Last updated as of August 11, 2020.
2. Children’s Privacy. Our Platform is not intended for use by individuals under the age of 18, and Invicti Security does not target the Platform to minors. Invicti Security does not knowingly collect personal information from children under the age of 18.
If you are under the age of 18, please do not provide us with any personally identifiable information.
What personal information we collect and process depends on how and why you use our Platform. Generally, we process personal information that we receive:
This is all explained in more detail below.
3.1 Information Collected Directly. What personal information we collect from you directly will depend on how you use our Platform. You can generally visit our Sites without submitting any personal information to us, but you may be asked for information if you would like to hear more about, or sign up for, our Services.
3.1.1 Inquiry/ Demo Information. To find out more about our Services, or to try them out, we request certain personal information from you:
3.1.2 Account Registration Information. To sign up to use our Services, we collect:
3.1.3 Payment Information. If you wish to use our Services, we will process your payment information in order to get you started. Payment processing is performed by third-party service providers as explained further below. Invicti Security only receives confirmation of your payment once it goes through, and such confirmation is then linked to your transactions and other personal information.
3.1.4 Communication Information. When you contact us via email or otherwise, we also collect and process any additional information you provide which may include personal information that you voluntarily submit to us in those emails, contact forms, or other communications.
3.2 Information Collected Indirectly.
3.2.1 Device and Usage Information. When you download, use, or interact with the Platform, even if you do not have an account, we – or authorized third parties engaged by us – may automatically collect information about your use of the Platform via your device, some of which is considered personal information. “Device and Usage Information” that we collect consists of:
3.2.3 Information from Third Parties. In some instances, we process personal information from third parties which may consist of data from our partners such as transactional data from providers of payment services or information from our lead generation partners.
3.3 Analytics/Aggregated Information. With the Device and Usage Information collected by our third-party analytics services, such as Google Analytics or Pendo, we generate and process aggregated information, such as statistical or demographic data. Aggregated Information may be derived from personal data, but it is not considered personal data if it does not directly or indirectly reveal your identity. For example, we may track the total number of visitors to our Platform or the number of visitors to each part of our Platform, and we may aggregate usage data to calculate the percentage of users accessing a specific feature of the Platform and analyze this data for trends and statistics.
4. Why We Collect Your Personal Information and How We Use It. Our mission is to provide a safe, efficient, and high-quality Platform, and we – or our authorized third-party service providers who assist us in providing the Platform – process your personal information for this purpose. Specifically, personal information is processed in order to:
5. Managing Your Preferences. If your personal data changes, or if you no longer desire to use our Services, you may delete your account or contact us. We will respond to your request within a reasonable timeframe.
6. Disclosure of Your Personal Information. We only disclose your personal information as described below.
6.1 Third-Party Service Providers. Invicti Security discloses users’ information to our third-party agents, contractors, or service providers who are hired to perform services on our behalf. These companies do things to help us provide the Platform and – in some cases – collect information directly. Below is an illustrative list of functions for which we may use third-party service providers:
6.2 Business Transfers. As we continue to grow, we may purchase websites, applications, subsidiaries, and other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, and/or sell assets or stock, in some cases as part of a reorganization or liquidation in bankruptcy. As part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Invicti Security participates, or to a purchaser or acquirer of all or a portion of Invicti Security’s assets, bankruptcy included.
6.3 Anonymized Information. We share aggregated, automatically-collected, or otherwise non-personal information with third parties for various purposes, including: (i) compliance with reporting obligations; (ii) for business or marketing purposes; (iii) to assist us and other parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, marketing, and/or functionality available through the Platform. We do not share personal information about you in these cases.
If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty). Under such circumstances, we may at our discretion attempt to provide you with prior notice that a request for your information has been made in order to give you an opportunity to object to the disclosure. However, government requests may include a court-granted non-disclosure order which prohibits us from giving notice to the affected individual.
Note that if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person then we may provide information to law enforcement trying to prevent or mitigate the danger as determined on a case-by-case basis.
7. Payment Processing. We do not directly collect your payment information, and we do not store your payment information. We use third-party, PCI-compliant payment processors that collect payment information on our behalf in order to complete transactions. While our administrators are able to view and track actual transactions via customer portals, we do not have access to or process your credit card information.
