Privacy Notice

Table of Contents

• Scope of this Privacy Notice
• What personal information do we collect
• No automated decision-making
• Keeping your personal information up to date
• What happens if you do not give us your personal information or if you withdraw consent
• Third party sites
• iManage Work for Gmail
• Who we disclose your personal information to
• Retention
• International data transfers of your personal information
• Your rights
• Security of your personal information
• Children's Privacy
• Contacting Us & How to Make a Complaint
• Changes to this Privacy Notice

iManage LLC, our parent companies, subsidiaries and affiliates (collectively, the “iManage companies” or “we,” “us” or “our”) respect your privacy. This “Privacy Notice” informs you of our privacy practices and how your personal information is collected and used by us, and it also informs you of your rights and the options available to you. Where we determine the purposes and means of processing personal information, we act as the data controller. For users located in the European Economic Area (“EEA”), the term personal information used in this Privacy Notice is equivalent to the term “personal data” under the General Data Protection Regulation (“GDPR”). For users located in the United Kingdom (“UK”), the term personal information used in this Privacy Notice is equivalent to the term “personal data” under the UK General Data Protection Regulation (“UK GDPR”).

This Privacy Notice is readily available on our home page found at https://imanage.com and at the bottom of our other web pages.

iManage (and the vendors and other parties we use to perform services on our behalf) may collect, receive, and develop several categories of personal information about you depending on the nature of your interactions with us.  Pursuant to data protection laws, we process your personal information where we have a legal basis to do so. The legal basis depends on the reason(s) necessary to process your information, as set out below.

(a)            When you raise a query through our websites. For example, on our “Contact Us” form, “Request a Demo” form, or other similar online form. We may collect your name, email address, account username and password, alias, social media account handles, phone number, date of birth and mailing address. We may also collect this information via our online chatbot, and where you use the chatbot to book a meeting and/or request a demo. We collect this personal information because it is in our legitimate interests to manage your query properly.

(b)              When you call our customer service team. We may record audio during the call because it is in our legitimate interests to have a record of the call and to use the call records to make improvements to our services.

(c)               When you use our websites. 

• We may collect information about the browser, device and operating system you are using, device identifiers, MAC address, and your internet protocol (IP) address, which enables us to identify your general location, in our legitimate interests to administer our websites, troubleshoot issues and help keep our website secure.
•  If you consent to our use of non-essential cookies and other tracking technologies (such as web beacons, tags, and pixels), we might collect information about your precise geolocation, the site you came from,  the site you visit when you leave us, page interactions, other electronic communications and content from your use of the site (such as content entry, mouse movements, screen captures, the date, time, and location of your visit, what areas of the websites you visit and for how long, what search terms or other data you enter, and what products or content or links you view and click on), and methods used to browse away from the page. We collect this information to understand how our website it used and improve our website and services to better suit our users’ needs.
• With your consent, we may also embed tracking technologies in emails and other communications we or our vendors send to you to help us understand how you interact with those messages, such as whether and when you opened a message or clicked on any content within the message.
• Our websites also use cookies as outlined in our cookie policy.  

(d)             When your devices connect to, or are detected by, the wireless networks at our office(s). We  may also collect information from your devices because it is in our legitimate interests to protect our networks. We may engage or otherwise permit other parties to also collect information in these ways.

(e)         When you use our services. We collect personal information such as your name, email address, postal address, phone number, and job title, in order to provide you with services (which may include support, professional services, training, etc.) to fulfil our contract with you including to set up and administer your account, for billing purposes, and to send to you technical alerts, updates, security notifications, and administrative communications. For paid services, we may collect your credit and debit card, bank account information, and other payment details if you make a purchase or sign up for or through some of our services to fulfil our contract with you. For users undertaking iManage proctored examinations, we record these sessions in line with our certification guidelines. We also require a form of government identification to verify it’s you. We also process this personal information where we need to comply with a legal or regulatory obligation, such as maintaining our records, undertaking compliance checks, or screening and recording (e.g. pursuant to applicable anti-money laundering, financial and credit checks, fraud and crime prevention and detection, or trade sanctions and embargo laws). 

