generated content sites like YouTube, Facebook or GitHub probably never would have existed (or at least not without passing some of that cost downstream to their users).

The DMCA attempted to fix this problem by creating a so-called copyright liability “safe harbor” for internet service providers hosting allegedly infringing user-generated content. (See U.S. Code, Title 17, Section 512.) Essentially, so long as a service provider follows the DMCA's notice-and-takedown rules, it won't be liable for copyright infringement based on user-generated content. Because of this it is important for Buffer to maintain its DMCA safe-harbor status.

DMCA Notices

The DMCA provides two simple, straightforward procedures that all Buffer users should know about: (i) a takedown-notice procedure for copyright holders to request that content be removed; and (ii) a counter-notice procedure for users to get content reenabled when content is taken down by mistake.

DMCA takedown notices are used by copyright owners to ask Buffer to take down infringing content. If someone else is using your copyrighted content in an unauthorized manner on Buffer, you can send us a DMCA takedown notice to request that the infringing content be changed or removed.

On the other hand, counter notices can be used to correct mistakes. Maybe the person sending the takedown notice does not hold the copyright or did not realize that you have a license or made some other mistake in their takedown notice. Since Buffer usually cannot know if there has been a mistake, the DMCA counter notice allows you to let us know and ask that we put the content back up.

A. How It Works

Buffer acts as a middleman. The copyright owner gives Buffer a complaint about a user. If that complaint has been filed properly, we pass it along to the user. If the user disputes the complaint, Buffer passes that dispute back to the copyright owner. Buffer passes no judgement apart from verifying the notices meet the minimum requirements of the DMCA. It is up to the parties (and their lawyers) to evaluate the merit of their claims, bearing in mind that notices must be made under penalty of perjury.

These are the basic steps of the process:

1. Copyright Owner Investigates. A copyright owner should always conduct an initial investigation to confirm both (a) that they own the copyright to an original work and (b) that the content on Buffer is unauthorized and infringing.

2. Copyright Owner Sends A Notice. After conducting an investigation, a copyright owner prepares and sends a takedown notice to Buffer. Assuming the takedown notice is sufficiently detailed according to the statutory requirements (as explained in the how-to guide), we will post the notice to our public repository and pass the link along to the affected user.

3. Buffer Asks User to Make Changes. If the notice alleges that the entire contents of a site infringe, we will skip to Step 6 and take the site offline. Otherwise, because Buffer cannot disable access to specific pages or files on a site, we will contact the user and give them approximately 24 hours to delete or modify the content specified in the notice. We'll notify the copyright owner if and when we give the user a chance to make changes.

4. User Notifies Buffer of Changes. If the user chooses to make the specified changes, they must tell us so within the approximately 24-hour window. If they don't, we will take the site offline (as described in Step 6). If the user notifies us that they made changes, we will verify that the changes have been made and then notify the copyright owner.

5. Copyright Owner Revises or Retracts the Notice. If the user makes changes, the copyright owner must review them and renew or revise their takedown notice if the changes are insufficient. Buffer will not take any further action unless the copyright owner contacts us to either renew the original takedown notice or submit a revised one. If the copyright owner is satisfied with the changes, they may either submit a formal retraction or else do nothing. Buffer will interpret silence longer than two weeks as an implied retraction of the takedown notice.

6. Buffer May Disable Access to the Content. Buffer will disable a user's site if: (i) the copyright owner has alleged copyright over the user's entire site (as noted in Step 3); (ii) the user has not made any changes after being given an opportunity to do so (as noted in Step 4); or (iii) the copyright owner has renewed their takedown notice after the user had a chance to make changes. If the copyright owner chooses instead to revise the notice, we will go back to Step 2 and repeat the process as if the revised notice were a new notice.

7. User May Send A Counter Notice. We encourage users who have had content disabled to consult with a lawyer about their options. If a user believes that their content was disabled as a result of a mistake or misidentification, they may send us a counter notice. As with the original notice, we will make sure that the counter notice is sufficiently detailed (as explained in the how-to guide). If it is, we will post it to our public repository and pass the notice back to the copyright owner by sending them the link.

8. Copyright Owner May File a Legal Action. If a copyright owner wishes to keep the content disabled after receiving a counter notice, they will need to initiate a legal action seeking a court order to restrain the user from engaging in infringing activity relating to the content on Buffer. In other words, you might get sued. If the copyright owner does not give Buffer notice within 10-14 days, by sending a copy of a valid legal complaint filed in a court of competent jurisdiction, Buffer will reenable the disabled site.

B. What If I Inadvertently Missed the Window to Make Changes?

There are any number of reasons you may not have been able to make changes within the 24 hour window we provide for changes before your site is taken offline. If you respond to let us know you were willing to comply with the requested changes but missed your window, we will re-enable your site for an additional 24 hours to allow you to make the necessary changes. You must notify us that you have made the changes for your site to continue to be live after that 24-hour window expires, as noted above. Please note we will only provide one 24-hour period for you to make these changes.

C. Transparency

We believe that transparency is a virtue. The public should know what content is being removed from Buffer and why. An informed public can notice and surface potential issues that would otherwise go unnoticed in an opaque system. We post redacted copies of any legal notices we receive (including original notices, counter notices or retractions) at https://github.com/bufferapp/dmca. We will not publicly publish your personal contact information; we will remove personal information (except for usernames in URLs) before publishing notices. We will not, however, redact any other information from your notice unless you specifically ask us to.

Please also note that, although we will not publicly publish unredacted notices, we may provide a complete unredacted copy of any notices we receive directly to any party whose rights would be affected by it.

D. Repeated Infringement

It is the policy of Buffer, in appropriate circumstances and in its sole discretion, to disable and/or terminate the accounts of users who may infringe upon the copyrights or other intellectual property rights of Buffer and/or others.

