Privacy policy

Welcome to (the "Site"), hosted by Vercel Inc. ("Vercel", "we", "us" and/or "our"). Vercel provides information on this Site regarding its Turborepo software that is a high-performance build system for JavaScript/TypeScript monorepos. Turborepo's tooling provides developers with incremental builds, intelligent remote caching, and optimized task scheduling. The Turborepo software is available pursuant to an open source license (such information that we provide and the Turborepo software are referred to as the "Services"). In order to provide our Site and Services (collectively, "Platform"), we collect personal data from our customers ("Customers"). We also collect the personal data of our Customer's end users ("End Users") when our Customers use our Services. Throughout this Privacy Policy, "personal information" or "personal data" refers to any information that is unique to an individual, such as name, address, email address, phone number, IP address and other information that can reasonably identify an individual.This Privacy Policy, along with our Cookie Policy, covers how we collect, handle and disclose personal data on our Platform, including any affiliated websites, software or platforms owned or operated by Vercel on which this Privacy Policy appears. Even though we store End Users' personal data, it does not cover how or why our Customers may collect, handle and disclose their End Users' personal data when they visit or use their websites or platforms.

If you are located in the European Economic Area ("EEA") or the United Kingdom ("UK"), this entire Privacy Policy applies to you. However, please see the Section titled "Additional Information for Users in the EEA and the UK.", which will provide more detail information about which rights you have regarding the processing of your personal data.We recommend that you read this Privacy Policy and our Cookie Policy carefully as both provide important information about your personal information and your rights under the law.If you have any questions, comments, or concerns regarding this Privacy Policy, our Cookie Policy and/or our data practices, or would like to exercise your rights, do not hesitate to contact us at or see our information below.

Who We Are and How To Contact Us

Vercel is a Delaware corporation with the following contact information: Vercel Inc.340 S Lemon Ave #4133Walnut, CA For users in the EEA and the UK, note that we may collect your personal data as a 'data controller' when we determine the means and purpose of processing, such as when we process the personal data of our Site Visitors, Event Attendees and/or Customers, or as a 'data processor' when we collect and process personal data on behalf of our Customers who use our Services or Customers that use our analytics tools. Similarly, for users in California, we currently act as a ‘service provider’ to those ‘businesses’ that are subject to the California Consumer Privacy Act when we collect and process personal data or information on behalf of our Customers who use our Services or Customers that use our analytics tools. This is further explained below.

To Whom Does This Policy Apply

Note at the outset that this Privacy Policy does not cover our Customers' websites. Each Customer is responsible for posting its own terms, conditions, and privacy policies, and ensuring compliance with all applicable laws and regulations. This Privacy Policy applies to:

Customers: as noted above, this includes any individual who registers individually or on behalf of an entity or organization in order to use the Services.

**Site Visitors: **visitors to our Site, including those who may also opt in to receive commercial communications from Vercel. This does not include any visitors to our Customers' individual websites.

Event Attendees: Vercel hosts and/or sponsors annual conferences and is an active participant at many other conferences, summits, and additional events (collectively, "Events"), and collects personal information from individuals when they attend (or register to attend) Events.

End Users: Vercel may process End User data on behalf of its Customers. While our Customers are responsible, as data controllers or businesses, for how and why they collect and process their End User personal data, this Privacy Policy also applies to any End User personal information that we process, as a data processor or service provider, in order to provide Services to our Customers.

Children's Privacy

Vercel does not knowingly collect information from children under the age of 16. If you are under the age of 16, please do not submit any personal data through the Platform. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce our Privacy Policy by instructing their children never to provide personal data on our Platform without their permission. If you have reason to believe that a child under the age of 16 has provided personal data to Vercel through the Platform, please contact and we will endeavor to delete that information from our databases.

