Request a CloudKnox Identity Risk Assessment Today

Risk Assesment

Have questions?
Our sales team can answer them.

Last Updated: July 17, 2020

CloudKnox Security, Inc. (“us,” “we,” or “our”) provides a platform for enhanced cloud infrastructure security. Our privacy policy (the “Privacy Policy”) is designed to help a user, or users, if a group or entity (“you or “your”) of our platform(s), website(s), or any related service(s) understand how we collect, use, and share your personal information and to assist you in exercising your privacy rights with respect to our platform(s), website(s), any related service(s), and this Privacy Policy.

I. SCOPE

This Privacy Policy applies to personal information processed by us in our business, including on our websites, and other online or offline offerings (collectively, the “Services”).

II. PERSONAL INFORMATION WE COLLECT

We may collect the following categories of information from you when you interact with the Services.

Information You Provide to Us

  • Account Creation. When you create a customer account, we may collect information including your name, email address, password, phone number, job title, and information about your company. We also collect this information if you apply to be a CloudKnox security partner or sign up to receive a CloudKnox identity risk assessment (for the purposes of this Privacy Policy, such actions constituting Services).
  • Your Communications with Us. We collect personal information from you such as your email address, phone number, or mailing address when you request information about our Services, or otherwise communicate with us.
  • Job Applications. We may post job openings and opportunities on the Services. If you reply to one of these postings by submitting your application, CV and/or cover letter to us, we will collect and use your information to assess your qualifications.
  • Interactive Features. We may offer forums, blogs, or social media pages. Any content you provide on these channels will be considered “public” and is not subject to privacy protections.
  • Surveys. We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include personal information.
  • Conferences, Trade Shows, and Other Events. We may attend conferences, trade shows, and other events where we collect personal information from individuals who interact with or express an interest in the Services.
  • Registration for Sweepstakes or Contests. We may run sweepstakes and contests. Contact information you provide may be used to reach you about the sweepstakes or contest and for other promotional, marketing and business purposes, if permitted by law. In some jurisdictions, we are required to publicly share information of winners.

Information Collected Automatically or From Others

  • Cloud Infrastructure Information. To provide the Services, we collect information about our customers’ software defined infrastructure identities (“Cloud Infrastructure Information”) which may include personal information such as names, email addresses, and authentication credentials. The Cloud Infrastructure Information indicates which users, groups, service accounts and the like have access to specific areas of our customers’ software infrastructures. The Cloud Infrastructure Information also includes certain information about our customers’ infrastructure operations, infrastructure configurations, and infrastructure operations, and events data regarding our customers’ computing environments and their usage of the Services.
  • Automatic Data Collection. We may collect certain information automatically when you use the Services. This information may include your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system or device, general location information (derived from IP address), Internet service provider, pages that you visit before, during and after using the Services, information about the links you click, and other information about how you use the Services. Information we collect may be associated with accounts and other devices.
  • In addition, we may automatically collect data regarding your use of our Services, such as the types of content you interact with and the frequency and duration of your activities.
  • Cookies and Other Technologies. We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Services. Technologies are essentially small data files placed on your computer, tablet, mobile phone, or other devices that allow us and our partners to record certain pieces of information whenever you visit or interact with our Services.
      • Cookies. Cookies are small text files placed in visitors’ computer browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.
      • Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects information about users’ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.

III.  HOW WE USE YOUR INFORMATION

We use your information for a variety of business purposes, including to:

Fulfil any contract(s) with you and provide you with our Services, such as:

      • Managing your information and accounts;
      • Providing access to certain areas, functionalities, and features of our Services;
      • Communicating with you about your account, activities on our Services and policy changes;
      • Undertaking activities to verify or maintain the quality or safety of a service or device, including to determine user entitlements with respect to our customers’ infrastructures, assess risks and to detect, report, and alert our customers of anomalies within their infrastructures;
      • Processing your financial information and other payment methods for products or Services purchased;
      • Providing advertising, analytics and marketing services;
      • Providing Services on behalf of our customers, such as maintaining or servicing accounts, providing customer service, and verifying customer information;
      • Processing applications and transactions; and
      • Allowing you to register for events.