E. Submitting Notices

If you are ready to submit a notice or a counter notice:

• How to Submit a DMCA Notice
• How to Submit a DMCA Counter Notice

*Note: Buffer's DMCA policies have been influenced by those at Netlify.

Buffer Inc. (“Buffer”) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (the “Frameworks”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information (as defined below) that is transferred from the European Economic Area (“EEA”), the United Kingdom and/or Switzerland, to the United States in reliance on Privacy Shield. Buffer has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (the “Principles”) with respect to such information.

If there is any conflict between the terms in this privacy policy and the Principles, the Principles will govern. To learn more about the Privacy Frameworks, and to view our certification, please visit https://www.privacyshield.gov/.

This Privacy Shield Policy supplements our Privacy Policy. Capitalized terms used in this Privacy Shield Policy have the meaning given to them by our Privacy Policy, unless specifically defined in this Policy. In case of conflict between our Privacy Policy and this Policy with regard to our privacy practices under the Frameworks, this Policy prevails. This Policy applies to Buffer, which is subject to the investigatory and enforcement powers of the Federal Trade Commission.

Personal Information Received from the European Economic Area & Switzerland
Buffer may receive from the EEA and Switzerland some or all of the information listed in our Privacy Policy. Some of that information may qualify as “personal information” or “personal data” (collectively, “Personal Information”) as defined in the Principles. To the extent that Buffer receives Personal Information from the EEA and Switzerland in reliance on the Frameworks, Buffer will handle such Personal Information in accordance with the Principles.

How We Obtain Personal Information
We obtain and process Personal Information in different capacities.

As a data controller, we collect and process Personal Information from the EEA and Switzerland when offering our products and services to individuals as set forth in our Privacy Policy.

As a data processor, we process Personal Information from the EEA and Switzerland on behalf of our commercial customers when providing our B2B products and services. In that context, we only process Personal Information on behalf of and at the direction of our commercial customers (which are data controllers), as explained in the Privacy Policy.

For all types of processing, Buffer commits to the Principles of the Privacy Shield with respect to all Personal Information received from the EEA and Switzerland in reliance on the Frameworks.

Notice
We provide information regarding our privacy practices in our Privacy Policy.

When we process Personal Information on behalf of our commercial customers, our commercial customers determine the categories of data they provide to our Service and the purposes of the processing. Accordingly, our commercial customers are responsible for providing notice to individuals and you should review their privacy policies for more information regarding their data processing practices.

Data Integrity and Purpose Limitation
Buffer may use the Personal Information it receives from the EEA and Switzerland for the purposes set forth in our Privacy Policy or as you may otherwise be notified. We take reasonable steps to ensure that the Personal Information we process is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Information. We will not process Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We will adhere to the Principles for as long as we retain the Personal Information collected under the Frameworks.

Onward Transfers
Our Privacy Policy describes the circumstances in which we may disclose your information to third parties. We remain responsible for the processing of Personal Information received under the Frameworks and subsequently transferred to a third party acting as an agent if the agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage. We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Data Security
We use reasonable and appropriate measures to protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.

Choice
We will give you an opportunity to choose whether your Personal Information may be used for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized by you, or if we intend to disclose it to a third party acting as a data controller that we have not previously disclosed to you. In such circumstances, we will notify you and offer you the opportunity to opt-out of such uses and/or disclosures where non-sensitive Personal Information is involved, and to opt-in where sensitive Personal Information is involved.

Access to Personal Information
Where appropriate, Buffer will provide you with access to the Personal Information that we maintain about you. Buffer will also correct, amend or delete Personal Information that we maintain about you when it is inaccurate or has been processed in violation of the Principles and you send a written request to us using the information provided in the “Contact Information” section below. We will review your request in accordance with the Principles, and may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Principles.

When we process Personal Information on behalf of our commercial customers, our commercial customers control the type of information we obtain, how that information is used and disclosed, and how it can be modified. Accordingly, if you wish to request access, limit use or disclosure of your Personal Information, please contact us using the information provided in the “Contact Information” section below.

Recourse and Enforcement
We conduct an annual self-assessment of our Personal Information practices to verify that the attestations and assertions made in this Policy are true and have been implemented as represented.

If you have any questions or concerns, we encourage you to write to us at the address listed below. We will investigate and attempt to resolve any complaints or disputes regarding our use and disclosure of Personal Information in accordance with the Principles. Within the scope of this privacy notice, if a privacy complaint or dispute cannot be resolved through Buffer, Inc.'s internal processes, Buffer, Inc. has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe under the Privacy Shield Dispute Resolution Procedure, please submit the required information to VeraSafe here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/.

Privacy Shield Policy Changes
This Policy may be changed from time to time, consistent with the requirements of the Frameworks. You can determine when this Policy was last revised by referring to the “Last Updated” legend at the bottom of this Policy. Any changes to this Policy will become effective when posted to our website.

Contact Information
If you have questions, concerns, or complaints about this Privacy Shield Policy or Buffer's privacy practices, or if you would like to exercise your rights and choices with regard to your Personal Information, please contact us by email at hello@buffer.com or write to us at the following address:

Buffer Inc
2243 Fillmore St #380-7163
San Francisco, CA 94115
United States

If you have any thoughts or questions about this Privacy Policy please let us know.

Last updated: July 29, 2019

Reporting an issue

We know how much work goes in to pen testing! To avoid frustration, you can check out these common non-vulnerabilities that don't qualify for rewards.

