Threat Stack Privacy Notice

Threat Stack is committed to protecting your privacy through our compliance with the policies and practices in this notice.

This notice describes the types of information we may collect from you or that you may provide to us when you visit our website at https://www.threatstack.com or use the Threat Stack technology platform online in connection with your organization’s customer relationship with Threat Stack. In this notice we refer to our website and the online-accessible parts of our platform collectively as the “Site.” This notice also describes our practices for collecting, using, maintaining, protecting, and disclosing that information. Your use of the Site is subject to our terms of use, available at https://www.threatstack.com/terms, and/or other written agreement between you or your organization and us.

This notice applies to information we collect:

• on or through the Site;
• in email, text, or other electronic messages between you and us or others in your organization through the Site; and
• through mobile and computer applications you access, enable or integrate through the Site.

It does not apply to information collected by:

• us offline or through any other means, including on any other website; or
• any third party, including through any application or content that may link to or be accessible from the Site.

By accessing or using the Site, you agree to the policies and practices described in this notice. If you do not agree with our policies and practices as described in this notice, you may not use the Site. We may change this notice from time to time. Your use of the Site at any time indicates your acceptance of the version of this notice posted on the Site at such time, so please check this notice periodically for updates.

Children Under the Age of 13

The Site is not intended for use by children under 13 years of age, and we do not knowingly collect any information from or about children under 13. If you are under 13, do not use the Site for any reason. If we discover that we have collected or received personal information from or about a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information about a child under 13, please contact us at [email protected].

Information We Collect About You

We collect several types of information from and about users of the Site, including information:

• by which you may be personally identified, such as name, e-mail address or other contact information, or any other identifier by which you may be contacted online or offline (“personal information”); and
• that is related to you but individually does not identify you, such as information about your internet connection, the equipment you use to access the Site and usage details.

We collect this information:

• directly from you when you provide it to us;
• automatically as you navigate through the Site, such as usage details, IP addresses, and information collected through cookies and other tracking technologies; and
• from third parties you have authorized to share it with us.

Information You Provide to Us

The information we collect on or through the Site may include:

• information you provide by filling in forms or making other affirmative choices on the Site, including information you provide when you register to use the Site or send us a request or report a problem with the Site; and
• details of transactions you carry out through the Site.

If you use features of the Site that are designed to be shared, such as with other users in your organization, or if you participate in an event that includes other individuals, such as other users in your organization or other participants in a user community or discussion forum, you also may provide information to be posted or otherwise shared with such other individuals (collectively, “User Contributions”). Your User Contributions are posted and/or transmitted at your own risk. We limit access to certain areas of the Site according to our your or your organization’s configuration settings, but you acknowledge that no security measures are perfect or impenetrable. In addition, you acknowledge that we cannot completely control the actions of other users of the Site with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed, copied or stored by unauthorized persons.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with the Site, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

• details of your visits to the Site, such as traffic data, logs, navigation data and other communication data and the resources that you access and use on Site; and
• information about your computer and internet connection, including your IP address, operating system, and browser type.

The information we collect automatically is statistical data and may include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties. This information helps us to:

• understand our user base and usage patterns;
• store information about your preferences, allowing us to customize our Site;
• improve the Site and deliver better service; and
• recognize you when you return to the Site.

The technologies we use for automatic data collection may include:

• Browser cookies. A browser cookie is a small file placed on the storage unit of your device. You may refuse to accept browser cookies by adjusting the settings on your browser, and you may delete cookies that have already been placed there. However, if you refuse or delete our browser cookies, you may be unable to access certain parts of the Site or have to re-enter information in order to use the Site.
• Flash cookies. A Flash cookie is a local stored object we may use to collect and store information about your preferences and navigation to, from, and on the Site. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, please visit the Flash settings area of the Adobe Systems website at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html.
• Web beacons. Pages of the Site may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and for other related website statistics.

Third-Party Use of Tracking Technologies

Some features on the Site are served by third-parties. For example, we may use Google Analytics to help us understand how our Site is used. These third parties may use cookies or other tracking technologies to collect information about you when you use the Site. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about any targeted content on the Site, please contact the responsible provider directly. You can read more about Google Analytics at https://policies.google.com/privacy/partners.

How We Use Your Information

We use information that we collect about you or that you provide to us:

• to present the Site and its contents to you;
• to provide you with information, products, or services that you request from us
• to fulfill any other purpose for which you provide it;
• to provide you with notices about your account or about changes to the Site;
• to meet our obligations and enforce our rights under contracts entered into between you or your organization and us;
• to allow you to participate in interactive features on the Site;
• in any other way we may describe when you provide the information; and
• for any other purpose with your specific consent.