Analyze and improve our Services pursuant to our legitimate interest, such as:

      • Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
      • Measuring interest and engagement in our Services and short-term, transient use, such as contextual customization of ads;
      • Undertaking research for technological development and demonstration;
      • Researching and developing products, services, marketing or security procedures to improve their performance, resilience, reliability or efficiency;
      • Improving, upgrading, or enhancing our Services;
      • Developing new products and Services;
      • Ensuring internal quality control;
      • Verifying your identity and preventing fraud;
      • Debugging to identify and repair errors that impair existing intended functionality;
      • Enforcing our terms and policies; and
      • Complying with our legal obligations, protecting your vital interest, or as may be required for the public good.

Provide you with additional content and Services, such as:

      • Furnishing you with customized materials about offers, products, and Services that may be of interest, including new content or Services;
      • Auditing relating to interactions, transactions and other compliance activities; and
      • Other purposes you consent to, are notified of, or are disclosed when you provide personal information.

Automated profiling. As part of our Service, we may use technologies considered automated decision making or profiling. We will not make automated decisions about you that would significantly affect you, unless such a decision is necessary as part of a contract we have with you (for example, to automatically limit an employee’s access privileges for security reasons), we have your consent, or we are permitted by law to use such technology. You may raise any concerns you have by contacting us below.

Use De-identified and Aggregated Information. We may use personal information and other data about you to create de-identified and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access our Services, or other analyses we create.

Share Content with Friends or Colleagues. Our Services may offer various tools and functionalities. For example, we may allow you to provide information about your friends through our referral services. Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services.

Process Information on Behalf of Our Customers (as Processors). Our customers may choose to use our Services to process Cloud Infrastructure Information and other data which may contain personal information. The data that we process through our Services is processed by us on behalf of our customers, and our privacy practices will be governed by the contracts that we have in place with our customers, not this Privacy Policy.

If you have any questions or concerns about how such data is handled or would like to exercise your rights, you should contact the person or entity (i.e., the data controller) who has contracted with us to use the Service to process this data. Our customers control the personal information in these cases and determine the security settings within the account, its access controls and credentials. We will, however, provide assistance to our customers to address any concerns you may have, in accordance with the terms of our contract with them. For a list of our sub-processors, contact us as described below.

How We Use Automatic Collection Technologies. We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies to automatically collect information through the Services. Our uses of these Technologies fall into the following general categories:

      • Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular site behavior, prevent fraudulent activity and improve security or that allow you to make use of our functionality;
      • Performance Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our visitors use the Services;
      • Functionality Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
      • Advertising or Targeting Related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third party sites.

Notice Regarding Third-Party Websites, Social Media Platforms and Software Development Kits.

The Services may contain links to other websites, and other websites may reference or link to our website or other Services. These other websites are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

Our Services may include publicly accessible blogs, forums, social media pages, and private messaging features. By using such Services, you assume the risk that the personal information provided by you may be viewed and used by third parties for any number of purposes. In addition, social media buttons such as LinkedIn and Twitter (that might include widgets such as the “share this” button or other interactive mini-programs) may be on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. These social media features are either hosted by a third party or hosted directly on our site. Your interactions with these features apart from your visit to our site are governed by the privacy policy of the company providing it.

We may use third-party Application Programming Interfaces (APIs) and Software Development Kits (“SDKs”) as part of the functionality of our Services. APIs and SDKs may allow third parties, including analytics and advertising partners to collect your personal information for various purposes including to provide analytics services and content that is more relevant to you. For more information about our use of APIs and SDKs, please contact us as set forth below.

IV.  DISCLOSING YOUR INFORMATION TO THIRD PARTIES

We may share your information as set forth below.

Service Providers. We may share any personal information we collect about you with our third-party service providers. The categories of service providers (processors) to whom we entrust personal information include: IT and related services; information and services; payment processors; customer service providers; and vendors to support the provision of the Services.

Business Partners. We may provide personal information to business partners with whom we jointly offer products or services. In such cases, our business partner’s name will appear along with ours.

Disclosures to Protect Us or Others. We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

Disclosure in the Event of Merger, Sale, or Other Asset Transfer. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

International Data Transfers. You agree that all information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We have taken appropriate safeguards to require that your personal information will remain protected and require our third-party service providers and partners to have appropriate safeguards as well. Further details can be provided upon request.