Also, the following subdomains are excluded from the scope of our reward program:

• jobs.buffer.com
• journey.buffer.com

Got a valid issue? Awesome! Please include:

• A summary of the problem
• A severity rating of 1 - 5 (1 being least severe, 5 being most ie. you can easily hijack, impersonate or access any other account or data)
• A PoC or breakdown of how to replicate the issue
• The operating system name and version as well as the web browsers name and version that you used to replicate the issue

Please email any issue you'd like to report to security@buffer.com

GPG Encryption

If you plan to provide access tokens, secure cookies or sensitive data/logs as an example, we kindly ask you to let us know and we will provide our GPG public key to you.

Rewards

We're eternally grateful for all of those who put in hard work to identify weaknesses within Buffer. For reports that are not common non-vulnerabilities, we like to reward those who responsibly disclose vulnerabilities with an acknowledgement, swag or bounty money.

Acknowledgements

We appreciate the work that goes into finding and disclosing security flaws in Buffer and would like to thank the following individuals and organizations:

• Sakurity - Security Consulting
• Eugen Lague
• Muztahidul Islam Tanim
• Parth Manek
• Sanjay Venkatesan
• Ranjeet Kumar Singh
• Mohd Asif Khan
• Aloïs Thévenot
• Harsha Boppana
• Jayson Zabate
• Scott Arciszewski & Taylor Hornby
• Akhilreni
• Manish Bhattacharya
• Jayvardhan Singh
• Ali Hassan Ghori
• Muhammad Talha Khan
• Parichay Rai
• Sumit Saini & Jeet Jaiswal
• Kamil Sevi
• Manjesh S
• Osanda Malith Jayathissa
• Nakul Mohan
• Lynx
• Jerold Camacho
• Mahmoud El-Said El-Naggar
• Siddhesh Gawde
• Sai Kiran
• Evan Ricafort
• WEB PLUS
• Dushyant Sahu
• Gopinath Madurai
• Abdullah Hussam Gazi
• Aditya Agrawal
• Rodolfo Godalle, Jr
• Ch. Muhammad Osama
• Karthickumar Ramanathapuram
• Sunil Dadhich
• Sachin Wagh
• Osama Mahmood
• Mohamed A. Baset
• Bhaskar Borman
• Faisal Ahmed
• Manish Bhandarkar
• Germán Sánchez Garcés
• Shahmeer Amir
• Mohammed Fayez Albanna
• Alonso Torres Cerdas
• Abhiram
• Huzaifa Jawaid
• Mazen Gamal Mesbah
• Shikhil Sharma
• Prayas Kulshrestha
• Ajay Singh Negi
• Prashant Negi
• Mahipal Singh Rajpurohit
• Narendra Bhati
• Hardik Tailor
• Amit Gandhi
• Yakup Yavaş
• Ranjeet Singh
• Abhibandu Kafle
• Abdul Haq Khokhar
• Madhu Akula
• KoF2002 & Sr33h4r
• Mygapu Vandana
• MD MIHIR MISTRY
• Apoorv Joshi
• Satheesh Raj
• Robert Villalon
• Frans Rosén
• Vance Lucas
• Ashesh Kumar
• Sangeetha Rajesh S
• Kiran Karnad
• Ali Kabeel
• Shivam Kumar Agarwal, Nithish Varghese and Sahil Srivastava
• Abdul Rehman
• M.Asim Shahzad
• Koutrouss Naddara
• Hammad Mahmood
• Yash Pandya
• Ryan Sorensen
• Ala Arfaoui
• Raghav Bisht
• Ahmed Y. Elmogy
• Sumit Sahoo
• David Dworken
• Roman Khafizianov
• C. Vishnu Vardhan Reddy
• Sane Sindhuja Reddy
• Waqeeh Ul Hasan
• SaifAllah benMassaoud
• Adam Enger
• Waqar Vicky
• Nadi Abdellah
• Malik Nouman
• Shawar Khan
• Pratap Chandra
• Karim Rahal
• Othmane Tamagart aka 0thm4n@WhiteHatSecurity
• Mikael Byström
• Hammad Qureshi
• Yogesh Modi
• Arbin Godar
• Mohammed Abd Elmageed Eldeeb
• Kunal Arora
• Harish Kumar V
• Mansoor Gilal
• Atik Rahman
• Vladimir Jirasek
• Ajay Kulal
• Swapneil Dash
• Dipak kumar Das (Instasafe Technology)
• Yogendra Jaiswal
• Jon Bottarini
• Bikash Paudel
• Jolan Saluria
• Sreedeep Ck Alavil
• Ace Candelario
• Amal Jacob
• Memon Faisal
• Sreejith Sreenivas AS
• Laishaj BM
• Md Nur A Alam Dipu
• Thrivikram Gujarathi
• Youssef ABYAA
• Oliver Fish
• Ismail Tasdelen
• Ari Apridana
• Aman Shahid
• Christopher Dait
• B.Dhiyaneshwaran
• Sameer Phad

Last updated: April 22, 2020

This policy covers all personal customer data that we hold or have control over. This includes physical personal data such as hard copy documents, contracts, notebooks, letters and invoices. It also includes electronic personal data such as emails, electronic documents, audio and video recordings. In this policy we refer to this information and these records collectively as “data”.

This policy does not cover non-personal data, including data that is anonymized. Such data is not subject to a data retention schedule.

This policy covers data that is held by third parties on our behalf, for example cloud storage providers or offsite records storage. It also covers data that belongs to us but is held by employees on personal devices.

This policy applies to all Buffer entities.

Record Retention Schedule

Buffer establishes retention or destruction schedules or procedures for specific categories of data. This is done to ensure legal compliance (for example with our data protection obligations) and accomplish other objectives, such as protecting intellectual property and controlling costs.

Buffer will comply with the retention periods listed in the record retention schedule below, in accordance with our Data Retention Policy.

