Privacy policy

At WSO2, we recognize that privacy is important. This privacy policy applies to the Ballerina sites and services offered at https://ballerina.io/, Ballerina Central, Ballerina Blog, and any other site to which a link to these terms may appear. We’ve set out below the details of how we collect, use, share, and secure the personal information you provide. “You” or “Your” means the person visiting the Ballerina sites (the “Sites”) or using any services on it. “We,” “us,” and “our” means WSO2 LLC.

California residents may view WSO2's California-specific privacy policy at https://wso2.com/california-privacy.

What information do we collect?

  1. Information you share with us

    When you register on the Ballerina Sites for updates or sign up for an event or service, or when you log in through single-sign-on through certain designated federated identity providers mentioned on the Sites, we may ask that you submit some or all of the following information:

    • Name
    • Email address
    • Profile picture
    • Language preference

    You may choose to visit our site anonymously without providing any of the above information. However, some services on our site may require that such details be entered on a mandatory basis. This is because those details are essential for us to be able to provide you with those services.

  2. Information collected automatically from your devices

    We also collect certain standard information that Your browser sends to every website you visit, such as your IP address, browser type, and language, access times, and referring website addresses. Our website may also place certain cookies to help you access our sites, and to track and analyze Your actions on our website such as navigation, number of visits, downloads, and search items to gain a better understanding of our visitors and their movements through the site. Please see our cookie policy on how we use and store cookies.

  3. Information received from third parties

    We may also receive Your personal data from other sources, including service providers, partners, and publicly available sources. Examples of these sources are event organizers of events we sponsor, sponsored content providers, and our partners, who pass on prospective customers to us.

Why do we collect your information?

The information we collect from you may be used to:

  • Provide services: We use Your personal data to perform the services you request (for instance, if you’ve filled in a Contact Us form, we use Your information to get in touch with you).
  • Support and improve WSO2 offerings: We use Your personal data to improve our Sites and services. We continually strive to improve our website offerings based on the type of content our users click on or download. We also monitor usage to fix issues and to make improvements to our services or to provide offerings more relevant to You.
  • Carry out analysis: We sometimes require Your personal data to analyze the ways in which our products and services are used or downloaded, what features are effective or popular, whether our marketing campaigns reach our intended audiences, and to track lead generation for our sales process.
  • Account creation and communication: We use Your data to create Your online profile, which we create for every user who registers on our Site or for a service, and to send You communications about updates and changes to Your account or services.
  • Marketing: To send marketing material, event invitations, and updates. You may opt out of these at any time.
  • Contests and surveys: To administer a contest, survey, or other site feature.
  • Fraud and abuse detection: We use Your personal information to prevent and detect fraud and abuse in order to protect our users.
  • Compliance with legal obligations: Sometimes, we may have a legal obligation to collect, use, or record Your personal data, such as when you make a payment or submit a data subject request.

How do we process your data?

We will only collect and process personal data about You where we have lawful bases for doing so. In the majority of cases, processing will be justified on the basis that:

  • You have consented to the processing;
  • The processing is necessary to perform a contract or to take steps to enter into a contract;
  • The processing is necessary for us to comply with a relevant legal obligation; or
  • The processing is in our legitimate commercial interests and necessary for us to administer our business, subject to Your interests and fundamental rights.

Where we rely on Your consent to process personal data, You have the right to withdraw or decline Your consent at any time, and where we rely on legitimate interests, You have the right to object. If You have any questions about the lawful bases upon which we collect and use Your personal data or wish to withdraw consent or object, You can submit a request via dpo@wso2.com or through the details listed in the Information about data controllers, processors, and how to contact us section below.

Who is your information shared with?

We do not sell, trade, or otherwise share your information with outside parties. However, we do share your information with our subsidiaries, affiliates, service providers, and partners who assist us in operating our website, conducting our business, or servicing you.