Changes To This Privacy Policy

This Privacy Policy was last updated on the date indicated below, but we suggest that you review it from time to time, as our Platform and our business may change. As a result, at times it may be necessary for Vercel to make changes to this Privacy Policy (and/or our Cookie Policy). Vercel reserves the right to update or modify this Privacy Policy and/or our Cookie Policy at any time and from time to time without prior notice. However, if we make changes that we believe will materially impact this Privacy Policy, the Cookie Policy or your rights, we will promptly notify you of those changes. Your continued use of the Platform after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.

What Information Do We Collect

What personal information we collect and process depends on how and why you use our Platform. Generally, we process personal information that we receive: Directly from you when you provide it to us, such as in connection with our Services or Event registrations. Indirectly, through automated technologies such as cookies, or from third parties. On behalf of our Customers, when we process the personal data of their End Users as part of our Services. This is all explained in more detail below.

Information We Collect Directly From You

You can generally visit our Site without having to submit any personal information. If you request more information, or sign up for our Services, we will collect personal information as follows.

Event Attendee Information. We may collect personal information such as name, address, phone number and email address when participants register for or attend a sponsored Event or other events at which Vercel (and/or its affiliates or representatives) may be present. What information is collected depends on the Event, but any personal information that Vercel receives in connection with an Event is processed in accordance with this Privacy Policy.

Optional Information. We may also ask you to submit personal information if you choose to use interactive features of the Platform, including participation in surveys, promotions, requesting customer support, or otherwise communicating with us.

Information We Collect Indirectly

Device and Usage Information

When you download, use or interact with the Site, even if you do not have an account, we, or authorized third parties engaged by us, may automatically collect information about your use of the Site via your device, some of which is considered personal information. "Device and Usage Information" that we collect consists of:

Information About your Device: information about the devices and software you use to access the Site — primarily the internet browser or mobile device that you use, the website or source that linked or referred you to the Site, your IP address or device ID (or other persistent identifier that uniquely identifies your computer or mobile device on the Internet), the operating system of your computer or mobile device, device screen size, and other similar technical information.

Usage Information: information about your interactions with the Platform, including access dates and times, hardware and software information, device event information, log data, crash data, cookie data. This information allows us to understand the screens that you view, how you've used the Platform (which may include administrative and support communications with us), and other actions on the Platforms. We, or authorized third parties, automatically collect log data when you access and use the Platform, even if you have not created an account or logged in. We use this information to administer and improve the Services, analyze trends, track users' use of the Platform, and gather broad demographic information for aggregate use.Note that Device and Usage Information is collected from our community boards,.Based on Device and Usage Information, we are also able to determine general location information ("Location Information").

Location Information: we use a third-party database to map the general location to which each IP address corresponds ("Location Information"). The Location Information that is mapped from an IP address is limited to country and city – we do not identify precise location. We use Location Information in order to more effectively provide our Services to our Customers. In addition, as part of our Services, we also share Location Information (based on End Users’ IP addresses) to our Customers, so that they may also more effectively provide their products and services to their End Users.

Cookies and Similar Technologies

Vercel uses cookies and similar technologies. Through our use of cookies (and similar technologies), we or authorized third parties collect some Device and Usage Information. Some cookies are necessary to make the Site and our content available to you, while others are meant to improve the Site and enable us to analyze and measure audience and traffic. For more information on our use of cookies and the data that they collect, see our Cookie Policy.

Information from Third Parties

In some instances, we process personal information from third parties, which consists of data from our partners, such as information from third parties with whom we host or sponsor Events. In all such cases, individuals are informed of our processing activities and/or able to choose certain preferences at the time of collection. From time to time, we may combine information we collect as described above with personal information we obtain from third parties. For example, we may combine information entered through a Vercel sales submission with information we receive from a third-party sales intelligence platform to enhance our ability to market our Services to Customers or potential Customers. We also may collect information from third party websites where the specific data is made publicly available.