If you become aware of any changes that may affect the periods listed below or if you have any other questions about this record retention schedule, please contact the Data Protection Officer. Retention periods generally are expressed in terms of the number of calendar years to be added to the current calendar year. For example, since we are classifying our policy as 2 years, a record generated during 2019 should be retained during the remainder of 2019, as well as through 2020 and 2021, and then destroyed at the end of 2021.

How long we retain information for active customers

Buffer does not permanently store Content from Social Networks. When you use our Service you are permitted to upload content to the Service, including social media posts and other content which may include messages, reviews, photos, video, images, data, text, and other types of works (“User Content”). We will store User Content for up to 24 months and we will actively delete User Content that is older than 24 months. This includes User Content used in publishing social media posts, generating analytics, and conversations with customers.

Deleting User Content from our Service does not mean that the Content is deleted from your Social Networks. User Content may continue to exist on the Social Networks and you will need to contact the relevant Social Network directly if you want to remove this Content.

How we will define an inactive account:

For Publish, we consider your last active date to be when you last scheduled a post.

For Analyze, we consider your last active date to be when you loaded a page.

Note: Deleting accounts will happen at the global account level. Therefore, we will look at a user's combined state across all products before deleting an account. For example, if a customer is still actively using at least one Buffer product (i.e. Publish, Analyze) we will not delete their global account until it has been inactive for a 2 year period across all products.

Notification: In general, we will aim to give users at least a 7 day notice before deleting their data. After a user is notified, if they become active we will not delete their account.

Last updated: September 23, 2020

THESE API TERMS (“TERMS”) IS A LEGALLY BINDING AGREEMENT BETWEEN BUFFER, INC. (“BUFFER”) AND THE LEGAL ENTITY YOU REPRESENT (“YOU”). IF YOU USE OR ARE ENGAGING IN ACTIVITIES UNDER THESE TERMS FOR A BUSINESS OR CORPORATE ENTITY (“COMPANY”), WHETHER AS AN EMPLOYEE OR CONTRACTOR, THE TERM “YOU” INCLUDES, AND THE TERMS AND CONDITIONS HEREOF ARE BINDING ON, BOTH YOU AS AN INDIVIDUAL AS WELL AS SUCH COMPANY. IN ADDITION, YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO BIND SUCH COMPANY, AND THAT SUCH COMPANY HAS AUTHORIZED YOU TO ACCEPT THE TERMS OF THESE TERMS ON ITS BEHALF.

BUFFER IS WILLING TO PROVIDE A LICENSE TO ITS API AND API MATERIALS (EACH DEFINED BELOW) TO YOU ONLY ON THE CONDITION THAT YOU ACCEPT, AGREE TO AND COMPLY WITH ALL OF THE TERMS AND CONDITIONS IN THESE TERMS. BY USING THE API, YOU ACKNOWLEDGE AND AGREE THAT YOU HAVE READ THESE TERMS, UNDERSTAND IT AND AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS. IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS YOU WILL NOT ACCESS, AND WILL ENSURE THAT YOUR CONTRACTORS WILL NOT ACCESS, THE API OR API MATERIALS.

1. Defined Terms

In addition to other terms that may be defined herein, the following terms, when capitalized and in singular or plural form, as appropriate, will have the meanings set forth as follows:

1. 1.1 Affiliates
   means any present or future corporation or other Entity that controls, is controlled by, or is under common control with a party (where control means (i) ownership of more than fifty percent (50%) of the shares, equity interest or other securities entitled to vote for election of directors, or (ii) the authority to direct management).
2. 1.2 API
   means an application programming interface that Buffer provides or otherwise makes available to You in connection with the API Materials or the Buffer Service provided hereunder.
3. 1.3 API Materials
   means the API, Documentation and Software collectively.
4. 1.4 Application
   means each software application You develop, or have developed on Your behalf by Your Contractor(s), with or in connection with the API Materials, which application is intended to be distributed for download and/or installation by end users for use on electronic devices or other consumer products.
5. 1.5 Buffer Service
   means the digital platform provided by Buffer that allows end users of an Application to interact with the Application.
6. 1.6 Contractor
   means Your independent contractor who develops and/or distributes an Application on Your behalf and who agrees to be bound by the terms of these Terms.
7. 1.7 Documentation
   means documentation that Buffer provides or otherwise makes available to You in connection with the API and Buffer Service.
8. 1.8 Entity
   means any corporation, general partnership, limited partnership, limited liability partnership, joint venture, estate, trust, limited liability company, firm, association, organization, or other legal entity.
9. 1.9 Intellectual Property Rights
   means copyright rights, trademark rights, patent rights, trade secrets, moral rights, right of publicity, right of privacy, authors' rights, contract and licensing rights, goodwill and all other intellectual property rights as may exist now and/or hereafter come into existence and all renewals and extensions thereof, worldwide.
10. 1.10 Key
    means a unique alpha-numeric code, issued by Buffer, specific to a particular Application that enables a particular feature or set of features in such Application.
11. 1.11 Software
    means (i) the software provided to You by Buffer and licensed under these Terms, including the software development kit(s) for the certain features; related libraries and headers; certain sample application(s) in human readable (source code) form or binary form; and (ii) additional software, if any, that Buffer provides to You. The contents of the Software may vary by feature and for platform specific versions.

