Effective starting: December 14, 2016
“Security Portal Services” include our:
- SaaS Products
- Downloadable Products
but does not include:
- Third Party Products. These are third party products or services that you may choose to integrate with Security Portal product or services, such as third party Add-Ons. You should always review the policies of third party products and services to make sure you are comfortable with the ways in which they collect and use your information.
A “Device” is any computer used to access the Security Portal Services, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device.
Unless otherwise stated, our SaaS Products and our Downloadable Products are treated the same for the purposes of this document.
Add-On: a bundle of code, resources and configuration files that can be used with a Security Portal product to add new functionality or to change the behavior of that product’s existing features.
Content: any information or data that you upload, submit, post, create, transmit, store or display in a Security Portal Service.
Downloadable Products: Security Portal’s downloadable software products and mobile applications, including Add-Ons created by Security Portal, which are installed by customers on an infrastructure of their choice. Downloadable Products do not include Add-Ons created by third parties.
Personal Information: information that may be used to readily identify or contact you as an individual person, such as: name, address, email address, or phone number. Personal Information does not include information that has been anonymized such that it does not allow for the ready identification of specific individuals.
Websites: Security Portal’s websites, sub-domains and pages.
Information you provide to us
We collect the following information:
Account and Profile Information: We collect information about you and your company as you register for an account, create or modify your profile, make purchases through, use, access, or interact with the Security Portal Services (including but not limited to when you upload, download, collaborate on or share Content). Information we collect includes:
- Contact information such as name, email address, mailing address, and phone number
- Billing information such as credit card details and billing address
- Profile information such as a username, profile photo, and job title
- Preferences information such as notification and marketing preferences
You may provide this information directly when you enter it in Security Portal Services.
Content: We collect and store Content that you create, input, submit, post, upload, transmit, store or display in the process of using our SaaS Products or Websites. Such Content includes any Personal Information or other sensitive information that you choose to include (“incidentally-collected Personal Information”).
Other submissions: We collect other data that you submit to our Websites or as you participate in any interactive features of the Security Portal Services, participate in a survey, contest, promotion, sweepstakes, activity or event, apply for a job, request customer support, communicate with us via third party social media sites or otherwise communicate with us. For example, information regarding a problem you are experiencing with a Security Portal product could be submitted to our Support Services or posted in our public forums.
Information we collect from your use of Security Portal Services
Analytics Information from Website and SaaS Products: We collect analytics information when you use our Websites and SaaS Products to help us improve our products and services. In the SaaS Products, this analytics information consists of the feature and function of the Security Portal Service being used, the associated license identifier and domain name, the username and IP address of the individual who is using the feature or function (which will include Personal Information if the Personal Information was incorporated into the username), the sizes and original filenames of attachments, and additional information required to detail the operation of the function and which parts of the Security Portal Services are being affected.
The analytics information we collect includes elements of Content related to the function the user is performing. As such, the analytics information we collect may include Personal Information or sensitive business information that the user has included in Content that the user chose to upload, submit, post, create, transmit, store or display in a Security Portal Service.
Analytics Information Derived from Content. Analytics information also consists of data we collect as a result of running queries against Content across our user base for the purposes of generating Usage Data. “Usage Data” is aggregated data about a group or category of services, features or users that does not contain Personal Information.
Though we may happen upon sensitive or Personal Information as we compile Usage Data from Content across user instances, this is a byproduct of our efforts to understand broader patterns and trends. It is not a concerted effort by us to examine the Content of any particular customer.
Analytics Information from Downloadable Products: We collect analytics information when you use our Downloadable Products to help us improve our products and services. Our Downloadable Products contain a feature that sends information about the technical operation of the Downloadable Products on your systems (“System Information”) to us. System Information includes information about (a) the server environment in which the Downloadable Product is operating: OS type and version, JVM version, Java environment properties, CPU type, RAM allocation, language and locale settings, database type and version, and disk utilization, as well as (b) user client information, for example: browser type and version, native client type and version, and client device specifications (e.g. screen resolution, OS version, device type, etc.). In addition, we collect analytics information from Downloadable Products that is a subset of the analytics information described above for Websites and SaaS Products. As with Websites and SaaS Products, the analytics information we collect includes elements of Content related to the function the user is performing, but with an important caveat. With the Downloadable Products, before sending the information to Security Portal’s servers, we filter the analytics information to remove elements that we believe may contain sensitive or Personal Information. For example: (1) we conduct a one-way hash of usernames and hostnames before collecting them and (2) we filter any Content elements we collect to discard all words except those on a list of common business and IT terminology.
