Effective Date: December 25, 2017
- Use ThreatModeler’s websites or software applications (“apps”)
- Provide or update account information
- Register or attend ThreatModeler-hosted or sponsored events (such as promotional events, webcasts, contests or hackathons)
- Order or use ThreatModeler products, services or other offerings
- Communicate or interact with ThreatModeler on-line or off-line, including for service of ThreatModeler products or services installed on your premises or in the cloud
We refer collectively to these interactions as the “Services”. We explain below how we collect and use the Information you provide and the data created when you use the Services.
ThreatModeler Processes Data for Our Customers.
What We Collect and How You “Opt-Out”
Data From You or Others.
While we (or third-parties acting on our behalf) may collect your Information, including Personal Information, when providing the Services, we also collect it in a variety of other ways, such as through public databases, joint marketing partners, social media platforms, conference hosts, event companies, and other third-parties. If you log in to our Services using your social media login credentials (e.g., Google+), we may receive Information, including Personal Information, as determined by the practices of the applicable social media platform.
Data From the Services (Usage and Analytics Data).
We also collect and process usage data when you use our Services (e.g., ingest volume, search concurrency, number of unique user logins, apps loaded, operating system, internet protocol address, source type (count), session duration and other use data) (“Usage Data”) in order to provide, maintain, and improve our Services. (In some products, you may have the option of configuring the administrator settings to opt-out of providing this information automatically.)
In addition, we collect and process anonymized, aggregated data about a group or category of Services, features or users in order to improve the Services (“Analytics Data”). For example, Analytics Data may include anonymized Usage Data, information about the server environment (e.g., OS type/version, CPU type/version, database type/version, disk utilization), information about the devices operating the Services (e.g., browser type/version, OS type/version, device type/version), or such other similar information about user configuration or operation of Service features or functionality.
On devices that enable location-based services, we may receive location information (determined by GPS or other signals), if you consent. (We may use this information to provide personalized location-based services and content. You can restrict our access to your device’s location by adjusting the location-based service preferences on your device.)
How We Use Your Information
ThreatModeler may use Information for various purposes, such as to:
- Fulfill your orders or respond to requests you make (e.g., for marketing materials from our website)
- Provide, improve and develop the Services, including account changes, billing and payments, customer or support services, or software updates
- Issue ThreatModeler accounts for access to online communities
- Send administrative information, like product announcements or changes to contract terms or policies
- Send marketing communications, like educational materials or information about special offers or upcoming online or offline events, such as ThreatModelerLive
- Invite you to participate in various promotional activities, contests, webcasts, sweepstakes, hackathons, usability studies, campaigns, surveys and product tests, and to assess their effectiveness
- Personalize your experience by focusing on, and presenting Services and offers tailored to, your interests
- Associate your mobile device with an identifier for your device. (By downloading the mobile device app, you consent to our usage.)
- Diagnose and fix technical issues and monitor the security of our environments
How We Use Analytics Data
We use Analytics Data extensively to help us better understand how our Services are being used, make improvements to them, and develop new features, products and services. For example, we may use this data to:
- Better understand how our users configure and use our Services
- Determine which configurations or practices optimize performance (e.g., best practices)
- Benchmark key performance indictors (“KPIs”)
- Perform data analysis and audits
- Identify, understand and anticipate performance issues and the environmental factors that affect them
- Other such business purposes relating to the operation, improvement, or development of our Services
How ThreatModeler Shares Your Information
ThreatModeler may disclose Information to third parties in the following ways:
- Affiliates. We may disclose Information to our affiliates subject to these obligations. ThreatModeler Inc. is the party responsible for the management of jointly-used Personal Information.
- Service Providers. We may disclose Information to our third-party service providers, vendors, or others who provide services for ThreatModeler’s business operations. This may include such things as infrastructure, data analysis, order fulfillment, IT services, customer service, professional services or audit services, among others.
