Last Update: 31 December 2022
This Privacy Notice describes the manner in which Redacted, Inc. and its affiliates (collectively “Redacted”) collect, use, maintain, and disclose information from users of our websites and from the use of our products and the performance of our services (“Offerings”).
Redacted abides by consent provided by its customers and, in processing personal data it receives from the European Union (“EU Data”) and Switzerland (“Swiss Data”), adheres to the EU-U.S. and Swiss-U.S. Privacy Shield Framework Principles issued by the U.S. Department of Commerce (“Principles”). For more information about the Principles, please visit the Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov/welcome.
Please direct any inquiries or complaints regarding our compliance with the Principles to the point of contact listed in the “Contact Us” section below. If Redacted does not resolve your complaint, you may submit your complaint free of charge to JAMS, Redacted’s designated Privacy Shield dispute resolution provider located in the United States. Under certain conditions specified by the Principles as described here, you may also be able to invoke binding arbitration to resolve your complaint. Redacted is subject to the investigatory and enforcement powers of the FTC. If Redacted shares EU Data or Swiss Data with a third-party service provider that processes the data solely on Redacted’s behalf, then Redacted will be liable for that third party’s processing of EU Data or Swiss Data in violation of the Principles, unless Redacted can prove that it is not responsible for the event giving rise to the concern.
Data Collection and Use
Information that Redacted collects and uses may include, among other things, the Internet Protocol (IP) address, browser information, device ID, type of computer, and technical information about a user’s means of connection to our websites such as the operating system, the Internet service providers utilized, and other similar information. Depending on whether the user is attempting to gain access to a particular website feature, we collect and use usernames, passwords, and other login credentials to support usability and security.
We may use the information, including personal information, that we collect from users of our websites for a number of reasons, including but not limited to the following purposes:
- Operate, secure, support, personalize, and improve our websites
- Provide requested information and Offerings
- Conduct security assessments
- Send periodic emails
We may transfer or provide access to personal information obtained through our websites to individuals or companies that help us provide, operate, support, maintain, secure, and improve our websites and Offerings.
Redacted has numerous Offerings, including but not limited to risk-management and threat intelligence subscription services. All of our Offerings are centered on our mission to provide cutting-edge security solutions to our customers.
Most of the information Redacted collects through its Offerings is metadata, for example, data about how and when a device or network is being used, login times and attempts, types and versions of operating systems, browsers, and information about software applications. Some of the data we collect may be considered personally identifiable information depending on the laws of the location where it is collected, such as IP addresses. In some cases, we collect personally identifiable information as it may appear within usernames, filenames, file paths, and machine names; however, we use the data that we collect through our Offerings to help our customers and improve our capabilities in the ways described above.
An important type of data we detect and collect, analyze, and use through our Offerings (or enable our customers to provide to us) is information about malicious actors, for example, malware and URLs where such actors try to send data. We often discover this type of information from analyzing samples customers provide to us or from the data we collect through our Offerings. We use the information we collect about adversaries to help all of our customers; however, when we share information that we learn about malicious actors, we don’t identify customers or individuals, other than, of course, the malicious actors.
To the extent Redacted collects personal information through its Offerings, Redacted collects that information under the authority and direction of its customers, which often are corporate entities. Redacted typically has no direct relationship or contact with an individual whose personal information we may collect or receive from a corporate customer and subsequently analyze and use. Regardless, the use of information collected through our Offerings shall be limited to the purpose of providing the service for which our customers have engaged Redacted. We do not use personal information collected through our Offerings to contact or market products or services to these individuals. We also do not provide personal information obtained through the Offerings to third parties for the purpose of contacting or marketing products or services to these individuals.
If you are an individual who would no longer like to be contacted by one of our customers, please contact the customer that you interact with directly. An individual who seeks access, or who seeks to correct or delete personal information, should direct his/her query to Redacted’s customer, the original data controller. If our customers request Redacted to correct or delete the personal information, we will respond within a reasonable timeframe. We will retain the personal information we process on behalf of our customers for as long as needed to provide services to our customers, comply with our legal obligations, resolve disputes, and enforce our agreements.