We may also use your information to contact you about our own products and services that may be of interest to you. If you do not want us to use your information in this way, you can elect not to be contacted for this purpose by contacting us at [email protected].

Disclosure of Your Information

We may disclose aggregated, anonymized information about our users without restriction.

We may disclose personal information that we collect or you provide as described in this notice:

• to fulfill the purpose for which you provide it;
• to service providers, such as payment processors, we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them;
• to a buyer or other successor of our company in the event of a merger, acquisition, sale of assets or other major corporate event in which the Site is among the transferred assets;
• for any other purpose disclosed by us when you provide the information;
• for any other purpose with your consent;
• to comply with any court order, law, or legal process, or to enforce or apply our terms of use or other agreements between you or your organization and us; or
• if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Threat Stack or its personnel, customers, or others.

Choices About How We Use and Disclose Your Information

If you do not want us to share your personal information with unaffiliated or non-agent third parties for promotional purposes, you can opt-out by contacting us at [email protected].

We do not control third parties’ collection or use of your information from other sources to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative its website link to http://optout.networkadvertising.org/?c=1#!/.

Accessing and Correcting Your Information

You can review and change certain elements of your personal information by logging into the Site and visiting your account profile page.

You may also send us an email at [email protected] to request access to, correct or delete any personal information that you have provided to us. We cannot delete all of your personal information except by also deleting your user account. We may not accommodate a request to delete or change information if we believe the deletion or change would violate any law or legal requirement or cause the information to be incorrect or if we have a separate legal basis for possessing and processing such information, such as to fulfill the terms of a contract between you or your organization and us.

Data Retention

We retain personal data only for as long as reasonably required for the purpose for which it was collected or to which you have given your consent. Your personal information that we use for marketing purposes will be kept until you notify us at [email protected] that you no longer wish to receive marketing communications from us.

Data Security

We have implemented reasonable and appropriate measures to secure your personal information from accidental loss and from unlawful or unauthorized access, use, alteration, and disclosure. You can read more about our specific security measures at the security page on the Site at https://www.threatstack.com/security. The Site is hosted on secure servers provided by our hosting services provider in the United States (“US”).

The safety and security of your information also depends on you. For example, where we have given you (or where you have chosen) a password for access to certain parts of the Site, you are responsible for keeping this password confidential.

EU Data Privacy Laws

The Site is located in the US, and while we provide our intrusion detection services to customers throughout the world, we handle certain customer data in the US. We recognize that the European Union (“EU”) has established strict protections regarding the handling of personal data originating in the EU, including requirements to protect fundamental rights and freedoms of individuals and to provide adequate protection for EU personal data transferred outside of the EU. We are committed to processing personal data in accordance with our obligations as a data “processor” or “subprocessor” under applicable EU data protection laws. If your organization is based in the EU or is otherwise directly or indirectly subject to EU data protection laws, including Regulation 2016/679 (the “General Data Protection Regulation”), we have executed, or upon request by your organization will execute, and have otherwise committed to comply with the applicable standard contractual clauses approved by the European Commission related to our processing or subprocessing of personal data in connection with the services we provide to your organization as our customer. For our customers to which such EU data protection laws apply, these requirements under include:

• processing personal data only in compliance with our customers’ instructions, and promptly informing them if we cannot comply;
• promptly notifying our customers if we have any reason to believe that law applicable to us would prevent us from complying with our customers’ processing instructions;
• implementing and maintaining specific and appropriate technical and organizational security measures to protect personal data;
• promptly notifying our customers about any legally binding request for disclosure of personal data by law enforcement, or any accidental or unauthorized access to any personal data, or any request received by us from an EU-based individual whose personal data we may be processing pursuant to the customers’ instructions;
• submitting our data processing facilities to audit by our customers;
• providing a copy or summary of the applicable contract between us and our customer to individuals who are unable to obtain such a copy or summary directly from their organization;
• obtaining consent from our customers for our use of any service providers who will be processing any personal data; and
• ensuring that any such service providers agree in writing to comply with these requirements.

Changes to Our Privacy Policies and Practices

We will inform you of any changes we make to our privacy policies and practices that affect this notice by posting an updated notice on this page on this page. The date this notice was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting the Site and this notice to check for any changes.

Contact Information

To ask questions or comment about this notice and our privacy policies and practices, please contact us at: [email protected]. For information about personal information provided to us by or through your organization, please contact the appropriate representative at your organization.