2. License Grants

1. 2.1 License to API
   Subject to and conditioned upon Your compliance with the terms and conditions set forth in these Terms, Buffer hereby grants to You a personal, non-exclusive, non-sublicenseable (except as set forth below in Section 2.3), non-transferable, revocable license during the Term, to access and use the API Materials in accordance with the Documentation solely for the purposes of developing and testing an Application for use with the API and making the Application available to the public.
2. 2.2 Sublicense Rights
   Subject to and conditioned upon Your compliance with the terms and conditions of these Terms, Buffer hereby grants to You a personal, non-exclusive, non-sublicenseable, non-transferable, revocable license, during the Term to sublicense the license rights set forth in Section 2.2 solely to Your Contractors for the sole purpose of developing and distributing Applications on Your behalf, provided that (i) any sublicense rights granted to any such Contractor by You pursuant to this Section 2.3 may be granted on a single tier basis only, without further sublicense rights; and (ii) You will be responsible and liable for the acts and omissions of Your Contractors, including without limitation, their compliance with these Terms, as if such acts or omissions were Your own acts or omissions.
3. 2.3 Alpha/Beta Releases
   If the API Materials provided to You under these Terms are designated by Buffer as an “alpha” or “beta” release You acknowledge that any such API Materials are a prerelease or experimental version and may not be at the level of performance and compatibility of a final product. The API Materials may not operate correctly and may be substantially modified or withdrawn completely by Buffer. You will not, and will ensure that Your Contractors do not, do any significant development or testing using alpha or beta versions of the API Materials. Any development You undertake with an alpha or beta version of the API Materials is at Your sole risk.
4. 2.4 Copies
   In addition to any rights expressly provided above, subject to and conditioned upon Your compliance with the terms and conditions of these Terms, You may, and You may permit Your Contractors to, make a single copy of the Software only for backup purposes, provided that You (and/or Your Contractors, as the case may be) reproduce all copyright and other proprietary notices that are on the original copy of the Software. You will not, and will ensure that Your Contractors do not make more copies of the Software than specified in these Terms.
5. 2.5 Retention of Rights
   The API Materials are licensed and not sold to You. You acknowledge and agree that nothing in these Terms will convey, assign or otherwise transfer to You, Your Affiliates or Your Contractors any title or ownership rights in any part of the API Materials or the Buffer Service.

3. Provision of API

1. 3.1 Your use of the API is subject to the use and rate limits posted by Buffer at https://buffer.com/developers/api. You are not permitted to access endpoints that are restricted and protected. If You have a need for a higher rate limit, You must request such higher rate limit, which Buffer will consider in its sole discretion.
2. 3.2 In any agreement of any kind that You use to distribute the Application, including, without limitation, any end user license agreement, You shall: (a) disclaim all liability and warranties on behalf of Buffer (which disclaimer may generally reference Your licensors and not include Buffer by name) and (b) not impose any liabilities or warranties on Buffer.
3. 3.3 Buffer reserves the right to modify the API and the API Materials, and to release subsequent versions of the API, in accordance with the remainder of this Section 3. You acknowledge and agree that You may be required to obtain and use the most recent version of the API in order for Your Application to continue to function with the API and the Buffer Service.
4. 3.4 Buffer reserves the right to modify, suspend or discontinue the API and the Buffer Service at any time without notice or liability to You.
5. 3.5 You agree to provide Buffer with access to Your Application and other materials related to Your use of the API as reasonably requested by Buffer in order for Buffer to verify Your compliance with these Terms. You agree that we may survey Your Application and You will not block or interfere with such efforts.
6. 3.6 Buffer has no obligation to provide users or end users of Your Application with support, software upgrades, enhancements or modifications to the API. You acknowledge and agree that You are solely responsible for providing user and end-user support and any other technical assistance for Your Application.

4.  License Grants

1. 4.1 Permissions
   You represent and warrant to Buffer that You have obtained all necessary rights, permissions and licenses, if any, in content, material, data, or code appearing, used, stored, recorded or displayed in or using any of the Applications and that the Applications will be in full compliance with all terms of applicable platform requirements (e.g., terms imposed by Apple and Google on developers and parties utilizing their respective technology platforms, marketplaces, etc.).
2. 4.2 Application Restrictions
   You agree that You will not, and Your Contractors will not, directly or indirectly:

• a) modify, adapt, translate, decompile, disassemble, reverse engineer, reverse assemble, analyze or otherwise examine, prepare derivative works of, modify, or attempt to derive source code from the Buffer Service or API;
• b) include any viruses, worms, Trojan horses or any other harmful code that could, in Buffer's sole discretion, affect the Buffer Service or API;
• c) copy, distribute, reproduce, sell, resell, lend, lease, rent, use, or allow access to the Buffer Service or API Materials except as explicitly permitted under these Terms;
• d) use any content available through the API to populate any other sites, applications or services or to create a service substantially similar to the Buffer Service;
• e) interfere or attempt to interfere in any manner with the proper functioning of the Buffer Service or API;
• f) use the Buffer Service or API for any illegal or unauthorized purpose, including the unlawful distribution of the API Materials or the infringement, violation or misappropriation of any third party's Intellectual Property Rights or other proprietary rights;
• g) remove, obscure, or alter any notice of patent, copyright, trademark or other proprietary right appearing on the Buffer Service or in any API Material;
• h) access any undocumented feature of the API, or use any documented feature of the API other than for its intended purpose;
• i) attempt to conceal Your personal identity or Your Application's identity when requesting authorization to use the API;
• j) knowingly use the Buffer Service or API in a manner that adversely impacts the stability of Buffer's servers or the Buffer Service or adversely impacts the performance of the Buffer Service or API for other clients or applications using the Buffer Service or API, in Buffer's sole determination;
• k) use the API in such a way that knowingly harms, misuses, or brings into disrepute the Buffer Service or Buffer's brands, trademarks, logos or names;
• l) exceed the amount of bandwidth, storage or processing power as determined by Buffer in its sole discretion or use the API in a manner that exceeds any quota limitations as set by Buffer in its sole discretion;
• m) include content or materials (text, graphics, images, photographs, video, sounds, etc.) in Your Application that comprise, constitute or depict any of the following: (i) profanity, nudity, pornographic or obscene images or explicit sexual themes; (ii) defamatory, libelous, racist or discriminatory statements; (iii) material that is unnecessarily violent or dangerous to use; or (iv) material that is illegal or objectionable;
• n) conduct any benchmark or stress tests, cause or permit automated queries on the API, or publish any performance data relating to the API or the Buffer Service.

