For schools and educational use, please see the Onshape Education Plan Privacy Notice
Information We Collect and Receive
When you access and use Onshape’s service, we collect and receive the following kinds of personal information:
- Account and profile information: When you create your Onshape account, you are required to give us certain information (e.g., your email address and a password). We may ask for additional information from time to time in order to create a more robust user profile. This additional information is optional.
- Communications: When you communicate with us by sending us an email, applying for a job, contributing to Onshape’s Community Forum, or participating in blog post discussion threads, we will collect and store any information that is contained in your communications with us or that you share. Please see the section “Job Applicants” at https://www.ptc.com/en/documents/policies/privacy.
We collect the following types of personal information which does not relate to a directly identifiable individual when you use the Service:
- Log data: When you use Onshape, our system automatically records information including information that your browser sends whenever you visit a website or your mobile app sends when you are using it. This log data may include your Internet Protocol (IP) address, the address of the web page you visited before arriving at Onshape, your browser type and settings, the date and time of your request, information about your browser configuration and plug-ins, language preferences, and cookie data.
- Device information: In addition to log data, we may also collect information about the device on which you are accessing Onshape, including what type of device it is, what operating system you are using, device settings, unique device identifiers, and crash data. Whether we collect some or all of this information often depends on what type of device you are using, and its settings.
- Geo-location information: Internet Protocol (IP) addresses received from your browser or device may be used to determine approximate location and improve the service we provide to you.
- Usage data: This is information about how you use the various capabilities and features of the Onshape service. We use this information to better understand opportunities to improve the quality of the service we provide to you and to anticipate and troubleshoot potential issues with the Service.
- Information from partners or other third parties: Onshape may receive information from partners or others to improve your experience. For example, Onshape’s Learning Center will provide us your course completion results so we can offer you more advanced training.
Legal Basis for Processing Your Information
- We rely on the following legal grounds to process your personal information:
Cookies are small text files sent by us to your computer or other device and from your computer or other device to us, each time you visit our website. They are unique to your Onshape account or your browser or app. Session-based cookies last only while your browser or app is open and disappear from your device when you close your browser software or app or turn off your device. Persistent cookies remain on your device after you close your browser or app or turn off your device -- and last until you or your browser delete them or until they expire.
Some cookies are associated with your Onshape account and personal information in order to remember that you are logged in. Other cookies are not tied to your Onshape account but are unique and allow us to do site analytics and customization, among other things. If you access Onshape through a browser, you can manage your cookie settings there, but if you disable cookies you may not be able to use Onshape effectively, or at all.
How We Use Your Information
We use your information for the following:
- Providing the Onshape service: We use information you provide to authenticate you, and enable you to use our cloud-based CAD, collaboration, storage and other services.
- Communicating with you: We will occasionally send you communications based on information you include in your profile, or your use of the Onshape service. You can manage the frequency and/or opt out of receiving these communications by changing your settings on the Service and/or clicking the “Unsubscribe” link at the bottom of each email. We also may send you service-related and administrative emails, for which you may not opt out.
- We may also use your personal information to create anonymous information records by excluding information that makes the information personally identifiable to you.
You have the ability to make your documents public or private in Onshape; and you have the ability to share public or private documents with other users.
- By authoring a Public Document in Onshape, you agree to its accessibility by others. Any document you make public is neither private nor confidential and you should not have any expectation of privacy with respect to it.
- Onshape will NEVER make your private content public. Reclassifying your Private Document as public will always require your affirmative action.
- You also can reclassify any document you create from public to private at any time -- but Onshape cannot guarantee the confidentiality of any document that you had made public at any time in the past.
- When you share a document in Onshape, anybody with whom you have shared the document may be able to use, reproduce, manipulate, distribute, display, transmit and communicate the contents of that document. If you do not want others to have those rights, do not share your documents in Onshape, or set your permissions accordingly. You are responsible for permitting access to documents which you are able to share.
You have the ability to comment on various aspects of Onshape’s service by contributing posts to Onshape’s Community Forum, participating in blog post discussion threads, etc. Any such commentary is neither private nor confidential and you should not have any expectation of privacy with respect to it.
If you terminate your subscription but do not delete your public and shared documents, we reserve the right but not the obligation to maintain the availability of those documents for all Onshape users (in the case of Public Documents) or users with whom any Private Document has been shared, together with information identifying you as the author of such documents. If you delete your documents before your subscription is terminated, your public and private shared documents will no longer be viewable by others.
The browser you use to access Onshape may provide you with the ability to control cookies or other types of local data storage.
Your mobile device may provide you with choices around whether and how location or other data is shared with us.