We sometimes need to give our service providers who help us run our website and services access to the data we have in order for them to perform those services. They are only authorized to use information that is strictly relevant for them to perform their tasks, and we ensure that they are under obligations of confidentiality to us so that your data is secure. For a full list of third-party service providers used by Ballerina (processors), please visit Ballerina processor list.

We may share your data with our subsidiaries or affiliates within our corporate group. WSO2 ‘s parent company is WSO2 LLC, which is located in the United States of America. Our affiliates are WSO2 UK Limited (located in the United Kingdom), WSO2 Lanka (Private) Limited (located in Sri Lanka), and WSO2 Brasil Tecnologia E Software Ltd (located in Brazil) and any other affiliates set out in our Contact us page. We share information within this group because these entities also carry out support, marketing, account management, and technical operations for WSO2 that are relevant to the provision of the website and services.

Cross-border data transfers

WSO2 operates globally, with businesses both inside and outside of the European Economic Area ("EEA"), UK and Switzerland. We may transfer Your Personal Data to countries other than the one in which You live, including transfers to the United States and other countries where we or our affiliates, subsidiaries or service providers (among others) maintain facilities. We maintain regional data centres in the USA. Additionally, third-party service providers who handle data on our behalf may be based in locations around the world. For these reasons, Your personal information may be transferred to other countries both inside and outside of the UK, EEA and Switzerland. As privacy laws in other countries may not be equivalent to those in Your home country, we only make arrangements to transfer data overseas where we are satisfied that adequate levels of protection are in place to protect any information held in that country or that the service provider acts at all times in compliance with applicable privacy laws. Where required under applicable laws, we will take measures to ensure that personal information handled in other countries will receive at least the same level of protection as it is given in your home country.

Where we transfer Your personal information to countries and territories outside of Europe and the UK which have been formally recognized as providing an adequate level of protection for personal information, we rely on the relevant “adequacy decisions” and “adequacy regulations” from the European Commission, UK and Swiss authorities. Where the transfer is not subject to an adequacy decision, we take appropriate safeguards to ensure that Your personal information will remain protected in accordance with applicable laws. These safeguards include implementing the European Commission’s Standard Contractual Clauses as issued on 4 June 2021 under Article 46(2) GDPR for transfers originating in the EU, UK Addendum under Article 46(2) of the UK GDPR for the transfer of data originating in the UKand safeguards specified under Article 16(2) of the revised Swiss Federal Act on Data Protection.

WSO2 complies with the EU-U.S. Data Privacy Framework (“DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. WSO2 has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom in reliance on the UK Extension to the EU-U.S. DPF. WSO2 has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

WSO2’s accountability for personal information it receives under the EU-U.S DPF UK Extension to the EU-U.S DPF and the Swiss-U.S. DPF and subsequently transfers to a third party is described in the EU-U.S. DPF, UK Extension to the EU-U.S. DPF Principles and the Swiss-U.S. DPF. In particular, WSO2 remains responsible and liable under the EU-U.S. DPF, UK Extension to the EU-U.S and the Swiss-U.S. DPF. DPF Principles of third-party agents that it engages to process the Personal Information on its behalf do so in a manner inconsistent with the Principles, unless WSO2 proves that it is not responsible for the event giving rise to the damage.

In compliance with the EU-U.S. DPF, UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, WSO2 commits to resolve DPF Principles-related complaints about our collection and use of Your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF,UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, should first contact us as specified in the Dispute Resolution Mechanism section.

Pursuant to the DPF Program, EU, UK and Swiss individuals have the right to exercise their rights under the GDPR, UK GDPR and the Swiss Federal Act of Data Protection in accordance with the section “Your Rights to Your Data and How to Manage Your Preferences”.

We may also release Your information when we believe release is necessary to comply with the law subject to our Governmental and law enforcement Data Access Policy, enforce our privacy policy or protect our or others’ rights, property, or safety.

