Try Basecamp for free Ready to try Basecamp?
No obligations, no credit card required.

Basecamp EU-US Privacy Shield & US-Swiss Safe Harbor policy

The privacy of your data—and it is your data, not ours!—is a big deal to us. We’ll only ever access your account to help you with a problem or squash a software bug. We’ll never open any uploaded files unless you ask us to. We log all access to all accounts by IP address, so we can always verify that no unauthorized access has happened for as long as the logs are kept.

This policy applies to personal data from the European Union and from Switzerland that is collected, used, and retained by us in the United States.

Identity & Access

When you sign up for Basecamp, we ask for your name, company name, and email address. That’s just so you can personalize your new account, and we can send you invoices, updates, or other essential information. We’ll never sell your personal info to third parties, and we won’t use your name or company in marketing statements without your permission, either.

You always have the right to access the personal information we store about you. And, if you wish to further limit our use of your personal information, please contact Jeremy Daer at privacyshield@basecamp.com.

Users of Basecamp can store any type of information in Basecamp, but Basecamp does not access or share that data, and does not know what type of data you or other users are storing. The data is only used by the account owner and invited users as they intend to use it.

When you write Basecamp with a question or to ask for help, we’ll keep that correspondence, and the email address, for future reference. When you browse our marketing pages, we’ll track that for statistical purposes (like conversion rates and to test new designs). We also store any information you volunteer, like surveys, for as long as it makes sense.

The only times we’ll ever share your info:

  • To provide products or services you’ve requested, with your permission.
  • To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.
  • If Basecamp is acquired by or merged with another company—we don’t plan on that, but if it happens—we’ll notify you well before any info about you is transferred and becomes subject to a different privacy policy.

Basecamp does not share individual’s personal data with non-agent third parties. If this policy changes in the future, we will notify individuals and provide them with an opportunity to opt-out of having their data shared.

Law Enforcement

While we may be required to disclose your personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, Basecamp won’t otherwise hand your data over to law enforcement unless a court order says we have to. We flat-out reject such other requests from local and federal law enforcement when they seek data without a court order. And unless we’re legally prevented from it, we’ll always inform you when such requests are made.

Encryption

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The database backups are also encrypted. Data isn’t encrypted while it’s live in our database (since it needs to be ready to send to you when you need it), but we go to great lengths to secure your data at rest—you can read more about that on our security page.

Cookies

In order to improve our services and the website, and provide more convenient, relevant experiences to you, we and our vendors may use “cookies”, “web beacons”, and similar devices to track your activities.

Third Parties

You understand that Basecamp uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to provide you with our services. A current list of vendors is available upon request.

In cases of onward transfer to these third parties for data of EU individuals received pursuant to the EU-US Privacy Shield, Basecamp is potentially liable should any issues or concerns arise.

Deleted Data

When you cancel your account, we’ll ensure that nothing is stored on our servers past 30 days. Anything you delete on your account while it’s active will also be purged within 30 days (up until then it’s available in the trash can).

EU-U.S. Privacy Shield Framework

Basecamp is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Basecamp complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. Basecamp has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

The Federal Trade Commission has jurisdiction over Basecamp’s compliance with the Privacy Shield.

US-Swiss Safe Harbor

Basecamp complies with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. Basecamp has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit https://2016.export.gov/safeharbor/swiss/index.asp.

EU-US and US-Swiss Privacy Complaints

In compliance with the EU-US Privacy Shield and US-Swiss Safe Harbor Principles, Basecamp commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Jeremy Daer at Basecamp at privacyshield@basecamp.com, or by mail at Basecamp, LLC, 30 North Racine Avenue #200, Chicago, IL 60607 USA. We will thoroughly investigate the matter internally and make every effort to attempt to resolve the issue quickly.

Basecamp has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit the BBB EU PRIVACY SHIELD at https://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. The services of BBB EU PRIVACY SHIELD are provided at no cost to you.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. For more information please see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

For US-Swiss Safe Harbor participants we have committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor Principles to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

Changes & Questions

Basecamp may update this policy once in a blue moon—we’ll notify you about significant changes by emailing the account owner or by placing a prominent notice on our site. You can access, change or delete your personal information at any time by contacting Jeremy Daer at privacyshield@basecamp.com, or by mail at Basecamp LLC, 30 North Racine Avenue #200, Chicago, IL 60607 USA.

Questions about this privacy policy? Please contact Jeremy Daer at privacyshield@basecamp.com, or by mail at Basecamp LLC, 30 North Racine Avenue #200, Chicago, IL 60607 USA, and we’ll be happy to answer them!