1. 4.3 License to Buffer
   You hereby grant to Buffer and Buffer's Affiliates a non-exclusive, royalty-free, worldwide license during the Term under all of Your Intellectual Property Rights, to use, reproduce, display, and execute all of Your Applications for (i) internal review and the development and testing of the API; and (ii) demonstrations of such API, its capabilities or functionalities, to third parties. Further, Buffer and its Affiliates may display in any media whatsoever Your name, the name of the Applications and any marks or logos associated with the Applications for purposes of marketing and promoting Your Application and the products and services of Buffer and its Affiliates.

5. Provision of API

1. 5.1 The licenses to the Software granted to You hereunder are solely for the limited purposes set forth in Section 2 (License Grants). The Software, including, without limitation, the Documentation, shall not be used for any other purpose or use.
2. 5.2 Except as expressly permitted in Section 2, You must not, and must ensure that Your Contractors do not, reproduce, distribute, publicly perform, publicly display or create derivative works of or based on the Software, or disclose, rent, lease, loan, provide or otherwise transfer, in any manner, to any third party the Software, Documentation or any portion thereof.
3. 5.3 Excepting any portions of the Software provided to You in source code format, and excepting any third party code distributed with the Software that is licensed under contrary terms, You will not reverse engineer, disassemble, decompile, or translate the Software or any portion thereof, or otherwise attempt to derive the source code version of the Software, except if and to the extent expressly permitted under any applicable law. If applicable law expressly permits such activities, any information so discovered or derived shall be deemed to be the confidential proprietary information of Buffer and must be promptly disclosed by You to Buffer.
4. 5.4 You must not, and must ensure that Your Contractors do not, access or use for any purpose any API other than such APIs as are expressly described in the Documentation.
5. 5.5 You must not, and must ensure that Your Contractors do not, use the Software to create or develop any developer tools (including without limitation plug-ins and middleware) or any software other than end-user targeted Applications.
6. 5.6 You must not, and must ensure that Your Contractors do not, use any part of the API and Buffer Service to do anything which degrades or otherwise negatively impacts Buffer's product or services.
7. 5.7 You must not, and You must ensure that Your Contractors do not subject any portion of the API Materials, Software, or any Buffer intellectual property right to the terms of any “open source” license, including a license that requires, as a condition of use, modification, or distribution of technology subject to such license, that such technology or other technology combined or distributed with such technology: (a) be disclosed or distributed in source code form; (b) be licensed for the purpose of making derivative works; or (c) be redistributable at no charge.

6. Feedback

You agree to report promptly to Buffer all bugs You or Your Contractor encounter with the API or Software, along with Your logs, steps to reproduce such bugs, and experiences regarding the performance and use of the Buffer Service. All data, feedback and other information related to or in connection with the API however learned and by whomever collected or provided (collectively, “API Performance Data”), are, as between Buffer and You, the confidential and proprietary information of Buffer and subject to Section 8 (Confidentiality). API Performance Data may be used by Buffer for any purpose without payment or attribution to You.

7. Privacy; Data Collection and Use

1. 7.1 Data, Non-Interference and Right to Use
   You understand that the API may collect and send certain data to Buffer (hereinafter “Data”). You understand and agree that You, and entities working on Your behalf, will not alter, surveil, intercept, inhibit, direct, or otherwise interfere with the transmission of Data to Buffer and its Affiliates in connection with the API. You further agree that You and those working on Your behalf, will not directly access any Data that is stored in a private data store by the API Materials on an end user's device, apart from any access provided by Buffer. You agree that Buffer may use the Data: (a) to provide the API and the Buffer Service to You and Your end users, (b) to improve, optimize, troubleshoot, and create bug fixes for the API, and (c) for Buffer's business purposes, including without limitation (i) facilitating the provision of new products, updates, enhancements and other services, (ii) improving the Buffer Service, and (iii) providing new products, services or technologies to You, Your end users, and customers of Buffer and its Affiliates. Buffer will make commercially reasonable efforts to cooperate with You so that you can satisfy any obligations you may have to Your end users under applicable data privacy laws concerning access, correction and deletion rights.
2. 7.2 Privacy Compliance
   You represent and warrant that the use and distribution of each Application and Your Privacy Policy(ies) comply, at a minimum, with all applicable laws, rules or regulations, in each jurisdiction in which the Application is distributed (collectively, “Laws and Regulations”) including, without limitation, ensuring that the Application does not violate or infringe any privacy, data protection, information security or other similar legal rights of Application end users. You will be solely responsible for ensuring Your compliance with the Application's Privacy Policy, and that use of the Application, and the terms related to use of the Application by end users, do not conflict with and are not inconsistent with applicable Laws and Regulations.

8. Confidentiality

You hereby acknowledge and agree that the API Materials, API Performance Data and all related information, are confidential and proprietary to Buffer. Except as expressly permitted in these Terms, You will not, and will ensure that Your Contractors do not, disclose, or permit the disclosure of, any confidential or proprietary information of Buffer in any form or any information relating thereto to any third party without Buffer's prior written permission. You may not use any Buffer confidential or proprietary information for any purpose except to the extent expressly permitted in these Terms. You further acknowledge and agree that any unauthorized use or disclosure of the API Materials and such other Buffer confidential or proprietary information may cause irreparable harm and significant injury to Buffer that would be difficult to ascertain or quantify. Accordingly, You agree that Buffer will have the right without posting bond or proof of future damages to seek and obtain injunctive or other equitable relief to enforce the terms of these Terms and without limiting any other rights or remedies that Buffer may have.