Further, WSO2 will be processing personal data from data subjects in Brazil in the circumstances stated in this policy. Such Personal data is processed in accordance with Brazilian Data Protection Law (LGPD) (As amended by Law No. 13,853/2019). International Data Transfer of Personal Data from Brazil to other jurisdictions will be governed by the Standard Contractual Clauses (SCCs) introduced in an annex to the International Data Transfer Regulation (Resolution CD/ANPD No. 19/2024). Data subjects in Brazil may exercise their rights under the LGPD in line with the section ‘Your Rights to Your Data and How to Manage Your Preferences.

Dispute resolution

In compliance with the DPF Principles, we commit to resolving complaints about our collection or use of Your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our DPF policy should first reach out to us using the information in the “Information About Data Controllers, Processors and How to Contact Us” section below.

WSO2 has committed to refer unresolved DPF complaints to JAMS, an alternative dispute resolution provider located in the United States. If You do not receive timely acknowledgement of Your complaint from us, or if we have not addressed Your complaint to Your satisfaction, please contact or visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to You. Under certain conditions, more fully described on the DPF website, You may invoke binding arbitration as set forth in Annex I of the DPF Principles when other dispute resolution procedures have been exhausted.

Within the USA, we are also subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Security of your data

We implement security safeguards designed to protect your data such as HTTPS. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send us. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

How long do we keep your data?

We may retain your information for a period of time consistent with the original purpose of collection. For instance, we may retain your information during the time in which you have an account to use our website or services. We also may retain your information during the period of time needed for WSO2 to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes, and enforce our agreements. At the end of these periods, we ensure that your data is deleted or pseudonymized securely using an industry-standard methodology.

Your rights to your data and how to manage your preferences

WSO2 acknowledges your right to access your data. If information pertaining to you as an individual has been submitted to us, then you have the right to access, correct, or edit your data. If you wish, we can provide all the personal information on our records to you or to someone you nominate in a portable format as well. Our contact details are provided at the bottom of the page, or you may submit a request through dpo@wso2.com. All you have to do is request, and we are happy to help.

You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g. if your personal data is inaccurate or unlawfully held).

You may also choose to delete your data from our website at any time you choose and unsubscribe from any Ballerina mailing lists you are on. You can unsubscribe from our marketing emails by clicking on the unsubscribe link which is at the bottom of our marketing emails or by sending an email to dpo@wso2.com. Please note that deleting your data may affect the provision of some services.

We only ever retain your personal data even after you have ceased using our services, requested to unsubscribe or delete your data only if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or fulfill your request to "unsubscribe" from further messages from us.

Third-party offerings and services

At our discretion, we may include or offer third-party products or services on our Site. These third-party sites have separate and independent privacy policies. We have no responsibility or liability for the content and activities of these linked sites. We encourage you to review the privacy statements of those websites to understand how your data is secured by them. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Information about our website

This privacy policy applies only to information collected through the Sites and not to information collected offline. Please also visit our terms of service relating to use, disclaimers, indemnities, and limitations of liability governing the use of our site and services.

Information about data controllers, processors, and how to contact us

In relation to this website, the Controller of your data is WSO2 LLC, USA. However, where we provide products or services that we have indicated are subject to their own terms, we may only be a Processor of your data with regard to such products or services.

If you are located within the European Union or the European Economic Area, WSO2 Germany GmbH, based in Germany, is the EU representative of WSO2 LLC. You may contact our Data Protection Officer by sending an email to dpo@wso2.com or by post at: WSO2 Germany GmbH, Maximiliansplatz 22, c/o Bird & Bird LLP, 80333 Munich.

If you have any issues with regard to your data on our website, then in addition to informing us, you also have the right to write directly to the independent data protection monitoring organization in your country.

Changes to our privacy policy

We reserve the right to amend this privacy policy at any time. We will not send individual email notifications on the updates. Any amendments will be posted on this page. You are therefore encouraged to visit this page periodically.

By using the Sites, you consent to our privacy policy and any revisions thereto. If you do not agree with our privacy policy or any changes we make to it, you may delete your profile.

Effective April 09, 2026