ThreatModeler Software, Inc. Privacy Policy
Effective Date: 03/01/2024
Overview
The objective of the incident response process is to restore a normal service operation as quickly as possible and to minimize the impact on business operations, thus ensuring that the best possible levels of service quality and availability are maintained.¹
This Privacy Policy explains how we collect, use, and disclose information you provide to us (“Information”), including Personal Information (sometimes called “Personal Data” outside the U.S.), by which we mean information that would allow us to determine your identity when you engage with us.
For example, ThreatModeler Software, Inc. (“ThreatModeler”) may receive your Information when you:
- Use ThreatModeler’s websites or software applications (“apps”)
- Provide or update account information
- Register or attend ThreatModeler-hosted or sponsored events (such as promotional events, webcasts, contests or hackathons)
- Order or use ThreatModeler products, services or other offerings
- Communicate or interact with ThreatModeler on-line or off-line, including for service of ThreatModeler products or services installed on your premises or in the cloud
We refer collectively to these interactions as the “Services”. We explain below how we collect and use the Information you provide, and the data created when you use the Services.
ThreatModeler Processes Data for Our Customers
If you submit to us (or to third parties acting on our behalf) any Personal Information relating to other people in connection with your use of the Services, you represent that you have the authority to do so and to permit us to use the Information in accordance with this Privacy Policy. Because of the nature of the Services, we may operate as a data processor for our customers, who act as data controllers, and will process the Information in accordance with the terms of our customer agreements, including this Privacy Policy. It is our customers’ responsibility to ensure that the Information they provide to us can be legally collected in the country of origin, transmitted to us and maintained or used by us.
ThreatModeler Values
ThreatModeler is committed to uphold the privacy principles articulated in the EU-U.S. Privacy Shield (“Privacy Principles”) to which ThreatModeler has self-certified. This Privacy Policy provides useful information about how ThreatModeler adheres to these Privacy Principles and your rights with respect to them.
What We Collect and How You “Opt-Out”
Data from You or Others.
While we (or third parties acting on our behalf) may collect your Information, including Personal Information, when providing the Services, we also collect it in a variety of other ways, such as through public databases, joint marketing partners, social media platforms, conference hosts, event companies, and other third parties. If you log in to our Services using your social media login credentials (e.g., Google+), we may receive Information, including Personal Information, as determined by the practices of the applicable social media platform.
Data From the Services (Usage and Analytics Data).
We collect and process usage data when you use our Services (e.g., ingest volume, search concurrency, number of unique user logins, apps loaded, operating system, internet protocol address, source type (count), session duration and other use data) (“Usage Data”) to provide, maintain, and improve our Services. (In some products, you may have the option of configuring the administrator settings to opt- out of providing this information automatically.) In addition, we collect, and process anonymized, aggregated data about a group or category of Services, features, or users to improve the Services (“Analytics Data”). For example, Analytics Data may include anonymized Usage Data, information about the server environment (e.g., OS type/version, CPU type/version, database type/version, disk utilization), information about the devices operating the Services (e.g., browser type/version, OS type/version, device type/version), or such other similar information about user configuration or operation of Service features or functionality. On devices that enable location-based services, we may receive location information (determined by GPS or other signals), if you consent. (We may use this information to provide personalized location-based services and content. You can restrict our access to your device’s location by adjusting the location-based service preferences on your device.)
How We Use Your Information
ThreatModeler may use Information for various purposes, such as to:
- Fulfill your orders or respond to requests you make (e.g., for marketing materials from our website)
- Provide, improve and develop the Services, including account changes, billing and payments, customer or support services, or software updates
- Issue ThreatModeler accounts for access to online communities
- Send administrative information, like product announcements or changes to contract terms or policies
- Send marketing communications, like educational materials or information about special offers or upcoming online or offline events
- Invite you to participate in various promotional activities, contests, webcasts, sweepstakes, hackathons, usability studies, campaigns, surveys and product tests, and to assess their effectiveness
- Personalize your experience by focusing on, and presenting Services and offers tailored to, your interests
- Associate your mobile device with an identifier for your device.
- Research and analyze how our Services are used via cookies, web beacons and other similar technologies to personalize the Services
- Diagnose and fix technical issues and monitor the security of our environments
How We Use Analytics Data
We use Analytics Data extensively to help us better understand how our Services are being used, make improvements to them, and develop new features, products and services. For example, we may use this data to:
- Better understand how our users configure and use our Services
- Determine which configurations or practices optimize performance (e.g., best practices)
- Benchmark key performance indictors (“KPIs”)
- Perform data analysis and audits
- Identify, understand and anticipate performance issues and the environmental factors that affect them
- Other such business purposes relating to the operation, improvement, or development of our Services
How ThreatModeler Shares Your Information
ThreatModeler may disclose Information to third parties in the following ways:
- Affiliates. We may disclose Information to our affiliates subject to these obligations. ThreatModeler Inc. is the party responsible for the management of jointly used Personal Information.
- Service Providers. We may disclose Information to our third-party service providers, vendors, or others who provide services for ThreatModeler’s business operations. This may include such things as infrastructure, data analysis, order fulfillment, IT services, customer service, professional services or audit services, among others.
