Thank you for visiting the Invicti Security website. We develop web application security solutions, and we are committed to protecting the privacy and security of your personal information. We also believe in transparency, and this Policy explains how we treat your personal data. Please read this Policy carefully to learn more about how we process personal information and what rights you may have under applicable law.
When does this Policy apply? This Policy describes our practices for the personal information for which we are a “data controller” under applicable law. This includes information collected when you visit our websites that display a link to this Policy (the “Sites”) or when you communicate with us. It includes our Cookies and Similar Technologies Policy and our California Privacy Rights page.
This Policy does not apply when you purchase our solutions or when we process personal data on behalf of a customer. For information about a customer’s data practices, please contact the customer directly. We are not responsible for our customers’ privacy or security practices.
HOW DO WE COLLECT AND USE PERSONAL INFORMATION?
We collect the following types of personal data for the uses and purposes listed below. You may choose not to provide us with any personal information, but you will not be able to access portions of the Sites that require personal information.
|Category||Description and Purpose|
|Contact Information||If you contact us or submit a question via our Sites, request a demo, or otherwise inquire about our products or services, we collect your name, company name, work email address, and phone number.We process Contact Information to provide our products and services to you, to provide customer support, to ensure the privacy and security of our Sites, products, and services, to maintain our databases and back-ups, to manage our relationships with you, to communicate with you, and to keep records of our communications with you. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Sites and business, the proper management of our customer relationships, and direct marketing, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.|
|Account Registration Information||When you register with us, we collect your Contact Information, your company website URL, and a record of the products and services for which you have registered.We process Account Registration Information to provide our products and services to you, to provide customer support, to ensure the privacy and security of our products and services, to maintain our databases and back-ups, to manage our relationships with you, to communicate with you, and to keep records of our communications with you. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Sites and business, the proper management of our customer relationships, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.|
|Communications and Inquiries||If you contact us, in addition to your Contact Information, we will receive the subject matter of your message and any comments, content, or other information that you choose to provide.We process Communications and Inquiries to provide our products and services to you, to provide customer support, to ensure the privacy and security of our Sites, products, and services, to maintain our databases and back-ups, to manage our relationships with you, to communicate with you, and to keep records of our communications with you. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Sites and business, the proper management of our customer relationships, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.|
|Device and Usage Information||When you visit our Sites, we automatically collect information from your browser and your device. This information includes the internet browser that you use, the website or source that linked or referred you to the Platform, your IP address or device ID (or other persistent identifier that uniquely identifies your computer or mobile device on the Internet), the operating system of your computer or mobile device, device screen size, and other similar technical information. We also receive information about your interactions with the Platform, including access dates and times, hardware and software information, device event information, crash data, cookie data, aggregated scan data or vulnerability data, and feature usage data.We process Device and Usage Information to operate the Sites, to serve you the content and functionality you request, to ensure the privacy and security of our Sites, to develop new services, to enhance your experience and provide you with a more personal and interactive experience, and for usage analytics purposes. The legal basis for this processing is our legitimate interests in monitoring and improving our Sites.|
Other Processing Activities. We may also process personal information when necessary for the following:
- The establishment, exercise, or defense of legal claims, whether in court, administrative, or other proceedings. (The legal basis for this processing is our legitimate interest in the protection and assertion of our legal rights, your legal rights, and the legal rights of others.)
- Obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice (The legal basis for this processing is our legitimate interest in the proper protection of our business.)
- Purposes that are consistent with, related to and/or ancillary to the purposes and uses described in this Policy for which your personal information was provided to us.
We may process your personal information in connection with any of the purposes and uses described in this Policy on one or more of the following legal grounds:
- Because it is necessary to perform the services you have requested or to comply with your instructions or other contractual obligations between you and us;
- To comply with our legal obligations as well as to keep records of our compliance processes;
- Because our legitimate interests, or those of a third-party recipient of your personal information, make the processing necessary, provided those interests are not overridden by your interests or fundamental rights and freedoms;
- Because you have chosen to publish or display your personal information on a public area of the Sites, such as a comment area;
- Because it is necessary to protect your vital interests;
- Because it is necessary in the public interest; or
- Because you have expressly given us your consent to process your personal information in a particular manner.