Information We Process on Behalf of Our Customers

As noted above, we provide other analytics tools for our Customers. These Customers may collect personal information from their End Users in connection with the products or services that they offer to End Users. Because we provide other analytics tools, we process End Users' information when they use our Customers' websites, web applications, and APIs. This information may also include, but is not limited to, IP addresses, system configuration information, and other information about traffic to and from Customers' websites (collectively, the "Log Data"), as well as Location Information derived from IP addresses. We do not, however, collect or process End Users’ IP addresses through the use of our analytics Services. All of this information is stored on our Platform as part of our Services, but Customers are responsible for the content transmitted across our network (e.g., images, written content, graphics, etc.), as well as any personal information they collect. Customers are also solely responsible for notifying their End Users of their personal information collection, use, and disclosure. With respect to Log Data, we collect and use Log Data to operate, maintain, and improve our Services in performance of our obligations under our Customer agreements. For example, Log Data can help us to detect new threats, identify malicious third parties, and provide more robust security protection for our Customers. It also helps us with improving our Platform, as explained below.


With the Device and Usage Information collected by our third-party analytics services, such as Google Analytics, as well as Log Data, we generate and process aggregated information, such as statistical or demographic data. Aggregated Information may be derived from personal data, but may not considered personal data if it does not directly or indirectly reveal your identity. For example, we may track the total number of visitors to our Platform, or review Log Data, or track the number of visitors to each page of our Site. We aggregate this data to calculate the percentage of users accessing a specific feature of the Platform and analyze this data for trends and statistics. We do not combine or connect Aggregated Information with your personal data so it will not identify you. Please see our Cookie Policy for more information.

Interactive and Public Spaces

The Platform may provide links Third Party Sites (as defined in the Links to Third Party Sites section below) that offer publicly accessible blogs, community forums, comments sections, discussion forums, or other interactive features ("Interactive and Public Spaces"). If you choose to participate in any of these Interactive and Public Spaces, please be aware that any information that you post may be read, collected, and used by others who access it according to the terms of such Third Party Sites.

How Do We Use Personal Information That We Collect

We use your personal information for a number of different reasons, as further explained below.In addition, for users located in the EEA and the UK, we must have a valid legal basis in order to process your personal data. The main legal bases under the European Union's General Data Protection Regulation (GDPR) that justify our collection and use of your personal information are: Performance of a contract — When your personal information is necessary to enter into or perform our contract with you. Consent — When you have consented to our use of your personal information via a consent form (online or offline). **Legitimate interests **— When we use your personal information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights. Legal obligation — When we must use your personal information to comply with our legal obligations. Legal claims — When your personal information is necessary for us to defend, prosecute or make a claim.Below are the general purposes and corresponding legal bases (in brackets) for which we may use your personal information:

When We Share Information

We only disclose your personal information as described below.

Third-Party Service Providers

Vercel discloses users' information to our third party agents, contractors, or service providers who are hired to perform services on our behalf. These companies do things to help us provide the Platform, and in some cases collect information directly. Below is an illustrative list of functions for which we may use third-party service providers:

Business Transfers

As we continue to grow, we may purchase websites, applications, subsidiaries, other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities and/or sell assets or stock, in some cases as part of a reorganization or liquidation in bankruptcy. As part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation or other corporate reorganization in which Vercel participates, or to a purchaser or acquirer of all or a portion of Vercel's assets, bankruptcy included.

Vercel Customers

When we act on behalf of our Customers (as a data processor or service provider), we may provide End Users' personal information to our Customers in order to comply with their requests, End Users' requests and/or regulator requests, among others. Occasionally, we will provide our Customers with aggregated information that does not identify End Users directly, in order to provide information about usage, demographics (such as location) or other general information.

Event Sponsors

If you are an Event Attendee that has registered for an Event with Vercel, such as the Next.js conference, we will provide your personal information to the Event sponsors. Such Event sponsors may use your personal information for their own direct marketing purposes and otherwise in accordance with the terms of the Event sponsors’ own privacy policies.