9. Disclaimer of Warranties; Limitation of Liability.

1. 9.1 DISCLAIMER OF WARRANTIES
   YOU EXPRESSLY ACKNOWLEDGE AND AGREE ON BEHALF OF YOURSELF AND YOUR CONTRACTORS THAT THE USE OF THE API MATERIALS AND BUFFER SERVICE (COLLECTIVELY, THE “SOLUTION”) IS AT YOUR SOLE RISK. THE API AND BUFFER SERVICE AND TECHNICAL SUPPORT, IF ANY, ARE PROVIDED “AS IS” AND WITHOUT ANY WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, BUFFER, ITS SERVICE PROVIDERS, LICENSORS AND EACH OF THEIR RESPECTIVE AFFILIATES, SPECIFICALLY DISCLAIMS ANY AND ALL STATUTORY OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. BUFFER AND ITS LICENSORS DO NOT REPRESENT OR WARRANT THAT THE FUNCTIONS CONTAINED IN THE API AND BUFFER SERVICE WILL MEET YOUR REQUIREMENTS, OR THAT THE OPERATION OF THE API AND BUFFER SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT DEFECTS IN THE API AND BUFFER SERVICE WILL BE CORRECTED.
2. 9.2 LIMITATION OF LIABILITY
   TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, UNDER NO CIRCUMSTANCES, INCLUDING WITHOUT LIMITATION NEGLIGENCE, WILL BUFFER, ITS AFFILIATES, SERVICE PROVIDERS, LICENSORS OR ANY OF THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES OR AGENTS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO ANY DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION AND THE LIKE) ARISING OUT OF OR IN CONNECTION WITH OR RELATED TO THESE TERMS OR ANY DOWNLOAD, INSTALLATION OR USE OF, OR INABILITY TO USE, THE API AND BUFFER SERVICE, EVEN IF BUFFER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BUFFER'S CUMULATIVE LIABILITY ARISING FROM THE SERVICES, PRODUCTS AND SOFTWARE PROVIDED HEREUNDER, WHETHER FOR BREACH OF CONTRACT, WARRANTY, NEGLIGENCE, STRICT LIABILITY IN TORT, INDEMNIFICATION, CONTRIBUTION, OR OTHERWISE, WILL BE LIMITED TO THE DIRECT DAMAGES RECOVERABLE UNDER LAW, BUT NOT TO EXCEED $100 USD. YOU HEREBY RELEASE BUFFER, ITS AFFILIATES, SERVICE PROVIDERS, LICENSORS AND EACH OF THEIR RESPECTIVE AFFILIATES, FROM ANY AND ALL OBLIGATIONS, LIABILITIES, AND CLAIMS IN EXCESS OF THIS LIMITATION. ALL CLAIMS BY YOU, WHETHER IN TORT, CONTRACT, STRICT LIABILITY OR OTHERWISE, MUST BE BROUGHT WITHIN TWO YEARS FROM THE DATE THE CAUSE OF ACTION ACCRUES. THIS LIMITATION OF LIABILITY CONSTITUTES AN ESSENTIAL PART OF THESE TERMS. This provision applies notwithstanding any contrary provision in these Terms.

10. Indemnity

You agree to indemnify and hold harmless Buffer, its Affiliates and licensors, and each of their respective officers, directors, employees, agents and successors and assigns (each, a “Buffer Indemnitee”), from and against any and all claims, actions, suits, demands, causes of action, losses, liabilities, damages, costs and expenses, incurred or otherwise suffered by each Buffer Indemnitee (including but not limited to costs of defense, investigation and reasonable attorneys' fees) arising out of, resulting from or related to (i) the download, installation, duplication, storage, execution, display, performance, making of derivative works, use or distribution or transfer of any Application or related documentation or any content or materials or derivative works or products used by or in the Applications by any person or entity (except and solely to the extent such infringement is directly caused solely by the unmodified API Materials, or portions thereof, as supplied to You by Buffer under these Terms); (ii) any breach of these Terms, including in particular any breach of Section 4.3 or Section 7, by You or Your Contractors; and/or (iii) any use, reproduction or distribution of the API Materials, as modified or integrated by You, or by Your Contractor on Your behalf, which causes an infringement of any patent, copyright, trademark, trade secret, or other intellectual property, publicity or privacy right of any third parties arising in any jurisdiction anywhere in the world (except and solely to the extent such infringement is directly caused solely by the unmodified API Materials, or portions thereof, as supplied to You by Buffer under these Terms). If and as requested by Buffer, You agree to defend, at Your cost, each Buffer Indemnitee in connection with any third party claims, demands, or causes of action resulting from, arising out of or in connection with any of the foregoing; provided that You will not settle any claim, action or suit without the prior written consent of Buffer. Buffer HAS NO OBLIGATION TO DEFEND, INDEMNIFY OR HOLD YOU OR YOUR CONTRACTORS HARMLESS UNDER THESE TERMS.

11. Use of Name and Trademarks

The API Materials may embed the trade names, trademarks, service marks, logos domain names and other distinctive brand features of Buffer, its Affiliates or third parties (“Marks”). When such attribution is embedded, such as a “powered by” logo included in the user interface or when otherwise required by Buffer, You must, and You will ensure that Your Contractors, display it as provided or otherwise described in the API Materials or other instructions provided by Buffer and may not delete or in any manner alter these Marks. Except as set forth in the preceding sentence, You will not, and will ensure that Your Contractors do not, display or make any use of Buffer or its Affiliates' names, marks or logos in connection with the Application without the prior written approval of Buffer. All permitted uses of the Marks must be in accordance with Buffer's trademark usage guidelines (as may be updated from time to time by Buffer), available from Buffer upon written request. You will not, and You will ensure that Your Contractors do not, display the Marks in any manner that falsely expresses or implies that the Application or any content transmitted via the Application is sponsored or endorsed by Buffer. Buffer has the right to monitor the quality of all of Your Applications and has the right to take all action that it deems necessary to ensure that Your activities under and uses of the Marks are consistent with the reputation for quality and prestige of products bearing and service performed under the Marks.