Installer Analytics, Software Updates & License Information from Downloadable Products: During the installation of our Downloadable Products, the installer sends analytics information to Security Portal to allow us to understand where in the installation process users are experiencing trouble or dropping out. Our Downloadable Products also communicate with Security Portal servers for licensing purposes, as well as to check for updates, patches, and compatibility with Add-Ons. Examples of information we collect for these purposes include the name and version of the Downloadable Product and the server ID, and IP address of the customer instance.
You may be able to opt out of receiving personalized advertisements as described below under “Your Choices.”
Information we collect from other sources
How we use Information we collect
General Uses: We use the Information we collect about you (including Personal Information to the extent applicable) for a variety of purposes, including to:
- Provide, operate, maintain, improve, and promote Security Portal Services;
- Enable you to access and use Security Portal Services, including uploading, downloading, collaborating on and sharing Content;
- Process and complete transactions, and send you related information, including purchase confirmations and invoices;
- Send transactional messages, including responding to your comments, questions, and requests; providing customer service and support; and sending you technical notices, updates, security alerts, and support and administrative messages;
- Send promotional communications, such as providing you with information about services, features, surveys, newsletters, offers, promotions, contests, events and sending updates about your team and chat rooms; and providing other news or information about us and our select partners. You have the ability to opt out of receiving any of these communications as described below under “Your Choices”;
- Process and deliver contest or sweepstakes entries and rewards;
- Monitor and analyze trends, usage, and activities in connection with Security Portal Services and for marketing or advertising purposes;
- Investigate and prevent fraudulent transactions, unauthorized access to Security Portal Services, and other illegal activities;
- Personalize Security Portal Services, including by providing content, features, or advertisements that match your interests and preferences;
- Enable you to communicate, collaborate, and share Content with users you designate; and
- For other purposes about which we obtain your consent.
Notwithstanding the foregoing, we will not use Personal Information appearing in our Analytics Logs or Web Logs for any purpose. The use of Information collected through our Security Portal Services shall be limited to the purposes disclosed in this policy.
Compiling aggregate analytics information: Because our SaaS Products and Downloadable Products are some of the most configurable in the market, we make extensive use of analytics information (including log and configuration data) to understand how our products are being configured and used, how they can be improved for the benefit of all of our users, and to develop new products and services. As such we generate Usage Data (as defined above) from the web logs and analytics logs described above, including the Content elements captured in such logs, as well as from the Content stored in the Websites and SaaS Products.
Information sharing and disclosure
We will not share or disclose any of your Personal Information or Content with third parties except as described in this policy. We do not sell your Personal Information or Content.
Your Use: When you use Security Portal Services, Content you provide will be displayed back to you. Certain features of Security Portal Services allow you or your administrator to make some of your Content public, in which case it will become readily accessible to anyone. We urge you to consider the sensitivity of any data you input into Security Portal Services.
Collaboration: As a natural result of using Security Portal Services, you may create Content and grant permission to other Security Portal users to access it for the purposes of collaboration. Some of the collaboration features of Security Portal Services display your profile information, including Personal Information included in your profile, to users with whom you have shared your Content. Where this information is sensitive, we urge you to use the various security and privacy features of the Security Portal Services to limit those who can access such information. Your sharing settings may make any Information, including some Personal Information, which you submit to the Security Portal Services visible to the public, unless submitted to a restricted area.