Anonymized Information

We share aggregated, automatically-collected or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) for business or marketing purposes; (iii) to assist us and other parties in understanding our users' interests, habits and usage patterns for certain programs, content, services, marketing and/or functionality available through the Platform. We do not share personal information about you in this case.

In addition, Vercel will preserve or disclose your personal information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a subpoena, warrant or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person and to protect the safety or security of our Platform or to prevent spam, abuse, or other malicious activity of actors with respect to the Platform; or (iv) to protect our rights or property or the rights or property of those who use the Platform.If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant or other judicial or administrative order, our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty). Note that if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), to be determined on a case-by-case basis.

This Privacy Policy applies only to the Platform. The Platform may contain links to other websites not operated or controlled by Vercel ("Third Party Sites"). The policies and procedures we describe here do not apply to Third Party Sites, and links to such Third Party Sites on the Platform do not imply that Vercel endorses or has reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies.

"Do Not Track"

Vercel does not respond to Do Not Track ("DNT") browser signals. For more information on DNT settings generally, please visit

How to Change Your Communication Preferences

To keep your information accurate, current, and complete, please contact us as specified below. We will take reasonable steps to update any information in our possession that you have previously submitted via the Platform. Note that you may also manage your communications preferences and the receipt of any commercial communication by clicking the "unsubscribe" link included at the bottom of all emails from Vercel. You may also adjust your preferences through your account settings if you have a Vercel account, or send an email to

Access and Accuracy

Vercel uses reasonable efforts to keep your personal information accurate. We will provide you with online access to your personal information so that you may review, update or correct personal information that we hold.Note that in order to protect your privacy and security, we will also take reasonable steps to verify your identity before granting you access or enabling you to make corrections. To access your personal information, please visit the relevant account management sections of our Platform. If you cannot access your personal information on the Platform, please send an email to

How Long Do We Keep Your Personal information?

General Retention Periods

We use the following criteria to determine our retention periods:

We retain personal information for as long as needed to provide our Services. We regularly delete other information that is less essential to the provision of our Services in order to minimize our storage of data. We also will retain personal information that we've collected from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements). Additionally, we cannot delete information when it is needed for the establishment, exercise or defense of legal claims (also known as a "litigation hold"). In this case, the information must be retained as long as needed for exercising respective potential legal claims.When we no longer have an ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.For any questions about data retention, please contact


In some instances, we may choose to anonymize your personal data instead of deleting it, for statistical use, for instance. When we choose to anonymize, we make sure that there is no way that the personal data can be linked back to you or any specific user.

Data Security And Integrity

We take steps that are reasonably necessary to securely provide our Platform. We have put in place reasonably appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We limit access to personal data only to those employees, agents, contractors and the third parties who have a business need-to-know.We also have procedures in place to deal with any suspected data security breach. If required, we will notify you and any applicable regulator of a suspected data security breach. We also require those parties to whom we transfer your personal information to provide acceptable standards of security.Notwithstanding, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Services may not be secure. Therefore, take special care in deciding what information you send to us via email. For any questions about the security of your information, please contact

Your California Privacy Rights

If you are a California resident, California Civil Code Section 1798.83 permits you to request in writing a list of the categories of personal information relating third parties to which we have disclosed certain categories of personal information during the preceding year for the third parties’ direct marketing purposes. To make such a request, please contact us at

Notice to Nevada Consumers

We do not sell your personal information within the scope of, and according to the defined meaning of, a "sale" under NRS 603A.

International Transfers

Vercel is a United States Delaware corporation with primarily storage of your information in the United States and the EEA. To facilitate our global operations, we may process personal information from around the world, including from other countries in which Vercel has operations, in order to provide the Platform. If you are accessing or using our Platform or otherwise providing personal information to us, you are agreeing and consenting to the processing of your personal information in the United States and other jurisdictions in which we operate. If you are a Customer, you are responsible for informing your End Users of how and where their personal data will be processed at the time of collection. With respect to personal data transferred from the EEA or the UK, Vercel relies on other mechanisms, including the Standard Contractual Clauses and consent, to transfer personal data that we receive from the EEA or the UK to Vercel in the United States.