12. Term and Termination; Survival.

1. 12.1 Term and Termination
   These Terms will be effective upon acceptance by You and will continue until terminated as provided herein (the “Term”). You may terminate the Agreement at any time by deleting and destroying all copies of the API Materials, API Performance Data and all related information in You or Your Contractor's possession or control. The licenses granted to You by Buffer will terminate immediately and automatically, with or without notice, if You or Your Contractor fail to comply with any provision hereof. Additionally, Buffer may at any time terminate these Terms, either with or without cause, upon notice to You.
2. 12.2 Survival
   Sections 1 (Defined Terms); 2.7 (Retention of Rights); 5.7 (Feedback); 7 (Privacy; Data Collection and Use); 8 (Confidentiality); 9 (Disclaimer of Warranties; Limitation of Liability); 10 (Indemnity); 12.1 (Term and Termination); 12.2 (Survival); and 13 (Governing Law; Venue) through 19 (Miscellaneous) will survive the termination of these Terms.
   13. Governing Law; Venue
   These Terms is governed by and interpreted in accordance with the laws of the state of California, United States of America, without giving effect to its conflict of laws provisions. Except as set forth in Section 15 (Dispute Resolution), any claim, lawsuit or proceeding arising out of or related to these Terms must be brought exclusively in the state or federal courts of San Francisco, California and You hereby consent to the exclusive jurisdiction and venue of such courts.

14. Severability

If any provision (or portion of a provision) of these Terms will be held to be illegal, invalid, or unenforceable, the legality, enforceability or validity of the remaining provisions (or portion of the applicable provision) of these Terms will not be affected.

15. Arbitration

Except for the right of either party to apply to a court of competent jurisdiction for a temporary restraining order, a preliminary injunction, or other equitable relief to preserve the status quo or prevent irreparable harm, any dispute as to the interpretation, enforcement, breach, or termination of these Terms will be settled by binding arbitration in San Francisco, California, under the Rules of the American Arbitration Association by three arbitrators appointed in accordance with the Rules. If there is a conflict between the Rules and the terms of these Terms, the terms of these Terms will prevail. All other disputes will be resolved by a court specified in Section 13. Judgment upon the award rendered by the arbitrators may be entered in any court of competent jurisdiction. The prevailing party will be entitled to receive from the other party its attorneys' fees and costs incurred in connection with any arbitration.

16. Export Compliance Assurances

You acknowledge that all API Material obtained from Buffer and Your Applications are subject to the US government export control and economic sanctions. You represent and warrant that You, Your Contractors and Your Affiliates will not directly or indirectly export, re-export, transfer or release any Application to any destination, person, entity or end use prohibited or restricted under US laws without respective prior US government authorization to the extent required by applicable regulation.

17. Compliance with Laws

You will, and will ensure that Your Contractors will, abide by all applicable local, state, national, and foreign laws, treaties and regulations in connection with Application(s) and Your use of the API.

18. No Third Party Rights

The parties agree and confirm their mutual intention that neither these Terms nor any of the terms of these Terms will be enforceable by any person or entity not a direct party to it. Notwithstanding that any term of these Terms may be or may become enforceable by a person who is not a party to these Terms, the terms and conditions of these Terms may be modified or amended, or these Terms may be suspended, cancelled, rescinded or terminated by the parties as provided in Section 19.3 without the consent of any such third party.

19. Miscellaneous.

1. 19.1 Entire Agreement
   These Terms constitute the entire and exclusive agreement between Buffer and You with respect to the API, the API Materials, and the Buffer Service and supersedes all prior agreements (whether written or oral) and other communications between Buffer and You with respect to the API Materials.
2. 19.2 No Assignment
   You will not, and will ensure that Your Contractors do not, delegate, transfer or assign these Terms or any of the rights, duties or obligations hereunder (whether voluntarily, by operation of law, or otherwise) without Buffer's prior written consent. Any attempted assignment, transfer or other delegation without such consent will be null and void and will constitute a material breach. Buffer may assign this agreement at any time without obtaining Your consent. Subject to the foregoing, these Terms will be binding upon and inure to the benefit of the parties and their permitted successors, transferees, and assignees.
3. 19.3 Amendement
   Except to the extent that Buffer is expressly precluded by applicable law, Buffer further reserves the right to make changes to these Terms by providing You with reasonable notice of the changes (e.g., which notice may be sent to You via e-mail at the address You provided during registration or posted on the Buffer developer website). You will be responsible for reviewing and becoming familiar with any and all such changes. If You or Your Contractors continue to use any portion of the API and Buffer Service after notice of any changes has been provided or posted, You will be deemed to have accepted any and all such changes.
4. 19.4 Interpretation
   The headings appearing at the beginning of the Articles and Sections contained in these Terms have been inserted for identification and reference purposes only and must not be used to construe or interpret these Terms. Whenever required by context, a singular number will include the plural, the plural number will include the singular, and the gender of any pronoun will include all genders. Any reference to any agreement, document, or instrument will mean such agreement, document, or instrument as amended or modified and in effect from time to time in accordance with the terms thereof. Whenever the words “include,” “includes,” or “including” are used in these Terms, they will be deemed to be followed by the words “without limitation.” Whenever the words “hereunder,” “hereof,” “hereto,” and words of similar import are used in these Terms, they will be deemed references to these Terms as a whole and not to any particular Article, Section or other provision hereof. The word “or” is used in the inclusive sense of “and/or.” The terms “or,” “any” and “either” are not exclusive.