We do not use personal information for making any automated decisions affecting or creating profiles other than as described herein.
Data Sources. In general, we receive information from you. However, we also receive marketing leads from our lead generation partners. We also receive and process transactional data from providers of payment services.
Location of Processing. We are headquartered in the United States, and personal information is transferred to, stored in, and processed in the United States as well as other countries in which we or our affiliates, partners, service providers, or agents maintain facilities. By sending us personal information or using the Sites, you agree and consent to the processing of your personal information in locations such as the United States, which may not offer the levels of protection required in other countries. We rely on recognized legal bases to lawfully conduct cross-border/international transfers of personal information, such as express consent, when transfer is necessary for us to deliver services pursuant to an agreement, or when the transfer is subject to safeguards that assure the protection of the personal information.
HOW DO WE SHARE YOUR PERSONAL INFORMATION?
We only disclose your personal information as described below:
|Corporate Affiliates||We share personal information with our corporate subsidiaries and affiliates and with their respective officers, directors, employees, accountants, attorneys and agents.|
|Acquisitions and Similar Transactions||As we continue to grow, we may purchase websites, applications, subsidiaries, and other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, reorganize, and/or sell assets or stock, in some cases as part of a reorganization or liquidation in bankruptcy. As part of these transactions, we may disclose personal information with a successor entity or a purchaser.|
|Disclosures with Your Consent||We may ask if you would like us to share your personal information with other unaffiliated third parties who are not described elsewhere in this Policy. We will only disclose your personal information in this context with your consent.|
|Legal Obligations and Rights||We disclose personal information in response to subpoenas, warrants, court orders or other legal process, or to comply with relevant laws. We may also share personal information in order to establish or exercise our legal rights, to defend against a legal claim, and to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of contract. We may also disclose personal information as needed to protect vital interests.|
|Service Providers||We share personal information with our agents, contractors, and service providers. Among other things, service providers help us to administer the Sites; support our provision of products and services; send marketing communications; provide technical support; and assist with other legitimate purposes permitted by law. As examples, this includes hosting and content delivery network services, analytics services, CRM providers, lead generation partners, marketing and social media partners, customer support services, and functionality and debugging services. We also use a third-party payment processor for all payments made to us. We do not receive any credit card numbers, and all such information is provided directly to our payment processor.|
|Business Partners||We share marketing leads with our business partners who market and resell our products, and they share leads with us.|
|Professional Advisors||We share personal information with our insurers and other professional advisors, including attorneys, accountants, consultants, and auditors, that need access to your information to provide operational or other support services on our behalf.|
|Deidentified or Aggregated Data||We share aggregated information and information that does not identify any specific individual, such as groupings of demographic data and customer preferences, (i) for compliance with reporting obligations; (ii) for business or marketing purposes; and (iii) to assist us and others in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, marketing, and/or functionality.|
HOW LONG DO WE PROCESS YOUR INFORMATION?
We retain and use your personal information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to provide our services, and to enforce our agreements.
We take reasonable steps to delete the personal information we collect when (1) we have a legal obligation to do so, (2) we no longer have a purpose for retaining the information, and (3) if you ask us to delete your information, unless we determine that doing so would violate our legal, regulatory, dispute resolution, contractual, or similar obligations. We may also decide to delete your personal information if we believe it is incomplete, inaccurate, or that our continued storage of your personal information is contrary to our legal obligations or business objectives.
To the extent permitted by law, we may retain and use anonymous, de-identified, and aggregated information for performance reporting, benchmarking, and analytic purposes and for product and service improvement. When we delete data, it will be removed from our active servers and databases; but, it may remain in our archives when it is not practical or possible to delete it.
