Automate IT and infrastructure, manage complex workflows, and mitigate risk at scale.
Try the full-featured Puppet Enterprise for free on 10 nodes.
Find and prevent compliance failures
Continuous Delivery for Puppet Enterprise
Build, test, and deploy infrastructure as code faster and easier
Compliance Enforcement Modules
Remediate to stay in compliance
Content & Modules
Pre-built scripts to automate common tasks
Get Puppet Enterprise
First 10 nodes are free!
Try it now
Request a demo
Find thousands of component modules built by the community and guidance on using them in your own infrastructure.
Visit Puppet Forge >>
Open Source Puppet
Perfect for individuals and small infrastructure
Automate tasks in orchestration workflows
See all open source projects >>
Contribute to open source projects >>
Last Updated on March 14, 2022
Who does this policy apply to?
This policy applies to:
We may collect personal data from customers both online and offline. Online, we may collect information through our Site, an affiliated site (such as a promotional microsite linked to our site), a Puppet page on a community website (such as Facebook, LinkedIn, Twitter, or the like) or through similar online avenues. In many cases, such information will be collected directly from you, such as through a transaction or inquiry (including via a telephone call) or your submission of a form, registration or communication to us. Information may also be gathered from our affiliates and from third-party sources including without limitation:
We may combine data collected from these disparate sources. Please see below for more details.
We may disclose personal data you provide to our affiliates and to consultants, service providers, contractors, and channel partners that we use to support our business and operations (e.g., delivery services, financial institutions, fulfillment services, technical support, advertising, public relations, media and marketing services, competitions and contest-related services, e-commerce and other web-related services such as web hosting and web monitoring services and event-related services such as online and offline data capture) who have agreed to keep the information confidential and use it only to provide the applicable service(s). In some cases, we work with other companies who help to gather information from you or help us to communicate with you. Where consultants, service providers and consultants process the personal data of EU or UK users outside the European Economic Area, and in particular in the United States our policy is to have an appropriate legal mechanism in place to ensure that transfer of personal data is in compliance with European and UK data protection law, typically model clauses or standard contractual clauses.
Where the law allows it, we may share customers’ personal data with affiliates or selected third-party partners to enable them to market their or other selected third parties’ products and services to you.
We may also disclose personal data to third parties (including, without limitation, governmental agencies) if required to do so by law, regulation or court order; to respond to governmental and/or law enforcement requests; to identify, contact or bring legal action against someone who may be causing injury to or interfering with our (or others’) rights or property; to support any actual or threatened claim, defense or declaration in a case or before any jurisdictional and/or administrative authority, arbitration or mediation panel; or in connection with disciplinary actions/investigations. Likewise, we may disclose or transfer personal data to third parties in connection with the sale, assignment or other transfer of our business.
We may make full use of all information that is de-identified or otherwise not in personally identifiable form.
We retain personal information for as long as we have a lawful basis to keep it; this includes when we require it in order to meet our contractual obligations, to establish or defend our legal rights or resolve any legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
We take appropriate steps to protect personal data from loss, misuse and unauthorized access, disclosure, alteration or destruction, whether in transmission or storage. Please keep in mind, however, that there is no such thing as perfect security, and no Internet transmission is ever completely secure or error-free. Moreover, you are responsible for maintaining the confidentiality of any username and password you use.
Puppet wants to keep in touch with you in ways that you find to be beneficial. If you don’t want Puppet to use your contact information to communicate with you for promotional purposes (such as to tell you about other products and services that might be of interest), please tell us that when you provide your contact information, or you can also let us know your preference later, by contacting us as specified in the “Contact Us” section below. Keep in mind that these preferences regarding promotional contacts do not mean that Puppet might not contact you for other reasons connected to the service you request or receive, such as those related to an order you placed, an inquiry you made, a newsletter to which you may have subscribed, a membership you undertook, an event for which you registered, a legally required notice and so on.
As of January 1, 2020, the California Consumer Privacy Act provides specific rights to those who live in the state of California. If you are a California-based consumer, as that term is defined under California law, this section applies in addition to all other applicable rights and information contained in this Policy:
You may exercise your California privacy rights by:
You have the right under certain circumstances:
You may exercise the rights listed above at any time by completing this form or by contacting us at email@example.com.
If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html). The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data. You can visit their website at www.ico.org.uk.
The law requires that we verify any request submitted was made by someone with the legal right to access the information. Therefore, before accessing or divulging any information pursuant to a data subject access request, we may request that you provide us with additional information so we can verify your identity and legal authority.