(f)         When you attend our live events and web conferences.  We might collect your name and contact information to provide you with information and services associated with the event and to stay connected with you thereafter and we may record footage and/or take photographs for publication, because it is in our legitimate interests to promote our business. Where you provide information about food allergies and/or access requirements prior to an event, we ask for your explicit consent.

(g)         When you visit our premises. We may, because it is in our legitimate interests, collect government ID numbers (including, for example, tax ID number, social security number), driver’s license, state identification or passport data, reason for your visit, for the purposes of verifying your identity to keep our premises secure. We may also process CCTV footage from our buildings.

(h)                When you subscribe to mailing lists. You may wish to subscribe to our publications, newsletters and whitepapers without becoming a user of our services. To do so, you will need to create a “profile,” which involves providing us with your name and email address. We process this personal information relying on your consent. You can manage your subscriptions by subscribing or unsubscribing (withdrawing your consent) at any time. If you have any difficulties managing your email or other communication preferences, please contact us at privacy@imanage.com.

(i)               When your employer is a user of our services or signs you up for training, certification, support, or an event. We might collect your name and contact information to provide our services under the contract we have with your employer. Our third-party partners may also disclose your personal information to us when you sign up for services through that partner.

(j)                  When you respond to our in-page surveys. We might collect your name, contact information, and any other personal data you choose to provide in response in our legitimate interests to understand our customers' requirements and improve our service offering. It is always within your control as to whether you choose to engage with us.

(k)                To send targeted marketing and make improvements to our service offering.  We may draw inferences about you, reflecting what we believe to be your preferences, characteristics, predispositions, and attitudes based on the personal information you have provided to us.

(l)           We, or our partners, might also collect personal information from publicly or commercially available sources, such as LinkedIn. Such personal information may include your name, address, email address, preferences, interests, and demographic data. We process this personal information because it is in our legitimate interests to send targeted marketing and make improvements to our service offering. When we use the advertising tools of these online platforms, we are both responsible for your information. You can ask these companies directly about their use of your data.             

(m)              To investigate issues.  We may process any personal information you provide to us to address disputes, claims, assess the capacity of persons demonstrating legal authority to act on your behalf, and investigate and prevent fraudulent activities, unauthorized access to the services and other illegal activities.

(n)         To develop and improve our services. When we process publicly available documents to improve our services, including to train our machine learning models. We may, as an ancillary part of this processing, process personal data contained within these documents, which may include information such as names, addresses and job titles, because it is in our legitimate interest to develop and enhance our service offerings. 

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us using the details provided in section 2 of this Privacy Notice.

Your personal information is not used in any automated decision making (a decision made solely by automated means without any human involvement)

[ Back to the top ]

If any of your personal data (such as your contact details) changes, please ensure that you let us know so that the information we have about you is kept up to date.

[ Back to the top ]

iManage Work for Gmail's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements stated in it. 

[ Back to the top ]

a.       iManage companies

We disclose your personal information with any of the iManage companies to carry out our services to you. This includes our subsidiaries, affiliates, and business units.

b.      Our service providers

We transfer personal information to service providers who perform tasks on our behalf. These companies include (for example) our payment processing providers, analytics companies (e.g., Segment), product feedback or help desk software providers (e.g., Beamer and Zendesk), CRM service providers (e.g., Salesforce), marketing service providers (e.g., Marketo), revenue intelligence providers (e.g., Gong and Seismic), and email service providers. We analyze how our customers use our products and services, to assist us with product insights and improvements. Where you provide your feedback within our products, we may reach out to you for further information to help to resolve your issue.  

Where we receive your personal information and subsequently transfer that personal information to a third-party agent or service provider for processing, we require them to have sufficient guarantees in place to protect the privacy and confidentiality of the personal information.

c.       Event or webinar sponsors

When you attend an event or webinar organized by us (such as ConnectLive), or download or access an asset on our website, we may share your personal information with sponsors of the event, webinar, and/or asset. If required by applicable law, you may agree to such sharing via the registration form or by allowing your badge to be scanned at a sponsor booth. In these circumstances, your personal information will be subject to the sponsor’s privacy statements. If you wish to opt-out of the disclosure of your details with sponsors, you can always do so either at the time of registration, or by contacting us at privacy@imanage.com.

d.      Partners

We may share your personal information with specific partners that offer supplementary services to those provided by us, such as partners that offer implementation and/or adoption services, or that resell our services.

