Jump to content

Online Privacy Policy

Effective date: March 3, 2010

TRUSTe seal TRUSTe seal

Apptio, Inc. ("Apptio") is a licensee of the TRUSTe Privacy Program. TRUSTe is an independent, organization whose mission is to build user's trust and confidence in the Internet by promoting the use of fair information practices. This privacy statement covers the Web site www.apptio.com and the related hosted software application. Because this Apptio wants to demonstrate its commitment to your privacy, it has agreed to disclose its information practices and have its privacy practices reviewed for compliance by TRUSTe.

If you have questions or concerns regarding this statement, you should first contact Apptio using the following email address: . If you do not receive acknowledgement of your inquiry or your inquiry has not been satisfactorily addressed, you should contact TRUSTe at http://watchdog.truste.com/pvr.php?page=complaint&url= TRUSTe will then serve as a liaison with us to resolve your concerns.

EU Safe Harbor

Apptio complies with the EU Safe Harbor framework as set forth by the Department of Commerce regarding the collection, use, and retention of data from the European Union. Upon request and within 30 days Apptio will grant individuals reasonable access to personal information that it holds about them. In addition, Apptio will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. Please contact to change your personal information gathered on the Site.

Apptio participates in the EU Safe Harbor Privacy Framework as set forth by the United States Department of Commerce. As part of our participation in the safe harbor, we have agreed to TRUSTe dispute resolution for disputes relating to our compliance with the Safe Harbor Privacy Framework. If you have any complaints regarding our compliance with the Safe Harbor you should first contact us . If contacting us does not resolve your complaint, you may raise your complaint with TRUSTe by Internet at http://watchdog.truste.com/pvr.php?page=complaint&url=, fax at 415-520-3420, or mail at Watchdog Complaints, TRUSTe, 55 2nd Street 2nd Floor, San Francisco, CA, USA 94105. If you are faxing or mailing TRUSTe to lodge a complaint, you must include the following information: the name of company, the alleged privacy violation, your contact information, and whether you would like the particulars of your complaint shared with the company. For information about TRUSTe or the operation of TRUSTe's dispute resolution process, see http://watchdog.truste.com/pvr.php?page=complaint&url= or request this information from TRUSTe at any of the addresses listed above. The TRUSTe dispute resolution process shall be conducted in English. For human resources data we have agreed to cooperate with Data Protection Authorities. Any questions, comments or complaints about the data practices (including without limitation compliance with data privacy principles of notice, choice, onward transfer, access, security, data integrity, or enforcement) of an Apptio customer or partner for whom Apptio processes data should be addressed to that customer or partner.

Apptio has created this Privacy Policy to describe how we treat the information that we collect and receive from our users through the Apptio web site(s) our hosted software application ("Site"). By the accessing and the continued use of the Site you signify your explicit consent to these terms and conditions of our Privacy Policy. We may update this Privacy Policy from time to time as our services change and expand and we will notify you of such changes by posting them on the Site.

Information Collection and Use

We may collect contact information, such as your name, title, company name, address, phone number, and e-mail address and certain company information from visitors who wish to receive information about Apptio and its products and services. We use this information to provide you with information about the products and services that we provide and to send information regarding Apptio or its partners, such as newsletters, promotions and events.

We may require customers who register to use the services offered on our Site (collectively, the "Service") to give us contact information, such as their name, company name, phone number, and e-mail address, and we may also ask for additional information such as title, department name, fax number, and additional company information, such as mailing address, annual revenues, number of employees, or industry. Registered users can update or remove their account information at any time by logging into the Site and editing their account information.

Apptio uses the account information that we collect to set up the Service for individuals and their organizations. We may also use the account information to contact our registered users to further discuss customer interest in Apptio and the Service that we provide, and to send information regarding Apptio or its partners, such as newsletters, promotions and events. Except as we explicitly state at the time we request information, we do not disclose to third parties the information provided.

Registered users are required to provide an email address when registering for the Service, in order to receive a username and password. We may also email information regarding updates to the Service, and may send a Customer Newsletter via email which the recipient can opt out of receiving future Customer Newsletters by using the "unsubscribe" link at the bottom of the email. Registered users of the Service will be using the Site to host data and information ("Data"). Apptio will not review, share, distribute, print, or reference any such Data except as provided in your End User Subscription Agreement, or as may be required by law. Individual records may at times be viewed or accessed for the purpose of resolving a problem, support issue, or suspected violation of the End User Subscription Agreement, or as may be required by law. Users are responsible for maintaining the confidentiality and security of their user registration and password.

Apptio may also collect certain anonymous information, such as that pertaining to web pages viewed, to analyze trends, track users' movements, provide a better website experience and gather broad demographic information for aggregate use. This information is also used to help diagnose technical problems, and to administer our Site in order to constantly improve the quality of the Service.

