Privacy Policy

1. Introduction

This Privacy Policy (“Privacy Policy”) describes how Upland Software, Inc., and its subsidiaries (collectively referred to as “Upland,” “we,” “us,” or “our”) may collect, store, use, disclose, and otherwise process Personal Data, as defined below, when you visit our website(s) (collectively the “Sites”) or interact with us online, or through other means such as sales and marketing activities and events; and the rights and choices you may have regarding your Personal Data under applicable data protection law (“Data Protection Law”).

2. Who We Are and Roles

Upland is a provider of various cloud-based and on-premises enterprise work management software, and support and professional services (collectively the “Services”).

This Privacy Policy applies to when Upland’s acts as the controller (“Controller”) (or other analogous term under applicable Data Protection Law) of Personal Data and processes Personal Data as described in this Privacy Policy.

This Privacy Policy does not apply to when Upland acts a processor (“Processor”) (or other analogous term under Data Protection Law) of Personal Data on behalf of its customers with whom Upland directly provides Services (“Customers”). When Upland is acting as a Processor, the Customer’s privacy policy, or other third-party Controller’s privacy policy will apply, to the Personal Data provided to Upland in order to provide the Services. If your Personal Data is, or has been, submitted to Upland in its role as a Processor, and you wish to exercise any rights that you may have under Data protection Laws, please submit your request directly to third-party Customer who has provided Upland with your Personal Data.

3. Personal Data We Collect

When interacting with Upland, or our third-party partners, Upland may collect data such as your name, email address, business address, phone number, Internet Protocol (IP) address, and other identifiable information as defined under applicable Data Protection Law (“Personal Data”).

Upland generally does not collect Personal Data concerning an individual’s religious or philosophical beliefs, racial or ethnic origin, health or medical information (other than for the purpose of responding to an accommodation request for an event), genetic or biometric data, bank account information or other sensitive Personal Data designated as such applicable Data Protection Law (“Sensitive Personal Data”). However, if Upland reasonably needs to collect and process your Sensitive Personal Data to provide any requested services, Upland will do so in accordance with the requirements of applicable Data Protection Laws, including when required, obtaining your express consent for such processing.

When processing Personal Data from or in a region that requires a legal basis for such processing, such as, but not limited to, the European Union, European Economic Area, and the United Kingdom, Upland’s legal basis for collecting and processing Personal Data described above will depend on the Personal Data collected, how it was collected, and the context it was collected under. Generally, Upland’s legal basis for processing will depend on the purpose of the processing, including as necessary perform under a contract with you, consent, or based on Upland’s legitimate interest. Additionally, Upland may also have a legal obligation to process your Personal Data to protect the vital interest of you or someone else.

4. How Your Personal Data is Collected

Upland collects Personal Data via interactions with its Sites, when information about our Services is requested from us, when feedback is provided about our services, or during the registration process for sales events or marketing activities provided by, in conjunction with, or on behalf of Upland.

We automatically collect certain Personal Data when you visit or use the Sites to help analyze and make improvements to the service configuration, performance, and consumption. This may include Personal Data about the specific device being used, such as the devices operating system, Internet Protocol (IP) address, and general geolocation based on IP address.

We also automatically collect and store information about your activities on our Sites, such as information about how you came to and used our Sites, event information (such as access times, browser type, and language), and data collected through Cookies and other similar technologies that uniquely identify your browser or device. A Cookie is small file that is stored on a Site user’s computer for record-keeping purposes (session cookies make it easier to navigate within a site and expires when the browser is closed; persistent cookies remain on the hard drive for an extended period and can be used when the user returns to the site for identification and log in).

You may remove or disallow the use of some Cookies on our Sites by following directions provided in your internet browser’s help file, or if applicable by following the instructions within the Cookie banner that may appear on the Site depending on where you reside. If you remove or disallow the use of Cookies, you may experience reduced functionality within the Site.

5. How the Personal Data We Collect is Used

We may use Personal Data we collect to:

Provide, maintain, improve, and protect the Sites and other services.
Resolve technical issues and respond to support requests.
Conduct research and development.
Confirm your identity to respond to individual requests.
Monitor suspicious or fraudulent activity and to identify violations.
Tailor our services, sales, marketing, etc.
Send you requested product or service information, newsletters or marketing emails.
Understand our customers and their preferences, to enhance our Sites, Services, marketing, sales, and other services.