Access by your system administrator: You should be aware that the administrator of your instance of Security Portal Services may be able to:
- access information in and about your Security Portal Services account;
- access communications history, including file attachments, for your Security Portal Services account;
- disclose, restrict, or access information that you have provided or that is made available to you when using your Security Portal Services account, including your Content; and
- control how your Security Portal Services account may be accessed or deleted.
Security Portal Community: Our Websites offer publicly accessible community services such as blogs, forums, bug trackers, and wikis. You should be aware that any Content you provide in these areas may be read, collected, and used by others who access them. Your posts may remain even after you cancel your account. To request removal of your Personal Information from the Security Portal Community, please contact us using the information listed below. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to and why.
Service Providers, Business Partners and Others: We work with third party service providers to provide website, application development, hosting, maintenance, back-up, storage, virtual infrastructure, payment processing, analysis and other services for us. These service providers may have access to or process your Information for the purpose of providing those services for us. Some of our pages may utilize white-labeling techniques to serve content from our service providers while providing the look and feel of our site. Please be aware that you are providing your Information to these third parties acting on behalf of Security Portal.
Testimonials: We may display personal testimonials of satisfied customers on the Security Portal Services. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us using the information below.
Compliance with Laws and Law Enforcement Requests; Protection of Our Rights: We may disclose your Information (including your Personal Information) to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and terms of service, (c) to protect the security or integrity of Security Portal’s products and services, (d) to protect Security Portal, our customers or the public from harm or illegal activities, or (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
Business Transfers: We may share or transfer your Information (including your Personal Information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the Security Portal Services of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
Aggregated or Anonymized Data: We may also share aggregated or anonymized information that does not directly identify you with the third parties described above.
With Your Consent. We will share your Personal Information with third parties when we have your consent to do so.
Information we do not share
We do not share Personal Information about you with third parties for their marketing purposes (including direct marketing purposes) without your permission.
Data storage, transfer and security
Security Portal hosts data with hosting service providers in different countries including Romania. The servers on which Personal Information is stored are kept in a controlled environment. While we take reasonable efforts to guard your Personal Information, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. In addition, we cannot guarantee that any incidentally-collected Personal Information you choose to store in Websites or SaaS Products are maintained at levels of protection to meet specific needs or obligations you may have relating to that information.
Where data is transferred over the Internet as part of a Website or SaaS Product, the data is encrypted using industry standard SSL (HTTPS).
Where Downloadable Products are used, responsibility of securing access to the data you store in the Downloadable Products rests with you and not Security Portal. We strongly recommend that administrators of Downloadable Products configure SSL to prevent interception of data transmitted over networks and to restrict access to the databases and other storage used to hold data.
You may opt out of receiving promotional communications from Security Portal by using the unsubscribe link within each email, updating your email preferences or within your Security Portal Service account settings menu, or emailing us to have your contact information removed from our promotional email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding Security Portal’s Services. You can opt-out of some notification messages in your account settings.
Accessing and updating your information
You may often correct, update, amend, or remove your Personal Information in your account settings or by directing your query to your account administrator. You may also contact Support Services, or contact us by postal mail using the address listed below. We will respond to your request for access within 30 days.
You can often remove Content using editing tools associated with that Content. In some cases, you may need to contact your administrator to request they remove the Content. You can contact us to request removal of Personal Information from Security Portal Community services.
You or your administrator may be able to deactivate your Security Portal Services account. If you can deactivate your own account, you can most often do so in your account settings. Otherwise, please contact your administrator. To deactivate an organization account, please contact Support Services. To deactivate an account made for you without authorization, please contact us at the contact information below.
We will retain your account information for as long as your account is active, or as reasonably useful for commercial purposes or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If your account is managed by an administrator, that account administrator may have control with regards to how your account information is retained and deleted.
Our policy towards children
Security Portal Services are not directed to individuals under 18. We do not knowingly collect Personal Information from children under 18. If we become aware that a child under 18 has provided us with Personal Information, we will take steps to delete such information. If you become aware that a child has provided us with Personal Information, please contact our Support Services.
If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your Personal Information to Romania and the countries that servers we use may be located in. By providing your Personal Information, you consent to any transfer and processing in accordance with this Policy.