top of page

GoTo U.S. Privacy Policy

Effective June 1, 2023


Who We Are and Scope of this Privacy Policy

We are GoTo Technologies USA, Inc., a U.S. company headquartered in Boston, Massachusetts, and our wholly-owned subsidiaries in the United States listed here, collectively referred to as "we" or "GoTo" in this Privacy Policy. As a global company dedicated to making IT easy, from anywhere, GoTo provides Software as a Service products ("Services") that help businesses securely support and connect to what’s most important: their teams and customers.

In this Privacy Policy, we explain what personal data we collect from visitors to the GoTo websites and/or properties that link to this Privacy Policy (including our digital properties listed here) and how we use such personal data.

It is important to note that this Privacy Policy does not apply to any other data, such as any personal data that may be included in the files, documents, recordings, chat logs, transcripts, and similar data that we maintain on our customers' behalf, as well as any other information our customers may upload to their GoTo account(s) in connection with their use of our Services (which we refer to as "Content" in our Terms of Service), or information gathered from other channels, such as publicly available sources. For the avoidance of doubt, we process customer Content, including any personal data which may be included therein, solely for the purpose of providing and operating our Services to our customers and only in accordance with their written instructions, which typically take the form of our Terms of Service, a Data Processing Addendum and/or any similar written agreement between GoTo and our customer. We provide a separate privacy notice for job candidates and applicants which may be found here.

GoTo and our international affiliates located outside the United States have posted additional privacy policies with different scopes, as required by law or where we believe appropriate for transparency purposes, including the Supplemental California Consumer Privacy Act Disclosures, as well as notices specific to the European Economic Area ("EEA") and Switzerland which may be found here.


Data Categories and Collection Purposes

When you visit our website(s) and/or use our Services, you provide the following categories of personal data to us:

  • Customer Account and Registration Data is data you provide when you create your account with us, request support or technical assistance, or register for events, webinars, whitepapers and surveys, which typically include first and last name, billing data, and a valid email address. We need this data to provide the Services to you, to maintain and support your account, as well as to collect payment.

  • Service Data (including Session, Location and Usage data):When you visit our websites and use our Services, we receive data that you or others voluntarily enter, including on schedules and attendee lists, as well as data that is automatically logged by the website or Service - for example, duration of session, connections made, hardware, equipment and devices used, IP addresses, location, language settings, operating system used, unique device identifiers and other diagnostic data. We need this information to provide, operate, and improve our Services. We collect location-based data for the purpose of providing, operating, and supporting the Service and for fraud prevention and security monitoring; you can disable location data transmission on mobile devices at any time by disabling location services from the settings menu on your device.

We strive to limit the types and categories of personal data that is collected from, and processed on behalf of, our users to include only information which is necessary to achieve the purpose(s) for which it was collected, and we do not use personal data for additional purpose(s) which are incompatible with their initial collection. In other words, we have measures and policies in place designed to ensure that we only collect and process information from our users that we believe is necessary to operate and provide them with a world-class Service.

How We Use Your Data


We use the data we collect from visitors to our websites to: (a) provide and operate our Services; (b) address and respond to service, security, and customer support needs; (c) detect, prevent, or otherwise address fraud, security, unlawful, or technical issues; (d) comply with applicable laws and administrative requests, protect our rights, assert and defend against claims; (e) fulfill contracts; (f) maintain and improve our Services; (g) provide analysis or valuable data back to our customers and users; (h) assess the needs of your business to determine and promote other GoTo products which we believe may be helpful to you; (i) provide product updates, marketing communications, and service data; (j) conduct research and analysis for business planning and product development; (k) display content based upon your interests; and (l) to the extent permitted by law, we may combine, correct, and enrich personal data that we receive from you with data about you from other sources, including publicly available databases or from third parties to update, expand, and analyze our records, identify new prospects for marketing, and provide products and Services that may be of interest to you.

Notwithstanding anything else in this Privacy Policy, if you link Google Services with your GoTo Connect, GoTo Meeting, GoTo Webinar, GoTo Training (collectively, "GoTo") or Grasshopper account, our use of your Google data will be as follows:

  • For GoTo Google Calendar access (where enabled), we will read the date, time, and title of calendar events and use this information to schedule corresponding web meetings.

  • For GoTo Google Contacts access (where enabled), we will access names, phone numbers, and email addresses and make these available in GoTo.