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
We have put security measures in place to protect personal information from being accidentally lost, used, altered, disclosed, or accessed in an unauthorized manner and to detect fraudulent identify-verification activity, including when transmitting personal information in response to data subject requests. From time to time, we review our security procedures to consider appropriate new technologies and methods.
However, no security system is perfect, and no data transmission is 100% secure. As a result, while we strive to protect personal data, we cannot guarantee or warrant the security of any information transmitted to or from the Sites or services. Your use of the Sites is at your own risk. We cannot guarantee that your data will remain secure in all circumstances.
If a data breach compromises your personal information, we will notify you and any applicable regulator when we are required to do so by applicable law.
YOUR RIGHTS AND CHOICES
Please use the “Contact Us” details at the end of this Policy to exercise your rights and choices under this Policy.
Email Preferences. If you no longer wish to receive communications from us via email, you may opt-out by clicking the “unsubscribe” link at the bottom of our emails or by contacting us via the “Contact Us” details at the end of this Policy and providing your name and email address so that we may identify you in the opt-out process. Once we receive your instruction, we will promptly take corrective action. Please note that registered users cannot opt out of receiving transactional e-mails related to their account.
Accuracy and Updating Your Personal Information. Our goal is to keep your personal information accurate, current, and complete. If any of the personal information you have provided to us changes, please let us know via the “Contact Us” details at the end of this Policy. We are not responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
Complaints. If you believe that your rights relating to your personal information have been violated, you may lodge a complaint with us by contacting us via the “Contact Us” details at the end of this Policy.
Individual Rights. You may have certain rights relating to your personal data under local data protection laws, and we discuss the rights provided in various jurisdictions below. We honor individuals’ rights where required under applicable law, and, depending on the applicable laws, these rights may include the right to:
- Access your personal information;
- Know more about how we process your personal information;
- Rectify inaccurate personal information and, taking into account the purpose of processing the personal information, ensure it is complete;
- Erase or delete your personal information;
- Restrict our processing of your personal information;
- Transfer your personal information to another controller, to the extent possible;
- Object to certain processing of your personal information;
- Opt-out of certain disclosures of your personal information to third parties;
- If you’re under the age of 16, or such other applicable age of consent, opt-in to certain disclosures of your personal information to third parties;
- Not be discriminated against for exercising your rights;
- Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects; and
- Withdraw your consent at any time (to the extent we base processing on consent), without affecting the lawfulness of the processing based on such consent before its withdrawal.
All requests should be sent to the contact details noted in the “Contact Us” section of this Policy. Your personal information may be processed in responding to these rights. If you are exercising a right that is the responsibility of a third party, including one of our customers, we will direct you to contact the appropriate data controller who is responsible for responding to your request.
Right of Access. To the extent required by law, you have the right to receive confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; and the recipients or categories of recipient to whom the personal data have been or will be disclosed. We will provide a copy of your personal information in compliance with applicable law.
Right of Rectification. Our goal is to keep your personal information accurate, current, and complete. Please contact us if you believe your information is not accurate or if it changes.
Right to Erasure. In some cases, you have a legal right to request that we delete your personal information when (1) it is no longer necessary for the purposes for which it was collected, (2) consent has been withdrawn in certain instances, (3) you have objected to the processing in certain instances, (4) the personal information has been unlawfully processed, (5) the personal data have to be erased for compliance with a legal obligation; and (6) the personal data were collected in relation to the offer of information society services. However, the right is not absolute. When we delete personal information, it will be removed from our active servers and databases; but, it may remain in our archives when it is not practical or possible to delete it. We may also retain your personal information as needed to comply with our legal obligations, resolve disputes, or enforce any agreements.
Right to Restrict Processing. You have the right to restrict the processing of your data when (1) the accuracy of the personal data is contested, for a period enabling the controller to verify the accuracy of the personal data; (2) the processing is unlawful and you oppose erasure and request a restriction instead; (3) we no longer need the personal data, but you need us to keep it for the establishment, exercise, or defense of legal claims; or (4) you have objected to us processing the personal information, pending resolution of the objection.