To make a request, please complete this form or contact us at firstname.lastname@example.org with “Personal Information Request” in the subject line and provide full details about your request, including your contact information and anything you believe is relevant. We will provide a response to an access request within the timeframes required by law. If we cannot substantively respond in a timely manner, we will notify you and provide the reason for the delay.
Under certain circumstances, we may not fulfill your request, such as when doing so would interfere with our regulatory or legal obligations, when we cannot verify your identity, if your request involves disproportionate cost or effort, or where the law allows us to retain that information. Regardless, we will respond to your request within a reasonable time, as required by law, and provide an explanation.
308 SW 2nd Ave
Portland, OR 97204
Or at email@example.com.
Puppet, Inc. is the US-based parent company and is responsible for the operation and design of the Site and for setting global strategy of Puppet’s marketing activities and the selection and configuration of IT systems. Puppet, Inc. has subsidiaries in various countries including Puppet Labs Limited in the UK, Puppet Labs Australia Pty. Ltd. In Australia, Puppet Labs s.r.o. in the Czech Republic, Puppet Pte. Ltd. in Singapore, and Puppet Software GmbH in Germany.
Data protection law in the European Economic Area and the United Kingdom contains a number of “lawful bases” – which are really legal justifications which mean organizations like us are allowed to have your personal information in the first place. For our EU and UK users, we have been careful to ensure we have a lawful basis for all data we have. Our lawful bases include:
In certain circumstances, we need your personal data to comply with our contractual obligation to deliver Puppet software products and services. For example, if you want to use Puppet software products and order or download them through our Site, we need your name and contact details so we can communicate with you and provide the software.
Sometimes the law says we need to collect and use your data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement and tax laws require us to retain records of orders and payments for Puppet software and related services, which can include contact details at our corporate clients.
This is a technical term in data protection law which really means we have a good and fair reason to use your data and we do so in ways which do not hurt your interests and rights.
We sometimes require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we will send your promotional communications about our service, subject to your legal rights to control whether we do so.
We do analyze how users interact with our Site and the Puppet software so we can understand better what elements of the design are working well and which are not working so well. This allows us to improve and develop the quality of the online experience we offer all our users.
Where we talk about the different data we collect and how we use it in this policy, we aim to mention which lawful basis applies.
We collect personal data about our customers in a number of ways. In this section, we describe what types of personal data we collect, the ways we collect it and how we use it. While we have tried to be complete, this list is not necessarily exhaustive, given that these activities can vary from time to time. When we collect information, we will tell you at the point of collection what information is required and what information is optional.
The types of personal data collected by us include the following, depending on how you access or use our services:
We use the information to provide and promote our products and services to you, allow you to attend events and webinars and enter contests and promotions, maintain our business records and other purposes set out in our policy. Providing the information is not mandatory, but we do need to collect in order to do these things. We say in our online forms if any of the information we ask for is not required.
Note that using our website as a registered user enables information that is passively collected as you navigate the site to be associated with personal data actively collected from you on the site.
We, or our third party providers, also collect and use information automatically generated as users interact with the Site or our software products, which may include the browser and operating systems types and versions used, installer commands, web interface clicks, mouse gestures, data relating to the submission of online forms, IP addresses, and page views, URLs visited within our software products, error messages and related data about software errors, or session recordings (“Usage Data”). Puppet may use and share the Usage Data with third parties, like our cloud-based support management system to help Puppet improve the user experience of our software products and/or the Site.
The Site may also use IP addresses for the same purposes identified above, as well as to analyze trends, administer the site, track users’ use of our software products and gather broad demographic information for aggregate use.
We also engage one or more third party service providers to serve online advertisements on our behalf. They may use a “pixel tag” which triggers a cookie to collect information about your visits to the Site and to other websites, and they may use that information and share and combine it with other information with their partners to show you advertisements for goods and services you might be interested in on the Website and on other websites and apps and social media platforms like Facebook and LinkedIn including by observing the kinds of products and subject-matter you are interested in and certain demographic information about you.
We may use web beacons (also known as Internet tags or clear GIFs) on our websites to access and set cookies and otherwise help us to better understand how users are moving through our websites. Information provided by the web beacon includes the computer’s IP address, the type of browser being used and the time that the web beacon was viewed. We may also use web beacons in emails and newsletters so that we know when such communications have been opened and to otherwise help us tailor our communications to individual users.
We use personal data about customers in contexts that include the following: