ENCRIPTI PRIVACY POLICY
Last Modified: Feb 22, 2024
Introduction
This Privacy Policy (“Policy”) describes how Encripti and its wholly owned subsidiaries and affiliates (collectively, “Encripti”, “we”, or “us”) collect, use, disclose and otherwise process your personal information in connection with the management of our business and our relationships with customers, visitors and event attendees.
Encripti is fully committed to ensuring the security and protection of the personal information that we collect and process. We follow the General Data Protection Regulation (GDPR) framework.
This Policy explains your rights and choices related to the personal information we collect when:
You interact with our websites;
You visit, interact with, or use any of our offices, events, sales, marketing or other activities;
and You use our platform, and other products and services (the “Solutions”)
This Policy does not cover:
Applicant information. This Policy does not cover information related to our employment recruiting efforts.
Organizational Use. When you use our products or services on behalf of an organization (e.g., your employer), your use is administered and provisioned by your organization under its policies regarding the use and protection of personal data. If you have questions about how your data is being accessed or used by your organization, please refer to your organization's privacy policy and direct your inquiries to your organization's system administrator.
Third Parties. This Policy does not apply to any products, services, websites, or content that are offered by third parties and/or have their own privacy statement.
Encripti determines the purposes for and means of the processing (i.e., we are the data controller) of your personal information as described in this Policy unless expressly specified otherwise.
Personal Information Collection
We may collect the following types of personal information:
Business contact information, such as your first and last name, professional title, business affiliation and address, email, and phone number.
Services account information, such as the Solutions you use, webinars and other events you sign up for, transactions, and business relationship information.
Communications with us, including questions or inquiries you may send us, and any information that you create, input, submit, post, upload, transmit, store or display on our Sites.
Information from cookies and other automated technologies,such as information about the devices you use to engage with our Solutions and Sites, and online activity data.
We may also obtain personal information from other sources, including:
Third parties, such as business intelligence services, event co-sponsors, and other data providers.
Public sources, such as company websites and our pages on social media platforms.
How we Use Personal Information
We use personal information for the following purposes:
Encripti Site. When you visit our Sites, we use personal information to interact with you, provide you relevant marketing data and information, contact you about our Solutions, personalize or customize your experience (based on preferences or geography, for example), conduct research (such as to test the performance and layout of our Sites), and to improve the content and availability of the Sites. If you interact with any publicly accessible blogs, community forums, comments sections, discussion forums, or other interactive features on our Sites, we may display any information that you post and that information might be read, collected, and used by others who access it.
Administering the Solutions. If you subscribe or are exploring a subscription to our Solutions, we use personal information to create and administer your account, manage our business relationship, and communicate with you about the Solutions, including to send you notifications and keep you informed of any updates to the Solutions. We also analyze trends in the purchase and use of our Solutions to understand our customers’ needs and interests, recommend additional Solutions, forecast business needs, and to improve and develop our Solutions. We may accept payments on our Sites using a payment service provider. The information provided to the payment service provider in connection with payment and transactions is handled in accordance with the payment service provider’s terms and privacy policies.
Newsletters, events, marketing and advertising.If you sign up to receive newsletters or other additional information from us, attend a webinar or live event, or participate in any other offering, we use the information you provide, such as your name, company name, email address and phone number, to facilitate your request and to identify business opportunities. Subject to consent where required, we also use personal information to develop and send direct marketing communications, including by email, and to make sales and marketing calls promoting our Solutions, events, programs or other services that we believe are of interest to you. You can unsubscribe from our marketing communications as described in the Unsubscribe from marketing communications section below. We also use cookies and similar technologies to engage in interest-based advertising.
Testimonials. Where you permit us to share your experience with our Solutions, we may post testimonials on the Sites that may contain Personal Information. We obtain your consent to post your name along with your testimonial. If you wish to update or delete your testimonial, you can contact us at [email protected].
Partners. If you partner with us to promote or provide the Solutions, including by using our Partner Portal, we use your information to maintain and administer our business relationship and to evaluate the performance of our partnership.
Compliance and protection. We also use personal information to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities; protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims); audit our internal processes for compliance with legal and contractual requirements and internal policies; enforce the terms and conditions that govern our Solutions; and prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft.
At your option. Other than as set out above, you will receive notice when personal information about you might be shared with third parties, and you will have an opportunity to choose not to share that information.
We will only use your personal information as described in this section if we have a valid legal ground for the processing under applicable laws. Our legal grounds for processing include: consent, where you have consented to the use of your personal information (including, where applicable, to receive marketing communications); legitimate interests, such as to promote, develop and improve our Sites and Services, to protect our legal rights, and to establish, exercise, or defend legal claims, provided that such interests are not overridden by your interests or your fundamental rights and freedoms; and legal obligations, including to comply with tax and accounting obligations. We may also process your personal information when necessary to protect your or another individual’s vital interests.
How We Share Personal Information
We share personal information with:
Affiliates. All Encripti entities worldwide, for purposes consistent with this Policy.
Service providers. Companies and individuals that provide services on our behalf or help us operate our Services (such as hosting, information technology, customer support, email delivery, and website analytics services). Encripti contractually requires all its third-party business partners with whom it shares personal information to take commercially reasonable steps and implement policies to safeguard your personal information, and to not use your personal information for any purpose other than to assist Encripti in serving its customers.
Advertising vendors. Third party advertising companies, including for the interest-based advertising purposes described above, that can collect information on our Sites through cookies and other automated technologies.
Social media platforms. Our Sites also include social media features that may collect your IP address, which webpage you are visiting on our Sites, and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of the company providing the feature.
Third parties. We may also share your personal information with business partners and third parties, such as event sponsors when you attend one of our events, that may want to market products or services to you. If we share personal information with such unaffiliated third parties for their own marketing purposes, we provide you with an opportunity to opt out of such uses either at the point of collection or through the choice mechanisms set forth in this Policy.
Professional advisors. Professional advisors, such as lawyers, auditors, bankers, and insurers, in the course of the professional services that they render to us.
Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale, or other disposition of all or any portion of the business or assets of, or equity interests in, Encripti (including in connection with a bankruptcy or similar proceedings). We may assign or transfer this Policy, as well as your account and related information and data, including any personal information, to any person or entity that acquires all or substantially all of our business, stock or assets, or with whom we merge.
Encripti does not sell the personal information we collect.
Use of Cookies and Web Technologies
Encripti Sites, Solutions, and advertisements may use automatic data collection tools such as cookies, embedded web links, and web beacons.
Third-Party Links
The Sites may include links to third-party sites, products or services. Please note that your access to and use of these third-party sites, products or services may result in the collection of or sharing of your information, including personal information. These third parties have separate and independent privacy policies, and we are not responsible or liable for your interactions with such third-parties (as further described in our Master Subscription/Service Agreement). The option to link to such third-party sites, products or services is not an endorsement or representation regarding any third-party sites, products or services, and we encourage you to review and understand such third- parties privacy policies.
Solutions
Encripti protects devices, workloads, and endpoints at scale. The Encripti Agent enables this protection by deploying agents to locations across customer environments, monitoring those locations, and then sending the relevant information to the Management Console where customers can visualize, detect, and respond directly to events.Our agents help identify not just malicious activity but also associated events in order to provide customers with the complete Storyline picture of a suspected or actual compromise. And because hackers are constantly evolving their tactics, techniques, and procedures, Encripti monitors vast amounts of machine metadata to help ensure malicious activity is not only caught but is also contextualized and traceable. The overwhelming majority of this metadata is machine generated and contains non-attributable data such as process ID, operating system version, information about applications, and command line arguments. In limited situations however, file names, and generalized location inferred from public IP addresses of the endpoint where the metadata is located are collected. This personal information is almost exclusively considered Customer Data and is collected on behalf of customers in accordance with the directions provided to us in the Data Protection Agreement.
In addition to Customer Data, we also collect and process System Data to provide the Solutions. System Data is information that we collect or generate during the provision and administration of the Solutions and related technical support. System Data consists of:
Technical and Operational Data.This is information about the Solutions you are using and about the systems and related environment from which you access the Solutions. Examples include agent type and version, license information, UUID, and third-party systems used in connection with the product.
Console Data. This is information about your usage of the Management Console. Examples include configuration settings, dashboards, user roles, authentication credentials, and other administrative settings.
Feature Usage Data. This is information about how the Solutions are used. Examples include details about which features are used and user interface metrics.
Threat Data. This is information about threats and potential threats identified on endpoints. Examples include malware, URLs, processes or techniques, metadata, or other data that is potentially related to unauthorized third parties.
System Data is processed to deliver the Solutions that you and our other customers request. We use System Data to help us improve the performance and functionality of the Solutions, including Threat Data specifically which is used in our proprietary machine learning engines to detect and protect endpoints autonomously from malicious activity. Any limited personal information contained within System Data is never incorporated into the Solutions, nor is it used to contact or market products or services.
Security
Encripti maintains (and requires its service providers to maintain) appropriate organizational and technical measures designed to protect against unauthorized access, alteration, disclosure or destruction of personal information, taking into account the nature of the personal information and the processing, and the threats posed. We are constantly working to improve on these safeguards to help keep your personal information secure, however no security procedures or protocols are ever guaranteed to be 100% secure, and as such we do not guarantee the security of any personal information you provide to us or third parties.
Privacy Choices
Unsubscribe from marketing communications.You can unsubscribe from marketing-related communications by following the instructions at the bottom of the emails you receive from us or by contacting us as provided in the Contact Us section below. If you do so, you will continue to receive service-related and other non-marketing communications until you cease using our Services linked to those service updates.
Privacy rights. Depending on your location, you could be entitled to submit the following requests about your personal information:
Access. Request that we provide you with information about our processing your personal information and give you access to your personal information.
Deletion. Request that we delete the personal information that we maintain about you.
Correction. Request that we update or correct inaccuracies in your personal information.
Transfer. Request that we transfer a machine-readable copy of your personal information to you or a third party that you designate.
Restriction. Request that we restrict the processing (including sharing) of your personal information.
Objection. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
To exercise all other choices described above, please contact us at [email protected]. To avoid security diveaches, we will need to authenticate your identity before we respond to the request and to assess whether these rights apply to you. Additionally, applicable law can limit these rights, for example, by prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. While we endeavor to satisfy the requests we receive, if you are unsatisfied with our response, you may have the right to complain to a privacy or data protection regulator in your country.
Retention
We retain personal information for as long as necessary to fulfill the purposes for which we collect it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we process personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
International Transfers of Personal Information
Encripti operates on a global scale, and while providing our services, we may transfer personal information across country borders. This section explains how we handle such international transfers of your data, ensuring that we provide a high level of protection and security.
Transfer Mechanisms
To comply with international data protection laws, Encripti employs the following mechanisms for the transfer of personal information outside of its country of origin:
Adequacy Decisions. Where possible, we transfer personal data to countries that have been deemed to provide an adequate level of data protection by relevant regulatory bodies.
Standard Contractual Clauses (SCCs).For transfers to countries without adequacy decisions, we rely on Standard Contractual Clauses approved by the European Commission or other relevant authorities. These clauses provide specific data protection and privacy safeguards.
Binding Corporate Rules (BCRs). For transfers within Encripti's global network, we may use Binding Corporate Rules that have been approved by data protection authorities, ensuring all our entities adhere to the same high standards of data protection.
Privacy Shield Framework. If transferring data to entities in the United States, we ensure they participate in and comply with the EU-U.S. Privacy Shield Framework, which requires them to provide similar protection to personal data shared between Europe and the U.S.
Safeguards
In addition to the above mechanisms, Encripti implements robust technical and organizational measures to protect personal data during international transfers, including:
  • Encryption of data in transit and at rest;
  • Strict access controls and authentication measures; and
  • Regular audits and assessments to ensure compliance with our data protection policies and legal obligations.
Changes to This Policy
If there are any material changes to this Policy, you will be notified by our posting of a prominent notice on our Sites prior to the change becoming effective or as otherwise required by law. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of our Sites constitutes your agreement to be bound by such changes to this Policy.
Contact Us
If you have questions regarding this Policy or about our privacy practices, please contact us by email at [email protected].