6. Disclosure of Your Personal Data

We do not sell your Personal Data, but may disclose or share it with third parties as described in this Privacy Policy.

We may disclose your Personal Data to third parties who are acting on our behalf or assisting us in providing services, such as data storage, maintenance services, hosting services, database management, web analytics, service providers, and payment processing providers.

Upland does not allow these third parties to use the Personal Data we collect for their own purposes and only permits them to process such Personal Data for a specified purposes and in accordance with Upland’s instructions. Additionally, Upland requires that all third parties acting on our behalf or that providing services to Upland are subject to contractual obligations that prohibit further use of Personal Data and guarantee its protection.

We post customer reviews on our Sites, which may contain Personal Data. We will obtain your consent via email prior to posting your name and review. If you wish to change or delete your review, you may contact us at privacy@uplandsoftware.com.

Our Sites offer publicly accessible blogs or community forums. Please be aware that any Personal Data and information you provide via posts on our blog or community forum may be read, collected, and used by others who access them. To request removal of your Personal Data from our blog or community forum, contact us at privacy@uplandsoftware.com.

Our Sites may include links to other sites whose privacy practices may differ from those of Upland, and any Personal Data provided to or collected by any of those other sides will be governed by their privacy policy.

Our Sites include social media features and widgets (“SM Features”), that may collect Personal Data, such as your IP address and which site page you are visiting. Your interactions with these SM Features, including any logins to them or “share to” functions, are governed by the privacy policy of the company providing the SM Features.

Please take notice that Upland may be required to disclose your Personal Data in response to a lawful request by government authorities, including request from national security agencies, regulators, or law enforcement. These requests may be as a result of regulatory oversight agencies investigating a complaint, fraud, or some other type of legal inquiry, while others may be by law enforcement seeking information for investigative purposes. We may also disclose your Personal Data as required by law, such as to comply with a subpoena or other similar legal process; when we believe in good faith that disclosure is necessary to protect the rights or safety of Upland, you, or other third-parties; or for another legal basis.

7. Communications

We may use your Personal Data to communicate with you on a variety of topics, including services, sales, and marketing. You may choose to stop receiving these communications from us at any time by emailing us at privacy@uplandsoftware.com.

You may also choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions or link included in the email.

Pursuant to the Data Privacy Framework, as defined below, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain Persona Data relating to you in the United States. Upon request, we will provide you with access to the Personal Data that we hold about you. You may also correct, amend, or delete the Personal Data we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the DPF, should direct their query to privacy@uplandsoftware.com If requested to remove data, we will respond within a reasonable timeframe.

8. Data Retention

We will retain your Personal Data for as long as necessary to provide services. Your Personal Data may be stored for one year; after which time, your Personal Data will be archived in accordance with Upland’s digital archival and records management policies. Additionally, we will retain and process your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

9. Data Security

The security of your Personal Data is important to us. We follow accepted industry standards to prevent unlawful destruction, loss, alteration, unauthorized disclosure of or access to your Personal Data. Upland implements appropriate technical and organizational measures to protect your Personal Data which may include physical access controls, encryption, internet firewalls, intrusion detection and network monitoring, and security awareness training.

To learn more, please visit Upland Security.

10. Data Transfer

Your Personal Data may be transferred to and processed in countries other than the country in which you are a resident. We may transfer Personal Data to companies that help us provide our services, such as marketing and sales events.

When transferring Personal Data to third countries, Upland relies on contractual terms that meet or exceed the requirements of applicable Data Protection Law; or on other valid transfer mechanisms or frameworks adopted or approved in accordance with applicable Data Protection Law.fa

Notwithstanding Section 11, Data Privacy Framework, Upland also relies on the EU Standard Contractual Clauses adopted pursuant to the European Commission’s implementing decision EU 2021/915 of 4 June 2021, and any necessary addendums, for the valid transfer of Personal Data for data transfers outside of European Union (“EU”), European Economic Area (“EEA”), and the United Kingdom (“UK”), to third countries that have not received an adequacy decision by the European Commission, which are incorporated into Data Processing Addendums/Agreements.

11. Data Privacy Framework

Upland complies with the EU-U.S. Data Privacy Framework (“EU-US DPF”), the UK Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Framework (“Swiss-US DPF”) (the EU-US DPF, Swiss-US DPF, and UK Extension are collectively referred to as the “Data Privacy Framework”) as set forth by the U.S. Department of Commerce. Upland has certified to the U.S. Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles (EU-US DPF Principles) with regard to the processing of Personal Data received from the European Union in reliance on the EU-US DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-US DPF. Upland has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-US DPF Principles”) regarding the processing of Personal Data received from Switzerland in reliance on the Swiss-US DPF. If there is any conflict between the terms in this Policy and the EU-US DPF Principles or the Swiss-US DPF Principles, the applicable principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Inquiries, ADR, and Binding Arbitration. In compliance with Data Privacy Framework, Upland commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, Swiss, and United Kingdom individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on EU-US DPF, Swiss-US DPF, and UK Extension to the EU-US DPF should first contact Upland at:

Data Protection Officer

privacy@uplandsoftware.com

Upland has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by us, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If neither Upland nor the BBB National Programs Dispute Resolution Process resolves your complaint, you may have the possibility, under certain conditions, to pursue binding arbitration through Data Privacy Framework Arbitration Panel. To learn more about the Data Privacy Framework Panel, see Annex I located here.

Investigatory Jurisdiction. The Federal Trade Commission has jurisdiction over Upland’s compliance with the Data Privacy Framework.

Personal Data Collected, Purpose, and Disclosure to Third Parties (including Government Authorities). Please refer to Sections 3 and 4 for details regarding how and the types of data collected, Section 6 regarding the purpose for which Personal Data is collected, and Section 7 for the third parties for which we may share Personal Data, which may include disclosures to government authorities. If Upland transfers Personal Data received under the Data Privacy Framework to a third party, that third-parties access, use, and disclosure must be in compliance with the Data Privacy Framework obligations, including in the onward transfers, and Upland shall remain liable if the third party fails to meet these obligations and Upland is responsible for the events giving rise to the damages.

Individual Rights. Individuals in the EU, Switzerland, and the United Kingdom, specific rights afforded to them regarding the processing of their Personal Data. Please refer to Section 12 for more detail about the rights afforded. With Upland’s self-certification to the EU-US DPF, Swiss-US DPF, and UK Extension, Upland has committed itself to representing those rights. To submit a request and exercise your rights, please contact Upland at privacy@uplandsoftware.com.

12. Privacy Rights for Individuals in the EU, EEA, Switzerland, and the United Kingdom

If you are an individual residing in the EU, EEA, UK, or Switzerland, you may be afforded certain specific rights regarding your Personal Data under the General Data Protection Regulation (“GDPR”), United Kingdom GDPR (“UK GDPR”), or other applicable Data Protection Law. Subject to certain exceptions and based on your specific region, you may the right to:

Access. View and request copies of your Personal Data.
Rectification/Correction. Correct inaccurate or incomplete Personal Data about you.
Erasure/Deletion. Request deletion of Personal Data about you.
Restriction. Restrict or limit the processing of some or all of your Personal Data on a temporary or permanent basis.
Portability. Transfer your Personal Data to you or a third-party in a machine-readable electronic format.
Object/Opt-Out. Object and opt-out of the processing of your Personal Data: (i) where our use is based on your consent or our legitimate interested; or (ii) to object to our use of your Personal Data for direct marketing.
Sensitive Personal Data Opt-In. Have your express consent (opt-in) for the collection of Sensitive Personal Data and not: (i) have Sensitive Personal Data shared with third parties; or (ii) be used for any other purpose than for which it was originally collected or subsequently authorized for by the individual who opted in.
Automated Decision-Making. No be subject to a decision based solely on automated processing, including profiling.

However, please be advised that removal of your Personal Data may result in your inability to receive services or in Upland’s inability to follow up with any requests for sales or marketing information.

Upland does not generally collect Sensitive Personal Data, but if Upland reasonably needs to collect any Sensitive Personal Data from you, Upland will obtain your express opt-in consent for the collection, use, and sharing of Sensitive Personal Data.

To submit a request and exercise your rights, please contact Upland at privacy@uplandsoftware.com. Where you believe that we have not complied with our obligation under this Privacy Policy or data protection law, you have the right to submit a complaint to your local Data Protection Authority or as authorized in accordance with the Data Privacy Framework above.