- Sharing and Disclosure
As noted previously, Onshape’s culture emphasizes respect for your privacy. Consistent with that cultural value, we do not sell or rent your personal information to any third party. We limit our sharing of the information we collect and receive from you to the following circumstances:
- Account Support: To provide you with customer support, our staff may need to share among themselves information you previously have provided to us.
- Legal Compliance and Public Protection: We will share your information when we believe disclosure is reasonably necessary to comply with a law, regulation, legal request, or lawful request of a public authority; or to protect the safety, rights and/or property of the public or any person.
- Integrity of Onshape’s Service: We will share your information as appropriate to detect, prevent, and/or address fraud, security or technical issues, or otherwise to protect Onshape and its user community.
- Shared documents: If you are shared into a document that another Onshape user has made public, certain items of your personally identifiable information will be visible to any other user who views that document.
- Third Parties and Agents: We may employ third party companies or individuals to help us provide the Service or meet internal business operations needs, and they may process personal information on our behalf. For example, we may share data with a security consultant to help us get better at preventing unauthorized access or with an email vendor to send messages on our behalf. We also may share data with hosting providers, payment processors, marketing vendors, and other vendors and consultants who work on our behalf and under contractual promises of confidentiality. We maintain contracts with these providers restricting their access, use and disclosure of personal information in compliance with our obligations under this Policy.
- Authorized Resellers and Partners: We may also share your personal information with our authorized resellers and partners for the purpose of further supporting your use of Onshape, and for co-marketing activities. All such authorized resellers and partners are required by Onshape to provide you with a means of opting out of some or all of their communications with you.
- Aggregated and Non-Identifiable: Onshape may share aggregated or deidentified personal information with our partners or others in our sole discretion, including for business or research purposes.
- Communicating With You: We will occasionally send you tailored communications based on information you include in your profile, or your use of the Onshape service, or where you have shown a clear interest in our Services. We also will send you service and administrative emails. You have an ability to opt out of certain of these communications as described above.
For users within the United States, we process data in data centers located in the United States. We have adopted reasonable physical, technical, and organizational safeguards against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, access, use, or processing of user data in our possession. We comply with state and federal laws governing the protection of personal information.
For users outside of the United States: Your personal information may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the EEA. We ensure that Onshape offers an adequate level of protection, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission. Should you require Onshape to sign standard contractual clauses as “data importer”, please email email@example.com.
You have certain rights relating to your personal information, subject to local data protection laws. Depending on the applicable laws and, in particular, if you are located in the EEA or a resident of California, these rights may include:
- To access your personal data held by us (right to access);
- To rectify inaccurate personal data and, taking into account the purpose of processing the personal data, ensure it is complete (right to rectification);
- To erase/delete your personal data, to the extent permitted by applicable data protection laws (right to erasure; right to be forgotten);
- To restrict our processing of your personal data, to the extent permitted by law (right to restriction of processing);
- To transfer your personal data to another controller, to the extent possible (right to data portability);
- To object to any processing of your personal data carried out on the basis of our legitimate interests (right to object). Where we process your personal data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
- Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"). Automated Decision-Making currently does not take place on our websites or in our services; and
- To the extent we base the collection, processing and sharing of your personal data on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.
We will respond to your request consistent with applicable law. To protect your privacy and security, we may require you to verify your identity.
To request an accounting of your personal information, a change to your personal information, deletion of your personal information, or to withdraw your consent to the collection, processing, and/or transfer of your personal information, contact firstname.lastname@example.org via email or www.ptc.com/opendoor where toll-free numbers are also available.
Once we have received notification that you withdraw your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Third Party Websites
Any questions or concerns regarding the use or disclosure of personal information should be directed to us at the address given below.
We will respond to any inquiries or complaints as required by applicable data protection law.
Residents of the EU also have a right to lodge a complaint with a Data Protection Authority (“DPA”). Each European Union member nation has established its own DPA; you can find out about the DPA in your country here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
Retention and Deletion
We will only retain your personal information for as long as necessary to fulfill the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.
In some circumstances, we may anonymize your personal information so that it can no longer be associated with you, in which case it is no longer personal information.
It is our policy to retain personal information for 60 months once such personal information is no longer necessary to deliver the Service and to delete such personal information thereafter. This means that, if you close your account with us, we will delete personal information associated with your account after 60 months. Regarding other types of information we collect as described in this policy (Cookies, Log Files, Geo-Location Information, Device Identifiers), it is our policy to retain such personal information for 60 months and to delete such personal information thereafter.
Questions or Concerns
Any questions or concerns regarding the use or disclosure of your information, or any other matter related to this Policy, should be directed to
The Global Data Privacy Officer
121 Seaport Blvd
Boston, Massachusetts 02210
Attn: Compliance Department – Privacy