  • For Grasshopper Google Mail or "Gmail" access (where enabled), we will use that access to read, write, modify, delete, or control Gmail message bodies (including attachments), metadata, headers, and settings to provide web email client functionality that allows users to compose, send, read, and/or process emails. We will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features; to comply with applicable law; or as part of a merger, acquisition, or sale of assets.

For all Google data, we will not use the data for serving advertisements and will not allow humans to read the data (i.e., by utilization of robust access controls, procedures, etc., inclusive of the principle of least privilege) unless: (i) we have your affirmative agreement for specific data; (ii) doing so is necessary for security purposes, such as investigating abuse; (iii) it is in response to requested support/troubleshooting; (iv) to comply with applicable law; and/or (v) if the data have been anonymized, for our internal operations related to the applicable GoTo services noted above.

Analytics, Cookies and Other Web Site Technologies


We continuously improve our websites and Services through the use of first- and third-party cookies and other web analytics tools, which help us understand how our visitors use our websites, desktop tools, and mobile applications, what webpages, features and functions they like and dislike, and where they may have run into problems which need to be addressed.

Google Analytics and Adobe Marketing Cloud

We use Google Analytics as described in "How Google uses data when you use our partners' sites or apps." You can prevent your data from being used by Google Analytics on our websites by installing the Google Analytics opt-out browser add-on here. For enhanced privacy purposes, we also employ IP address masking, a technique used to truncate IP addresses collected by Google Analytics and store them in an abbreviated form to prevent them from being traced back to individual users. Portions of our website may also use Google Analytics for Display Advertisers including DoubleClick or Dynamic Remarketing which provide interest-based ads based on your visit to this or other websites. You can use Ads Settings to manage the Google ads you see and opt-out of interest-based ads. We also use Adobe Marketing Cloud as described here. You can similarly exercise your rights with respect to use of this data as described in the "Exercising Choice" section below.

Social Media: Many of our websites include social media features, such as Facebook, Google, and Twitter "share" buttons. If you use these features they may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly – you can exercise your rights with respect to the use of this data as specified in the "Exercising Choice" section below. These services will also authenticate your identity and provide you the option to share certain personal data with us such as your name and email address to pre-populate our sign-up form or provide feedback. Your interactions with these features are governed by the Privacy Policy of the third-party company providing them.

Exercising Choice

We do not currently respond to web browser "do not track" signals or similar mechanisms, but instead offer visitors to our websites more information, choices, and control over cookies and other web analytics tools via GoTo's Cookie Consent Manager (available via the "Cookie Preferences" hyperlink at the bottom of this page) and/or as specified below. GoTo's Cookie Consent Manager provides visitors with information about the types and categories of cookies we utilize, and you may also exercise your rights as follows.

  • If you wish to not have the information these technologies collect used for the purpose of serving you targeted ads, you may opt-out here.

  • The Help Menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, and how to disable cookies altogether.

  • To manage Flash Cookies, please click here.

You can still view our websites if you choose to set your browser to refuse all cookies; however, you will need to keep certain cookies enabled to establish an account or to install the Services.

Data Sharing

We share your personal data: (a) with our affiliated companies and subsidiaries which are directly or indirectly owned by our parent company, GoTo, Inc.; (b) at your direction, with separate, specific notice to you, or with your consent; (c) with third-party service providers under appropriate confidentiality and data privacy obligations (only for the purposes identified in Section 3, "How We Use Your Data"); (d) in connection with a merger, divestiture, acquisition, reorganization, restructuring, financing transaction or sale of assets pertaining to a business line; and (e) as required by law or administrative order, to assert claims or rights, or to defend against legal claims.

To the extent GoTo uses its affiliates or third-party providers in the provision and operation of its Services and processing of any Content, including any personal data therein, it discloses those parties in the applicable Affiliate and/or Sub-processor Disclosure in its Trust Privacy Center (see the "Product Resources" Section).



GoTo has implemented a comprehensive data privacy and security program which includes appropriate technical and organizational measures designed to safeguard and protect the personal, identifiable, and/or confidential information we collect, or you share with us. GoTo's operations, on a product and/or suite-specific basis, have been assessed by independent third-party auditors against recognized security standards and controls, including SOC2 Type II, BSI C5, SOC3, and ISO 27001.