Cookies

Like many websites, Apptio uses "cookies" to collect visitor information. Cookies are alphanumeric identifiers that we transfer to your computer's hard drive through your Web browser. They make it possible for us to recognize your browser when you visit and to tell us whether customers and visitors have visited the Site previously. If you have provided your name or other contact information to Apptio via a web form, we are able to link that information back to the cookie. This information may be used to provide you with information that we believe to be relevant to you based on your actions on our website.

Information Sharing and Disclosure

Apptio will not rent, sell, or share personal information about you with other people or nonaffiliated companies except, to provide the Services that you have requested, when we otherwise have your permission, or under the following circumstances:

  • We respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;
  • We believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Apptio's Terms of Use, or as otherwise required by law.
  • We transfer information about you if Apptio is acquired by, reorganized or merged with another company. In such an event, you will have the opportunity to ask not to receive promotional information following any such change of control.
  • We may utilize a third-party intermediary to manage the credit card processing. This intermediary would solely be a link in the distribution chain, and would not permitted to store, retain, or use the information provided, except for the sole purpose of credit card processing.

Access to Your Account Information and Updating Information

You have the right and ability to edit your account information, at any time. Registered users can update or remove their account information at any time by logging into the Site and editing their account information. You can also opt in or out of receiving future communications of special offers and new product information by sending us an email at , or you can unsubscribe by following instructions contained in the messages you receive. We do reserve the right to send you certain communications relating to the Service, such as service announcements and administrative messages, that are considered part of your account membership, and we do not offer you the opportunity to opt-out of receiving those messages.

Blogs

If you use a bulletin board or chat room on this site, you should be aware that any personally identifiable information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these forums.

Testimonials

We post customer testimonials on our web site which may contain personally identifiable information such as the customer's name. We do obtain the customer's consent prior to posting the testimonial to post their name along with their testimonial.

If you want to remove your personal information that is being displayed on our website under public pages please send your request to .

Security Overview

Our goal in Apptio InfoSec and Operations is to protect the confidentiality, integrity and availability of customer data, which we classify and handle at the highest policy level within our organization. Because of the kind of sensitive data we handle, Apptio takes security very seriously. We operate out of several geographically separated Tier 4 data centers; all of which have undergone a current SAS70 type II audit report. We utilize best practices with regards to security and process as outlined in the 27000 series by the ISO/IEC. We also comply with the EU Safe Harbor framework as set forth by the Department of Commerce regarding the collection, use, and retention of data from the European Union. Some of the resources we have in place to maintain a strong security posture and to provide for a robust and highly visible security infrastructure are firewalls, NIDS, HIDS, centralized log management and comprehensive alerting. Whether it is scale, security, or business continuity, the Apptio on demand solution has been architected and operated from the start to meet or exceed even the most stringent requirements of our enterprise customers. All of these measures – combined with SAS 70 (II) auditing in place for the Apptio platform – should assure any critical observer that their data is safe and secure in the Apptio service.

Data Center Physical Security

Apptio operates out of several geographically separated Tier 4 data centers. Both facilities include such physical features as a bullet-proof windowless exteriors, CCTV with video feed monitoring, temperature and humidity controls, monitored electrical systems, smoke detectors, locked and alarmed conduit boxes, separate power and communication cabling, power and networking redundancy, power surge protection and more.

These facilities have deployed a multi-layered physical security approach consistent with the requirements defined with Industry Standards. Physical access is controlled by photo badges, proximity access cards, biometric devices/mantraps, CCTV/DVRs, and alarms. Visitor access is strictly controlled and audited.

The 3 critical certifications or audit completions maintained by our data centers and used by Apptio:

  • SAS 70 Type II
  • PCI Security Standards Council Member
  • U.S. Commerce Department Safe Harbor Certification

A successful and active SAS70 Type II audit has been performed at all data centers, which includes a full audit and effective test of all security controls within the environment. These reports are available upon request.

Application Security

All Internet traffic requires HTTPS/SSL with AES-128/256 bit encryption and all application authentication is performed over this connection (For clients not able to utilize AES-128/256, RC4-128 is also allowed. Weaker or low encryption ciphers are not supported.) HTTPS Traffic is allowed over port 443 only and no other open or configured ports are externally available. User identification and password transfer is at login only, after which a cryptographically strong random token is used (complying with FIPS 140-2, Security Requirements for Cryptographic Modules). Account passwords are only stored in the database as a result of a one way cryptographic hash function.

Data Security

Strict policies and procedures have been developed, implemented and audited to ensure that your data is secure. All customer data is stored and logically separated on a redundant file system and is only accessible by the designated and unique application instance. This means that every application instance is unique to each customer and only has the ability to read/write to the customer data assigned to it.

Data Availability and Integrity

Apptio utilizes comprehensive methods for maintaining high availability to customer data. Because all of our data centers are run in an active state, BCP/DRP are regularly tested. This ensures a smooth transition of service in the event of a possible failure with any data center. We also employ strong backup and secure data snapshot methods to ensure full data recovery in the event of any catastrophic failure.

Updates

We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page.

Additional Information

If you have questions about this Privacy Policy or the Site, you can contact us at .

10900 NE 4th St., Suite 900
Bellevue, WA 98004