We may transfer personal information to companies that help us provide our service. Such transfers to third parties are covered by the service agreements with our customers.
When you apply for a job with us, including in response to a job opening posted by us, we will collect and process your personal information. We may use third parties and online applications (e.g., Workable, Checkr) to process your personal information on our behalf. If you apply through certain job sites, those partners may also use your data in accordance with their own privacy notice. We may collect your personal information in a variety of ways, including through the online application process, through documents you provide to us, from interviews or references, and background checks. We and our service providers working on our behalf will use your personal information for the purpose of evaluating your application.
How We Protect Your Information
The security of customer data and your personal information is part of our core mission. We adopt data collection, storage and processing practices, and security measures to protect against unauthorized access, alteration, disclosure or destruction of customer data and your personal information. We take measures to protect customer data and the personal information collected and submitted to us, both during transmission and once we have received it. If you have questions about the security of your personal information collected through our Offerings or websites, you can contact us at [email protected]
Retention of Personal Information
We will retain your personal information for as long as needed to fulfill the purpose for which we collected it and for a reasonable period thereafter in order to comply with audit, contractual, technical, or legal requirements. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may retain aggregated or de-identified data indefinitely or to the extent allowed by applicable law.
User Access and Choice
You may request that we limit our use and disclosure of your personal information by emailing us at [email protected]. When contacting us, please provide us with detailed information about the personal information that is the basis of your request and the manner in which you wish for us to limit our use and/or disclosure of that personal information. You may also request access to your personal information and request that we correct, update, amend, or remove your personal information that you know or have reason to believe is in our possession by emailing us at [email protected]. When contacting us, please provide us with detailed information about the personal information you are requesting we correct, update, amend, or remove, and the timeframe and manner in which you believe we came to collect it. If we obtained your personal information from a customer or third party acting on your behalf, you will have to contact the company or person to whom you provided your information to.
In certain circumstances, we may be required by law, our auditors, or other legitimate business purposes to keep information about you. For the safety and security of you and others, we may also need you to provide verification of your identity and your relationship to the personal information that is the basis of your request in order to process your request.
Sharing Your Personal Information
We do not sell, trade, or rent the personal information we collect from our websites to others. When we collect personal information through our Offerings, it is made available to the Redacted customer who was the source of the information, and we use it as described in this Privacy Notice. We may use third-party service providers to help us operate our business or who provide support, maintain, or secure our Offerings and our websites. It may be necessary to provide or allow access to your personal information to these third-party service providers for those purposes. In addition, we provide information regarding our business to our auditors and legal counsel and, in some cases, that information may contain personal information, but they may only use it for the purpose of providing their professional services.
We may also disclose your personal information as required by law, such as to comply with a subpoena or similar legal process; or when we believe that disclosure is necessary or appropriate to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. We may transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets. Redacted’s mission is worldwide, and therefore, we may store information in the United States and other locations worldwide where we, or our service providers, have facilities. This Privacy Notice does not pertain to personal information of Redacted employees.
Changes to this Privacy Notice
Redacted may update this Privacy Notice at any time to reflect changes to our information practices. If we make significant changes in how we use your personal information, we will notify you by email if feasible or by means of a notice on this website. We encourage you to periodically review this page for the latest information on our privacy practices.
Your Agreement to this Privacy Notice
By using our Offerings and Websites, you are agreeing to our practices described in this Notice, which includes the collection and use of your personal information worldwide. Your continued use of our Offerings and Websites following the posting of changes to this Privacy Notice will be deemed your acceptance of those changes.
If you have any questions about this Privacy Notice or our privacy practices, please contact us at: [email protected]
The following Terms and Conditions apply to services provided by Redacted, Inc. (“Redacted”). By executing an Engagement Agreement and/or accepting Services provided pursuant to a Statement of Work, you indicate your acknowledgement and acceptance of these Terms and Conditions. These Terms and Conditions will be updated from time to time; you will be notified of such modifications. Statements of Work Statements of Work. Pursuant to an Engagement Agreement, Redacted may agree to perform certain services (“Services”) for a Company (“Company”).