To learn about GoTo's Service-specific security and privacy measures and certifications, please visit the Trust Privacy Center (see the "Product Resources" section).

Privacy Frameworks

GoTo is headquartered in the United States of America, has international affiliates and subsidiaries, and maintains a global infrastructure. Information that we collect and maintain may be transferred to, or controlled and processed in, the United States and/or other countries around the world.

When GoTo transfers personal data, it will do so in compliance with the following frameworks:


Standard Contractual Clauses

GoTo offers a Data Processing Addendum ("DPA") which incorporates Standard Contractual Clauses ("SCCs") for data transfers outside the European Union and European Economic Area. For more information about GoTo's program, as well as supplementary documentation to use in conjunction with its DPA and SCCs, please visit our Privacy Program page.

APEC Cross Border Privacy Rules System



GoTo's global privacy program, described in this Privacy Policy, complies with the Asia Pacific Economic Cooperation ("APEC") Cross-Border Privacy Rules System ("CBPRs"). The APEC CBPR system provides a framework for organizations to ensure protection of personal data transferred among participating APEC economies. More information about the APEC Privacy Framework and CBPRs can be found here. Our certification applies to our business processes across our global operations that process and transfer personal data to/from our affiliates around the world. To view our certification, please visit the validation page here.

To learn more about how GoTo protects personal data, review and execute appropriate data processing addendums (where relevant), as well as review locations where GoTo may process your personal data through its affiliated companies or third-party subprocessors (when GoTo acts as a data processor, service provider, and/or the applicable legal equivalent), please visit the Product Resources section of the GoTo Trust Privacy Center.


We update this Privacy Policy from time-to-time to reflect changes to our personal data handling practices or respond to new legal requirements and will post updates here. However, if we make any material changes that have a substantive and adverse impact on your privacy, we will provide notice on this website and additionally notify you by email (sent to the e-mail address specified in your account) for your approval prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Children's Privacy

GoTo webpages are intended for general audiences – we do not seek through our sites to gather personal data from or about persons that are sixteen (16) years of age or younger. If you inform us or we otherwise become aware that we have unintentionally received personal data from an individual under the age of sixteen (16), we will delete this information from our records.

Access Requests

GoTo respects your control over your information, and, upon request, we will confirm whether we hold or are processing information that we have collected from you. You also have the right to amend or update inaccurate or incomplete personal data, request deletion of your personal data, or request that we no longer use it. Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event, we will respond to your request within thirty (30) days and provide you an explanation.

Please note that for personal data about you that we have obtained or received for processing on behalf of a separate, unaffiliated entity – which determined the means and purposes of processing, all such requests should be made to that entity directly. We will honor and support any instructions they provide us with respect to your personal data.

Your State Privacy Rights

Notice to California Residents: If you are a California resident, you may have additional privacy rights under the California Consumer Privacy Act (“CCPA”). Please click here to view our disclosures pursuant to the CCPA.

Notice to Other State Residents, Including, But Not Limited To, Connecticut, Colorado, Utah, or Virginia Residents: If you are a resident of other U.S. states with applicable privacy laws, including, but not limited to Connecticut, Colorado, Utah, or Virginia, you may have certain privacy rights. Where applicable, you [may] have the right to: a) access personal data that we collect or retain about you; b) request to correct inaccuracies regarding your personal data; c) request deletion of your personal data; d) obtain a copy of your personal data; and e) opt-out of certain targeted advertising activities. Please note that these rights are not absolute, and we may be entitled to refuse requests, wholly or in part, where exceptions under applicable law apply.

If you wish to exercise one or more of these rights, please submit a request to us by either visiting our Individual Rights Management Portal here or contacting us at

If we cannot comply with your request, or a portion of your request, we will notify you and include the reasons in our response. In addition, you may have the right to appeal our decision. Information may be provided to you on how to exercise this right of appeal upon request.

Contact Us

If you have questions or requests relating to personal data or privacy, please visit our Individual Rights Management portal here or send an email to

If you wish to no longer receive marketing communications from us, you can opt-out of marketing by clicking on the unsubscribe link on any marketing email you receive, or at

If you have any other questions about this policy please contact the GoTo Privacy Team or write to us via postal mail at: Attn: GoTo Privacy Team c/o Legal Team, GoTo, 333 Summer Street, 5th Floor, Boston, MA 02210. To reach our Global Customer Support department, you may contact us here.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at

bottom of page