Please take notice that when exercising your rights under the GDPR, UK GDPR, or other applicable Data Protection Law, Upland will take steps to verify that you are authorized to make the request, including verifying the identity of the individual making the request to prevent unauthorized access to Personal Data.

These data protection rights do not apply to Upland where we process Customer Personal Data as a Processor on a Customer’s behalf. Where this is the case, any request to exercise data protection rights sent to Upland will be directed to the relevant Customer.

13. Privacy Rights for Individuals Outside of the EU/EEA/UK

For individuals residing outside of the EU/EEA/UK, depending on your location and residence, including but not limited to California, Virginia, Connecticut, and Colorado, the law may provide for rights under applicable Data Protection Law. In addition to the other terms contained in this Privacy Policy, subject to certain exceptions and based on your specific region, you may the right to:

Access. View and request copies of your Personal Data.
Rectification/Correction. Correct inaccurate or incomplete Personal Data about you.
Erasure/Deletion. Request deletion of Personal Data about you.
Portability. Transfer your Personal Data to you or a third-party in a machine-readable electronic format.
Object/Opt-Out. Object and opt-out of the processing of all or specific processing your Personal Data, including the sharing or selling or targeted advertising.
Specific Use of Sensitive Data. Right to opt-in for the processing of Sensitive Data or limit the use and sharing of Sensitive Data.
Automated Decision-Making. No be subject to a decision based solely on automated processing.

If you would like to exercise any of these rights, you may do so by contacting us at privacy@uplandsoftware.com. Where the applicable data protection law provides a right to appeal, and we inform you that we are unable to respond to your request to exercise your rights, you may appeal our decision within a reasonable period of time following our responsive decision. To submit your appeal, please respond to the original inquiry indicating you are exercising your right to appeal the decision or submit an appeal request to privacy@uplandsoftware.com.

As provided under applicable Data Protection Law(s), when exercising your privacy rights under applicable Data Protection Law, you have the right to not be discriminated against for exercising the privacy rights afforded to you as an individual.

Please take notice that when exercising your rights under Data Protection Law, Upland will take steps to verify that you are authorized to make the request, including verifying the identity of the individual making the request to prevent unauthorized access to Personal Data.

14. California Specific Statements

The California Consumer Privacy Act (“CCPA”) distinguishes between the organization collecting consumer Personal Data for its own purposes (Controller) and an organization designated by the Controller to process that Personal Data (Processor). The CCPA imposes obligations only upon “businesses” and not upon “service providers.” CCPA defines a “business” and a “service ‘provider”, which are analogous to Controller and Processor, as defined in this Privacy Policy.

When acting as a “business” this Privacy Policy applies to the same extent as when Upland is acting as a Controller. When acting as a “service provider,” this Privacy Policy applies to the same extent Upland is acting as a Processor.

Please read Upland’s Privacy Policy in its entirety for details on the categories of Personal Data collected, as well as our collection, use and disclosure practices.
You may request a copy of Personal Data we collected or disclosed within the past 12 months. You may also request deletion of your Personal Data. Please submit your request to privacy@uplandsoftware.com.

15. Children’s Online Privacy

Upland’s services are not directed at children and Upland does not knowingly collect online Personal Data from children under the age of sixteen (16), or younger where required under applicable Data Protection Law or laws (“Minor”). If you are a parent or legal guardian of a Minor and believe that Minor has disclosed their Personal Data to Upland, please contact Upland at privacy@uplandsoftware.com so that Upland may dispose of the Minor’s Personal Data.

16. Privacy Policy Changes

We may periodically update this Privacy Policy. When we do, we will also revise the “effective date” of the Privacy Policy. If we make any material changes, additional notification will be provided, such as a statement on the Site, posting a notice in the Upland Community portal, or providing email notification.

We encourage you to review this Privacy Policy periodically to stay informed of our privacy practices.

17. Questions and Contact

For questions about this Privacy Policy, how your Personal Data is used, or to submit a request to exercise your rights regarding your Personal Data, please contact us at: privacy@uplandsoftware.com or

Upland Software, Inc.
401 Congress Avenue, Suite 1850
Austin, Texas 78701

Effective as of November 15, 2025