Right to Object. In certain circumstances, you have the right to object to the processing of your personal information where the processing is necessary for performance of a task carried out in the public interest, for our legitimate interests, or for the legitimate interests of others. You also have the right to object where personal data are processed for direct marketing purposes or for scientific or historical research purposes or statistical purposes.
Right to Withdraw Consent. If you have provided your consent to the collection, processing, and transfer of your personal information, you may have the right to fully or partially withdraw your consent. Once we have received notice that you have withdrawn your consent, in whole or in part, we will no longer process your information for the purpose(s) to which you originally consented and have since withdrawn unless there are compelling legitimate grounds for further processing that override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of personal information for the provision of our services.
Right to Complain. If you believe we have not processed your personal information in accordance with applicable law, we encourage you to contact us at firstname.lastname@example.org. You may also have the right to make a complaint to an applicable Supervisory Authority or seek a remedy through the courts. A list of Supervisory Authorities for residents of the EU or EEA is available at: https://edpb.europa.eu/about-edpb/board/members_en. If you need further assistance regarding your rights, please contact us using the contact information provided below, and we will consider your request in accordance with applicable law.
Nevada residents may submit a verified request to us at email@example.com to request that we not make any sale (as defined under Nevada law) of any covered information (as defined under Nevada law) that we have collected or will collect about you. Please provide your name and contact information in your request, and we will respond to your request in accordance with Nevada law.
Please see our California Privacy Rights page for more information about your rights under California law.
THIRD-PARTY SITES AND SERVICES
This Policy does not apply to any third-party websites or applications. The Sites may contain links to, and media or other content from, third parties. These links are to external resources and third parties that have their own privacy policies. Because of the dynamic media capabilities of the Sites, it may not be clear which links are to external, third-party resources. If you click on a third-party link, you will be redirected away from the Sites. You can check the URL to confirm whether you have left the Sites.
We cannot and do not (1) guarantee the adequacy of the privacy or security practices employed by or the content and media provided by any third parties or their websites, (2) control third parties’ independent collection or use or your information, or (3) endorse any third-party information, products, services or websites that may be reached through embedded links on the Sites.
Our Sites, products, and services are not directed to children under the age of 18, nor is information knowingly collected from children under the age of 18. No one under the age of 18 may access, browse, or use the Sites or provide any information to us. If we learn that we have collected or received personal information from a child under the age of 18 without a parent’s or legal guardian’s consent, we will take steps to stop collecting that information and delete it. If you believe we have any received information from a child under the age of 18, please contact us using the “Contact Us” details provided below.
UPDATES AND CHANGES TO THIS POLICY
We may add to, change, update, or modify this Policy from time to time. We will post all changes to this Policy on this page, and the updated policy will be effective immediately upon posting.
If we make material changes, we will also notify you through a notice on the homepage of the Sites for a reasonable period of time. We may also, in our discretion, notify you of changes to this Policy via email.
You are expected to, and you acknowledge and agree that it is your responsibility to, carefully review this Policy prior to using the Sites, and from time to time, so that you are aware of its current terms. Your continued use of the Sites after the “Last Updated” date will constitute your acceptance of and agreement to any changes and to our collection and sharing of your information according to the then-current Policy. If you do not agree with this Policy and our practices, you should not use the Sites.
If you have any questions or concerns, wish to exercise your rights, or want to submit a complaint, please contact us using the information below, and we will do our best to assist you.
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US
By Email: firstname.lastname@example.org
If you are a user in the EEA, you may also contact our representative in the European Union:
Attn: Legal Counsel
2nd Floor, Mirabilis Bldg.
TRIQ I-Intornjatur Mriehel
Malta BKR 3000
Cc: 1000 N Lamar Blvd Suite 300
Austin, TX 78703, US
Last updated as of: April 19, 2022