- Partners and Resellers. We may disclose Information to third parties, including our strategic partners and resellers to permit them to assess your interest in the Services, conduct user research and surveys, or send you marketing communications, subject to the terms of their privacy policies.
- Compliance and Safety. We may disclose Information as necessary or appropriate under applicable laws (including laws outside your country of residence) to: comply with legal process or requirements, including applicable notification obligations; respond to requests from public and government authorities (including public and government authorities outside your country of residence); enforce our terms and conditions; and protect our operations or those of any of our affiliates and our rights, privacy, safety, or property, and/or that of our affiliates, you or others.
- Merger, Sale, Etc. We may disclose Information in the event of a proposed or actual reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of ThreatModeler business, assets or stock (including any bankruptcy or similar proceedings)
- Other Users. We may disclose Information to other users of the Service in aggregated format, provided it does not include Personal Information. This may include “best practices” tips, KPIs, benchmark data or other such aggregated information useful to the user community.
How We Secure Your Information
ThreatModeler takes reasonable administrative, technical and physical measures to safeguard Personal Information against loss, theft, and unauthorized access, disclosure, alteration, misuse, or destruction. Unfortunately, no data transmission, software, or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please notify us immediately in accordance with the “Contact ThreatModeler” section below. If ThreatModeler learns of a breach of its systems, ThreatModeler may notify you or others consistent with applicable law and as agreed. By using the Services or providing Personal Information to ThreatModeler, you agree that ThreatModeler may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services and the Information.
How You Can Access and Correct Your Information
We give you choices regarding your access, and our use and disclosure, of your Personal Information for marketing purposes. If you would like to review, correct, or update your Personal Information contact us at: legal@threatmodeler.com. Be sure to indicate in your request what Information you would like to have changed. We will try to comply with your request(s) as soon as reasonably practicable, consistent with applicable law. Note, in some cases we may charge an administrative fee to process marketing access requests. If you no longer want to receive marketing-related emails from ThreatModeler on a go-forward basis, you may also contact us at the marketing email address above and request that your Personal Information be removed from marketing-related emails.
ThreatModeler Also Observes the Following Practices
- Retention Period. We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by applicable law.
- Use of Services by Minors. The Services are not directed to individuals under the age of thirteen (13) or those not of the age of majority in your jurisdiction, and we request that these individuals do not provide Personal Information through the Services.
- Cross-Border Transfers. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using any of our Services, you consent to the transfer of Information to countries outside of your country of residence, including to the United States, which may have different data protection rules than in your country. It is your responsibility to ensure that the Information you provide to us can be legally transferred to the United States or another country.
- Sensitive Information. You agree to not send us or disclose any sensitive Personal Information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background, or trade union membership) or any protected health information as defined by the Health Insurance Portability and Accountability Act of 1996 (otherwise known as “HIPAA”) Standards for Privacy of Individually Identifiable Health Information, as amended, unless otherwise provided in your written agreements with ThreatModeler.
- Links to Other Parties. The Services may contain links to or facilitate access to third-party websites or online services. This Privacy Policy does not address, and ThreatModeler is not responsible for, the privacy, information, or other practices of those third-parties, including any app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer. The inclusion of a third-party link within the Services does not imply endorsement of the linked site or service by us or our affiliates. ThreatModeler encourages you to review the privacy policies and learn about the privacy practices of those companies whose websites you choose to visit.
- Apps and Other Third-Party Content. The Services may be extendible through the use of software applications that we offer through apps.ThreatModeler.com, called apps and add-ons. These extensions are versatile and have access to a broad set of web technologies that can be used to collect and use your information. Additionally, some Services ship with a fully functional web and application server that can be extended by you or by third-party software. This Privacy Policy does not extend to third-party apps or add-ons (which may also collect your Information) even if packaged by ThreatModeler or offered through a ThreatModeler web property.
ThreatModeler contractually requires third-party app developers to comply with applicable privacy and data protection laws. If third-party app developers collect and transmit information about users of their apps, ThreatModeler contractually requires the developers to provide app users with notice of the collection and use of such data, and to obtain consent from app users before modifying the information, disclosing the information to other entities, or using the information for purposes other than to provide the services offered by the apps. ThreatModeler cannot guarantee that third-party app developers will comply with those requirements. When choosing to use apps, add-ons or other third-party extensions, you are entering a license agreement with those third parties. You should familiarize yourself with the privacy policies of the organizations or individuals providing you with software that runs in or with your ThreatModeler product.
Updates to this Privacy Policy.
We may change this Privacy Policy from time to time. If we change our Privacy Policy, we will post an updated privacy policy here, and it will become effective as of the date of posting (“Effective Date”). Your use of the Services following these changes means that you accept the revised Privacy Policy.
Your Consent.
By using the Services, you agree to and consent to be bound by the terms and conditions of this Privacy Policy. Contact ThreatModeler. If you have any questions or comments about this Privacy Policy, the information practices of the Services, or your dealings with ThreatModeler, you can contact us at any time:
ThreatModeler Software, Inc.
Office of the CEO
101 Hudson Street, Floor 21
Jersey City, NJ 07302
legal@threatmodeler.com
Please note that email communications are not always secure, so please do not submit sensitive information in your email.