e.       Business transfers

We may disclose your personal information as a part of a transaction, financial, due diligence or for other business needs because it is in our legitimate interests. For example, if iManage sells any of its businesses or assets, applies for loans, or opens bank accounts, we may disclose your personal information to the prospective buyer, lender or bank, as the case may be, as part of certain due diligence processes. We may also receive customer information in connection with the evaluation of and entry into a transaction to acquire another business. Also, if we are acquired, go out of business, enter insolvencyor go through some other change of control, your personal information could be transferred to or acquired by a third party. We will seek appropriate protection for personal information in these types of transactions.

f.        Advertising networks and analytics service providers

We compile information about our customers and website visitors and disclose that data to our third-party marketing and analytics services providers to assist us with insights, marketing and promotional content.

Our websites may interface with social media sites such as Facebook, LinkedIn, X and others. If you choose to “like” or share information from our websites through these services, you should review the privacy notice of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal information.

g.       Public authorities

Personal information may also be disclosed to courts, law enforcement, regulatory, or other government agencies, in each case to comply with our legal obligations.

[ Back to the top ]

Our headquarters are based in the United States. We also have a presence in Canada, the European Economic Area (“EEA”), the United Kingdom (“UK”), Australia and India. Personal information we collect from you will be primarily processed in the United States, the UK, and the EEA. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which any member of the iManage companies has operations for the purposes described in this Privacy Notice. We ensure that an adequate level of protection is provided for the protection of personal information by using one or more of the following approaches:

·       We transfer personal information to countries or territories that are covered by adequacy decisions (i.e., the relevant bodies have decided that these countries ensure an adequate level of protection of your personal information) or subject to an equivalent framework; or

·    We enter into contractual provisions, e.g., Standard Contractual Clauses (SCCs), between us and the recipient.

If you are visiting our websites from the EEA, the UK, or other regions with laws governing data collection and use, please note that we may transfer your personal information to the United States, the UK, and other jurisdictions in which we operate.

Data Privacy Framework Program

We comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal information received from the EEA in reliance on the EU-U.S. DPF and from the UK (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. We have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, we commit to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal information received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, we commit to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal information received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact dpo@imanage.com.

Under certain limited circumstances, individuals in the EEA, Switzerland, and the UK may invoke binding DPF arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please visit https://www.dataprivacyframework.gov/.

If we have received your personal information under the DPF program and subsequently transfer it to a third-party service provider for processing, we will remain responsible if they process your personal information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

We are subject to the jurisdiction of the U.S. Federal Trade Commission for purposes of the DPF program.

The DPF program self-certification does not apply to processing in Australia or India.

[ Back to the top ]

Depending on your location and where the processing of personal information takes place, you have one or more of the following rights in relation to your personal information:

·       Right to withdraw consent: Where we handle your personal information on the basis of consent that you have given to us (as stated in section 3 above), you may at any time withdraw this. Please note that, if you do so, we will no longer be able to provide services to you that are dependent on you giving this consent to us.

·       Right of access: You can request that we disclose to you the categories of personal information we have collected about you, the categories of sources from which we collected the personal information, the categories of personal information we sold or disclosed, our business or commercial purpose for collecting, selling or sharing the personal information, the categories of third parties to whom we disclosed the personal information, and the specific pieces of personal information we collected about you;

·       Right to rectification: You can request that we complete or correct inaccurate personal information that we maintain about you, subject to certain exceptions;

·       Right to erasure: You can ask us to delete your personal information, subject to certain exceptions(please note this that this right will not apply where it is necessary for us to continue to use the relevant personal information for a lawful reason);

·       Right to restriction of processing: You can request that we restrict or suppress the processing of personal information, including our use and disclosure of sensitive personal information;

·       Right to object to processing: You can object to processing where there is a compelling reason to do so and for any marketing related processing, including profiling for marketing purposes;  

·       Right to data portability: You can obtain and reuse personal information for your own purposes and, where our legal basis for processing that information is your consent or our performance of a contract, you can ask to receive this in a structured, commonly used, and machine-readable format (please note that this right does not apply to personal information contained only in hard-copy records).