Security. We maintain security measures to protect personal data as described in the section above entitled "Data Security And Integrity"

Access. Individuals in the EEA, the UK and Switzerland have certain rights to access, correct, amend, or delete personal data. Please see the section below entitled "Additional Information for Users in the EEA and the UK." for more information on the rights of users in the EEA and the UK (and, to the extent applicable, users in Switzerland). Note that when we process End Users' personal data as a data processor on behalf of our Customers, we will process such requests pursuant to our contract with our customer and our customers' instructions.

Recourse, Enforcement, Liability. With respect to personal data collected from individuals in the EEA and the UK (while Privacy Shield was in place) or Switzerland, , Vercel commits to resolve complaints about our processing of your personal data as set forth in the principles under Privacy Shield. Individuals in the EEA and the UK and Switzerland with inquiries or complaints should first contact Vercel by email at or via postal mail at 340 S Lemon Ave #4133, Walnut, CA 91789, with the subject "Attention: Privacy Shield". We have further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at For additional information, please visit We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to personal data received or transferred pursuant to the Frameworks.

Additional Information for Users in the EEA and the UK.

If the GDPR applies to you because you are in the EEA or the UK, you have certain rights in relation to your personal data:

The right to be informed: our obligation to inform you that we process your personal data (and that's what we're doing in this Privacy Policy);

The right of access: your right to request a copy of the personal data we hold about you (also known as a 'data subject access request');

The right of rectification: your right to request that we correct personal data about you if it is incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings);

The right to erasure (also known as the 'right to be forgotten'): under certain circumstances, you may ask us to delete the personal data we have about you (unless it remains necessary for us to continue processing your personal data for a legitimate business need or to comply with a legal obligation as permitted under the GDPR, in which case we will inform you);

The right to restrict processing: your right, under certain circumstances, to ask us to suspend our processing of your personal data;

The right to data portability: your right to ask us for a copy of your personal data in a common format (for example, a .csv file);

The right to object: your right to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and

Rights in relation to automated decision-making and profiling: our obligation to be transparent about any profiling we do, or any automated decision-making.These rights are subject to certain rules around when you can exercise them.

Customers, Site Visitors and Event Attendees in the EEA or the UK.

If you are located in the EEA or the UK and you are a Customer, Site Visitor or Event Attendee, and wish to exercise any of the rights set out above, you may contact us at using the term "DSR" as your email subject line.You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under those circumstances. If we cannot reasonably verify your identity, we will not be able to comply with your request(s). We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Note that this is especially true when you engage a third party to assist you in exercising your rights. We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law. In addition, we will always balance your rights against those of other data subjects in connection with any requests, and in some cases this may require us to redact our responses or deny a request.

If you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing our Services.Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first.

End Users in the EEA or the UK.

Vercel has no direct relationship with End Users. Our Customers are solely responsible for ensuring compliance with all applicable laws and regulations with respect to their End Users, and this includes handling all data subject requests. We rely on our Customers to comply with the underlying legal requirements and respond directly to End Users when End Users wish to exercise the rights set forth above. However, if an End User sends a request to Vercel to access, correct, update, or delete his/her information, or no longer wishes to be contacted by a Customer that uses our Services, we will direct that End User to contact the Customer's website(s) with which he/she interacted directly, and cooperate with our Customers as required by applicable law in order to ensure that our Customers satisfy their End Users' requests.

European Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Vercel has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by: Using EDPO's online request form at; or Writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

UK Representative

Pursuant to the UK GDPR, Vercel has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR: Using EDPO's UK online request form at; or Writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.

Contact Us

If you have any questions or suggestions regarding this Privacy Policy, please contact us at

Last update: December 8th, 2021