- Partners and Resellers. We may disclose Information to third-parties, including our strategic partners and resellers to permit them to assess your interest in the Services, conduct user research and surveys, or send you marketing communications, subject to the terms of their privacy policies.
- Compliance and Safety. We may disclose Information as necessary or appropriate under applicable laws (including laws outside your country of residence) to: comply with legal process or requirements, including applicable notification obligations; respond to requests from public and government authorities (including public and government authorities outside your country of residence); enforce our terms and conditions; and protect our operations or those of any of our affiliates and our rights, privacy, safety, or property, and/or that of our affiliates, you or others.
- Merger, Sale, Etc. We may disclose Information in the event of a proposed or actual reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of ThreatModeler business, assets or stock (including in connection with any bankruptcy or similar proceedings).
- Other Users. We may disclose Information to other users of the Service in aggregated format, provided it does not include Personal Information. This may include “best practices” tips, KPIs, benchmark data or other such aggregated information useful to the user community.
How We Secure Your Information
ThreatModeler takes reasonable administrative, technical and physical measures to safeguard Personal Information against loss, theft, and unauthorized access, disclosure, alteration, misuse, or destruction. Unfortunately, no data transmission, software, or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please notify us immediately in accordance with the “Contact ThreatModeler” section below. If ThreatModeler learns of a breach of its systems, ThreatModeler may notify you or others consistent with applicable law and as agreed. By using the Services or providing Personal Information to ThreatModeler, you agree that ThreatModeler may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services and the Information.
How You Can Access and Correct Your Information
We give you choices regarding your access, and our use and disclosure, of your Personal Information for marketing purposes. If you would like to review, correct, or update your Personal Information contact us at: firstname.lastname@example.org. Be sure to indicate in your request what Information you would like to have changed. We will try to comply with your request(s) as soon as reasonably practicable, consistent with applicable law. Note, in some cases we may charge an administrative fee to process marketing access requests.
If you no longer want to receive marketing-related emails from ThreatModeler on a go-forward basis, you may also contact us at the marketing email address above and request that your Personal Information be removed from marketing-related emails.
ThreatModeler Also Observes the Following Practices
- Use of Services by Minors. The Services are not directed to individuals under the age of thirteen (13) or those not of the age of majority in your jurisdiction, and we request that these individuals do not provide Personal Information through the Services.
- Cross-Border Transfers. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using any of our Services, you consent to the transfer of Information to countries outside of your country of residence, including to the United States, which may have different data protection rules than in your country. It is your responsibility to ensure that the Information you provide to us can be legally transferred to the United States or another country.
- EU-U.S. Privacy Shield. As indicated in ThreatModeler’s Privacy Shield Notice (found here), ThreatModeler has certified to the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce.
- Sensitive Information. You agree to not send us or disclose any sensitive Personal Information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background, or trade union membership) or any protected health information as defined by the Health Insurance Portability and Accountability Act of 1996 (otherwise known as “HIPAA”) Standards for Privacy of Individually Identifiable Health Information, as amended, unless otherwise provided in your written agreements with ThreatModeler.
ThreatModeler contractually requires third-party app developers to comply with applicable privacy and data protection laws. If third-party app developers collect and transmit information about users of their apps, ThreatModeler contractually requires the developers to provide app users with notice of the collection and use of such data, and to obtain consent from app users before modifying the information, disclosing the information to other entities, or using the information for purposes other than to provide the services offered by the apps. ThreatModeler cannot guarantee that third-party app developers will comply with those requirements. When choosing to use apps, add-ons or other third-party extensions, you are entering into a license agreement with those third-parties. You should familiarize yourself with the privacy policies of the organizations or individuals providing you with software that runs in or with your ThreatModeler product.
ThreatModeler Software, Inc.
Office of the CEO
101 Hudson Street
Jersey City, NJ 07302
Please note that email communications are not always secure, so please do not submit sensitive information in your email.