Table of Contents
- Personal Information We Collect
- How We Use Your Personal Information
- How We Share your Personal Information
- Your Choices
- Other sites, mobile applications and services
- Security practices
- International data transfers
- How to Contact Us
- Your California Privacy Rights
Personal Information We Collect
Information you provide to us. Personal information you provide to us through the Service or otherwise includes:
- Business and personal contact information, such as your first and last name, email and mailing addresses, phone number, professional title and company name.
- Information provided in response to StackHawk questionnaires, such as information relating to your company’s software framework, including software routes, categories of data being stored and your internal assessment(s) of your company’s security.
- Registration information, such as information that may be related to a service, an account or an event you register for.
- Scan results obtained from the Software, such as information relating to potential code vulnerabilities, including metadata related thereto.
- Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
- Usage information, such as information about how you use the Service and interact with us, including information associated with any data you upload to the websites or otherwise submit to us, and information you provide when you use any interactive features of the Service.
Information we obtain from other third parties. We may receive personal information about you from third-party sources. For example, a business partner may share your contact information with us if you have expressed interest in learning specifically about our products or services, or the types of products or services we offer. We may obtain your personal information from other third parties, such as marketing partners, publicly-available sources and data providers.
Cookies and Other Information Collected by Automated Means
We, our service providers, and our business partners may automatically log information about you, your computer device, and activity occurring on or through the Service, including but not limited, your computer operating system type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, screen resolution, IP address, the website you visited before browsing to our website, general location information such as city, state or geographic area; information about your use of and actions on the Service, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access; and other personal information. Our service providers and business partners may collect this type of information over time and across third-party websites and mobile applications.
A “cookie” is a text file that websites send to a visitor‘s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as a pixel tag or clear GIF, is typically used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of our websites.
Web browsers may offer users of our websites the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly.
How We Use Your Personal Information
To operate the Service. We use your personal information to:
- provide, operate and improve the Service
- provide information about our products and services
- establish and maintain your user profile on the Service
- enable security features of the Service, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in
- communicate with you about the Service, including by sending you announcements, updates, security alerts, and support and administrative messages
- understand your needs and interests, and personalize your experience with the Service and our communications
- provide support and maintenance for the Service
- to respond to your requests, questions and feedback
For research and development. We analyze use of the Service to analyze and improve the Service and to develop new products and services, including by studying user demographics and use of the Service.
To send you marketing and promotional communications. We may send you StackHawk-related marketing communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications as described in the Opt out of marketing section below.
To comply with law. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
For compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Service; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
With your consent. In some cases we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.
To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.
How We Share your Personal Information
Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.
Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.
In this section, we describe the rights and choices available to all users.
Access or Update Your Information. If you have registered for an account with us, you may review and update certain personal information in your account profile by logging into the account.
Opt out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at [EMAIL]. You may continue to receive service-related and other non-marketing emails.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Choosing not to share your personal information. Where we are required by law to collect your personal information, or where we need your personal information in order to provide the Service to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services. We will tell you what information you must provide to receive the Service by designating it as required at the time of collection or through other appropriate means.
Other sites, mobile applications and services
The Service may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites, mobile applications and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.
The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.
International data transfers
We are headquartered in the United States and have service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, or country where privacy laws may not be as protective as those in your state, province, or country.
As a general rule, children are not allowed to use the Service, and we do not collect personal information from them. We define “children” as anyone under 13 years old. If we learn that we have collected personal information of a child without the consent of the child’s parent or guardian, we will delete it. We encourage parents with concerns to contact us.
How to Contact Us
Please direct any questions or comments about this Policy or privacy practices to [email address]. You may also write to us via postal mail at:
Attn: Legal – Privacy
Your California Privacy Rights
Under California Civil Code section 1798.83, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to us via email at [Insert mailing address and email address]. You must put the statement “Your California Privacy Rights” in your request and include your name, street address, city, state, and ZIP code. We are not responsible for notices that are not labeled or sent properly, or do not have complete information.