8. Retention Period.
8.1 General. We use the following criteria to determine our retention periods: the amount, nature, and sensitivity of your information; the reasons for which we collect and process your personal data; the length of time we have an ongoing relationship with you and provide you with access to our Services; and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax, or accounting requirements). Additionally, we cannot delete information when it is needed for the establishment, exercise, or defense of legal claims (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or – if this is not possible (for example, because your personal information has been stored in backup archives) – we will securely store your personal information and isolate it from any further processing until deletion is possible.
If you have questions about, or need further information concerning, our data retention periods, please contact us.
8.2 Time Frame of Deletion. If personal data can no longer be retained or is no longer necessary, it will be erased or anonymized in the time frame required by applicable law.
8.3 Anonymization. In some instances, we may choose to anonymize your personal data instead of deleting it, for statistical use, for instance. When we choose to anonymize your personal data, we make sure that there is no way that the personal data can be linked back to you or any specific user.
9. Protecting Your Personal Data. No method of transmission over the Internet, or method of electronic storage, is 100% secure. However, we take steps that are reasonably necessary to securely provide our Platform. We have put in place reasonably appropriate security measures designed to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. We limit access to personal data only to those employees, agents, contractors, and third parties who have a business need-to-know.
We also have procedures in place to deal with any suspected data security breach. If required, we will notify you and any applicable regulator of a suspected data security breach. We also require those parties to whom we transfer your personal information to provide acceptable standards of security.
220 Industrial Blvd., Suite 102
Austin, TX 78745
13. Additional Information for Users in California. Invicti Security provides the Platform to other businesses, and in doing so we may collect and process personal data on behalf of our business customers, including personal data about California residents. In doing so, Invicti Security is a service provider under the CCPA. As a service provider, we will collect and process personal data on behalf of a customer to provide the Platform for which that customer has engaged us, in accordance with our contract with such customer. If you’d like to exercise your rights under the CCPA with respect to your personal data we hold as a service provider for a customer, you should contact that customer directly.
If you have a question or would like to submit a request related to the personal data we collect related to our business-to-business relationship with you or your company, please contact us.
14. Additional Information for Users in the European Economic Area. This Section applies to individuals located in the EEA.
14.1 Categories of Recipients of Personal Data. The categories of recipients of personal data with whom we may share your personal data are listed in the “Disclosure of Your Personal Information” section above.
14.2.1 Performance of a Contract. We may process your personal data for the purposes of a contract to which you are a party. For instance, if you want to use our Platform, we need to process your account registration information, location information, and payment information in order to enable you to do so.
14.2.2 Legitimate Interests. We may process personal data where it is necessary for our legitimate business interests, but only to the extent that they are not outweighed by your own interests or fundamental rights and freedoms. We generally rely on legitimate interests to: provide and maintain a Platform that works well and securely; comply with applicable laws; carry out fraud prevention; and generally improve the Platform. When we rely on this legal basis, we’ll carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative) and your rights under applicable data protection laws.
14.2.3 Consent. Invicti Security may rely on consent where it is required, such as with respect to certain information collected via cookies and similar technologies (other than strictly necessary cookies) or when we’re asking you to confirm your marketing preferences. When we rely on consent, you’ll be asked to confirm that you give your permission to Invicti Security to process your personal information. You have the right to withdraw your consent at any time if you no longer wish to have Invicti Security process your personal data.
14.2.4 Legal Obligation. Invicti Security will on occasion be under a legal obligation to obtain and disclose your personal data. Where possible, we will notify you when processing your data due to a legal obligation, but this may not always be possible. For instance, Invicti Security may need to provide your data in order to prevent criminal activity or to help to detect criminal activity, in which case we may share information with law enforcement without providing notice to you. This is done in a safe and secure manner. It’s essential that Invicti Security complies with its legal, regulatory, and contractual requirements, so if you object to this processing then Invicti Security will not be able to provide its Platform to you.
14.3 Your Rights and Choices Under GDPR. If the GDPR applies to you because you are in the EEA, you have the following rights in relation to your personal data:
These rights are subject to certain rules around when you can exercise them. If are located in the EEA and wish to exercise any of the rights set out above, please contact us here or at the addresses provided below.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request under those circumstances.
We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
If we cannot reasonably verify your identity, we will not be able to comply with your request(s).
We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
In addition, if you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing our Platform.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first.
If you are a user in the EEA, you may also contact our representative in the European Union:
Attn: Data Protection Officer
2nd Floor, Mirabilis Bldg.
TRIQ I-Intornjatur Mriehel
Malta BKR 3000
Cc: 220 Industrial Blvd., Suite 102
Austin, TX 78745