There are some exceptions to the rights listed above and, although we will always try to respond to any instructions you may give us about our handling of your personal information, there may be situations where we are unable to meet your requirements in full (for example, if we have a legitimate reason for not doing so or the right you wish to exercise does not apply to the particular information we hold about you).

The rights available to you may depend on your location and where the processing of personal information takes place. In order to exercise the rights relevant to you listed above, please contact us at dpo@imanage.com or (if you are in the U.S.) toll free at (855) 353-4489 (ext. 10734). We will attempt to fulfill legitimate requests within one month. If we are unable to fulfil your request within one month, we will let you know that we require additional time as soon as possible. We may deny certain requests, or fulfill a request only in part, based on our legal rights and obligations. For example, we may retain personal information as permitted by law, such as to fulfill our legal obligations related to tax or other record keeping purposes.

We will take reasonable steps to verify your identity prior to responding to your requests. The verification steps may vary depending on the sensitivity of the personal information and whether you have an account with us. You may designate an authorized agent to make a request on your behalf. If you choose to submit a privacy request through an authorized agent, we may require that you provide the agent with written permission to do so, and that the agent verify their own identity with us. If your privacy request is submitted by an agent without proof that they have been authorized by you to act on your behalf in accordance with applicable law, we may deny the request. We also reserve the right, in our sole discretion, to reach out to you directly to confirm that the agent is in fact authorized to make this request on your behalf to the extent allowable under applicable law, including where verification is insufficient or the nature of the personal information subject to the request is sensitive in nature.

iManage will not discriminate against you because you made any lawful request. You are not required to pay any charge for exercising your rights, unless your request is unfounded, repetitive or excessive. In the event that your request is unfounded, repetitive or excessive, or if we are not in a position to identify you, we can refuse to act on your request, or charge a reasonable fee.

Direct Marketing Communications

Where consent is used as our legal basis to send direct marketing communications to you, you have the right to withdraw consent at any time. iManage will not use your personal data for marketing purposes if you have opted out, nor will we share or sell your personal data or use it for targeted advertising if you have exercised your right under US state privacy laws. You can use the “unsubscribe” links in all communications, contact your usual iManage representative or use the contact details found in the 'Contacting Us' section of this Privacy Notice.

California Residents

In addition to the rights outlined above, if you reside in California, you have the right to ask us once each year if we have shared personal information with third parties for their direct marketing purposes. To make a request, please send us an email privacy@imanage.com. Indicate in your letter that you are a California resident making a “Shine the Light” inquiry.

Virginia, Colorado, Connecticut, Oregan and Texas Residents

In addition to the rights outlined above, if you reside in Virginia and you are not satisfied with the outcome of your request, you may submit an appeal by sending an email to dpo@imanage.com with “Appeal” in the subject line or call toll free at (855) 353-4489 (ext. 10734). We will respond to your appeal within the specified regulatory timeframe.

[ Back to the top ]

To help protect the privacy of personal information you transmit to us, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal information to those employees who need to know that personal information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your personal information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

[ Back to the top ]

We do not knowingly collect or solicit personal information from anyone under the age of 16. If you are under 16, please do not attempt to register for the services or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us personal information, please contact us at privacy@imanage.com.

[ Back to the top ]

We value your opinions. If you have comments or questions about this Privacy Notice, please send them to privacy@imanage.com or write to us at the address below. We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.

Regulatory complaints and redress

Depending on your location, you may have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement.

iManage Contact Details

iManage LLC

Privacy

71 South Wacker Drive, 4^th Floor

Chicago, IL 60606

privacy@imanage.com

iManage EMEA Limited

Privacy

1 Phipp Street

London EC2A 4PS

privacy@imanage.com

Data Protection Officer Contact Details

HewardMills Ltd

77 Farringdon Road

London

EC1M 3JU

dpo@imanage.com

+44 (0) 20 4540 5853

EU Representative Contact Details

We have appointed a representative in the EU. You can contact them by post at Mishcon de Reya Representative Services (Europe) Limited, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland, or by email at representative@mishcon.com.

[ Back to the top ]

We will post any revised versions of this Privacy Notice here, with an updated revision date. If we make significant changes to this Privacy Notice that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our corporate website or social media pages. Please check this Privacy Notice periodically for updates. This Privacy Notice was last updated on 03 July 2025.

[ Back to the top ]