Highrise Privacy Policy

Last updated: December 20, 2018

The privacy of your data — and it is your data, not ours! — is a big deal to us. While Highrise processes your data, we'll only ever access your account to help you with a problem or squash a software bug. We'll never open any uploaded files unless you ask us to. We log access to all accounts by IP address, browser and operating system so we can verify unauthorized access (for as long as the logs are kept).

Identity & Access

When you sign up for Highrise, we ask for your name, company name, and email address so we can send invoices, updates, and other essential information. When you invite a new user, we ask for their name and email address so we can verify their access to your account. We'll never sell your personal info to third parties, and we won't use your name or company in marketing statements unless you've publicly shared the information or expressly provided us permission.

When you pay for Highrise, we ask for your credit card and billing address. That's so we can charge you for service, calculate taxes due, and send you invoices. Your credit card is passed directly to our payment processor and doesn't ever go through our servers. We store a record of the payment transaction, including the last 4 digits of the credit card number, for account history, invoicing, and billing support. We store your billing address to calculate any sales tax due in the United States, to detect fraudulent credit card transactions, and to print on your invoices.

When you write Highrise with a question or to ask for help, we may access your account to assist with our response and we'll keep that correspondence, and the email address, for future reference. When you browse our marketing pages and use Highrise, we'll track that for statistical purposes (like for measuring conversion rates, to test new designs, and to determine which features are utilized the most). We also store any information you volunteer, like surveys, for as long as it makes sense.

Users of Highrise can store any type of information in Highrise, but Highrise does not share that data or generally know what type of data you or other users are storing. The data is only used by the account owner and invited users as they intend to use it.

The only times we'll ever share your info:

You always have the right to access the personal information we store about you. You can review the personal information you provide to us and make any desired changes to the information, or to the settings for your Highrise account, at any time by logging into your account on the website and editing the information on your Profile page. You can also contact Jeremy Daer via email at privacy@highrisehq.com, mail at: 30 N. Racine Avenue, Suite 200, Chicago, IL 60607, or phone at 847.469.3248. Please include your name, address, and/or email address when you contact us.

Even after you have consented to our collection and use of your personal information, you may opt-out of having your personal data collected or used by us by contacting us via one of the methods described above. Doing so, however, may prevent you from using Highrise services and may result in us closing your account.

Your Rights With Respect to Your Information

You may have heard about the General Data Protection Regulation (“GDPR”) in Europe. GDPR gives people under its protection certain rights with respect to their personal information collected by us on the Site. Accordingly, Highrise recognizes and will comply with GDPR and those rights, except as limited by applicable law. The rights under GDPR include:

Many of these rights can be exercised by signing in and directly updating your account information. If you have questions about exercising these rights or need assistance, please contact us at privacy@highrisehq.com.

Processors we use

As part of the services we provide, and only to the extent necessary, we may use certain third party processors to process some or all of your personal information. For identification of these processors, and where they are located, please see our Subprocessor listing. We have signed appropriate data processing contracts that comply with GDPR with each processor.

Law Enforcement

While we may be required to disclose your personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, Highrise won't otherwise hand your data over to law enforcement unless a court order says we have to. And unless we're legally prevented from it, we'll always inform you when such requests are made.


In order to improve our services and the website, and provide more convenient, relevant experiences to you, we and our vendors may use "cookies", "web beacons", and similar devices to track your activities.

Highrise also contains embedded 'share' buttons to enable Users to share content through social networks, such as Facebook and Twitter. These sites may set a cookie when you are logged in to their service. We do not control the setting of cookies from these websites. Please check the third-party websites for more information about their cookies and how to manage them.

Do Not Track

When you visit a website (such as our site), your browser automatically shares certain information, such as your IP address and other device information. Some of this information may also be sent to third-party content providers (for example: advertisers, website analytic companies, etc.) that provide content on the website. Such sharing may allow the website and/or content providers to track you over time and across multiple websites. Today, many browsers offer Do Not Track plugins that allow you to express a preference that you not be tracked, and that tell websites that you visit, by sending an electronic beacon, this preference. At this time, our site does not respond to Do Not Track beacons sent by browser plugins.

Security and Encryption

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The database backups are also encrypted. Data isn't encrypted while it's live in our database (since it needs to be ready to send to you when you need it), but we go to great lengths to secure your data at rest.

For more information about how we keep your information secure, please review our security overview.

Third Parties

You understand that Highrise uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to provide you with our services. A current list of vendors is available upon request.

In cases of onward transfer to these third parties for data of individuals received pursuant to the EU-US and Swiss-US Privacy Shield, Highrise is potentially liable should any issues or concerns arise.

Deleted Data

When you cancel your account, we keep your data on our servers for at least 30 days in case you change your mind. Beyond that we purge account data from our servers on a regular basis. You can specifically request to have your data deleted by contacting us at support@highrisehq.com. Anything you delete on your account while it's active will also be purged within 30 days (up until then it's available in the trash can).

EU-US and Swiss-US Privacy Shield Framework

Highrise is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Highrise complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Highrise has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov.

EU-US and Swiss-US Privacy Complaints

In compliance with the EU-US and Swiss-US Privacy Shield Principles, Highrise commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Jeremy Daer at Highrise at support@highrisehq.com, or by mail at Highrise HQ, LLC, 30 North Racine Avenue #200, Chicago, IL 60607 USA. We will thoroughly investigate the matter internally and make every effort to attempt to resolve the issue quickly.

Highrise has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. For more information please see www.privacyshield.gove/article?id=ANNEX-I-introduction.

Location of Site and Data

This Site is operated in the United States. If you are located in the European Union or elsewhere outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using our Site, participating in any of our services and/or providing us with your information, you consent to this transfer.

Changes & Questions

Highrise may update this policy once in a blue moon — we'll notify you about significant changes by emailing the account owner or by placing a prominent notice on our site. Questions about this privacy policy? Please contact Jeremy Daer at privacy@highrisehq.com or by mail at: Highrise HQ LLC, 30 North Racine Avenue #200, Chicago, IL 60607 USA and we'll be happy to answer them!