V.  YOUR CHOICES

General. You have certain choices about your personal information. Where you have consented to the processing of your personal information, you may withdraw that consent at any time and prevent further processing by contacting us as described below. Even if you opt out, we may still collect and use non-personal information regarding your activities on our Services and for other legal purposes as described above.

Email and Other Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to our Terms or this Privacy Policy). We process requests to be placed on do-not-mail, do-not-phone, and do-not-contact lists as required by applicable law.

 “Do Not Track. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

Cookies. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. Alternatively, for some devices you may use your device’s platform controls in your settings to exercise choice. Please note you must separately opt out in each browser and on each device.

Your Privacy Rights. In accordance with applicable law, you may have the right to:

      • Access Personal Information about you consistent with legal requirements, including: (i) requesting confirmation of whether we are processing your personal information; (ii) obtaining access to or a copy of your personal information; (iii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company (the “right of data portability”);
      • Request Correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information or we may refer you to the controller of your personal information who is able to make the correction;
      • Request Deletion of your personal information, subject to certain exceptions prescribed by law;
      • Request restriction of or object to processing of your personal information, including the right to opt in or opt out of the sale of your personal information to third parties, if applicable, where such requests are permitted by law;
      • Not be discriminated against by us for exercising your privacy rights.

If you would like to exercise any of these rights, please log into your account or contact us as set forth below.

VI.  DATA RETENTION

We store the personal information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

VII. SECURITY OF YOUR INFORMATION

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure.

By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services, by mail, or by sending an e-mail to you.

VIII. CHILDREN’S INFORMATION

The Services are not directed to children under 18 (or other age as required by local law), and we do not knowingly collect personal information from children. If you learn that your child has provided us with personal information without your consent, you may contact us as set forth below. If we learn that we have collected any personal information in violation of applicable law, we will promptly take steps to delete such information, unless we have a legal obligation to retain it, and terminate the child’s account.

IX.  SUPERVISORY AUTHORITY

If you are located in the European Economic Area or the UK, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.

X. CHANGES TO OUR PRIVACY POLICY

We may revise this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use the Services after the new Privacy Policy takes effect.

XI. CALIFORNIA PRIVACY NOTICE

This Supplemental California Privacy Notice applies to only California residents and supplements our general Privacy Notice. For purposes of only the Supplemental California Privacy Notice, “personal information” refers to information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer or household, as defined in the California Consumer Privacy Act of 2018 (“CCPA”).

CCPA. Under the CCPA, California residents have certain rights around our collection, use, and sharing of their personal information as explained in the “Your Privacy Rights” section above. If you wish to exercise any of your rights as a California resident, please contact us as set forth below. To protect your privacy, we may also take additional steps to verify your identity before fulfilling your request, such as by asking you to answer questions regarding your activities on our Services. Once you have verified your identity, if permitted by law, you may also designate an authorized agent to exercise your rights on your behalf by providing the agent’s contact information to us.

Information Collection and Sharing. We do not sell your personal information, as the term “sale” is defined under the CCPA, nor have we sold your personal information in the preceding 12 months. Likewise, we do not have actual knowledge that we have “sold” any personal information of minors under 16 years of age.

The table below lists the categories of personal information we collected from California consumers in our role as a business within the last 12 months, and the categories of third parties to whom the information was shared. The categories of sources from which we collect personal information are set forth above in the section “PERSONAL INFORMATION WE COLLECT.” We collected this personal information for the business and commercial purposes described in this Privacy Policy.

Category of Personal Information

Information Examples

Categories of Third-Party Recipients

Identifiers

Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, or account name.

Service Providers

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

A name, signature, physical characteristic or description, address, telephone number, or financial information.

Service Providers

Commercial information

Records of services purchased.

Service Providers

 

Internet or other electronic network activity

Browsing history, information on a consumer’s interaction with an internet website, application, or advertisement.

Service Providers

 

Professional or employment-related information

Current or past job history.

Service Providers

Inferences drawn from other personal information to create a profile about a consumer

Profile reflecting a consumer’s preferences.

Service Providers

 

In addition, we may share any of the information we collect with the third parties described in the section “DISCLOSING YOUR INFORMATION TO THIRD PARTIES” above

XIL. CONTACT US

If you have any questions about our privacy practices or this Privacy Policy, or if you wish to submit a request to exercise your rights as detailed in this Privacy Policy, please contact us at:

CloudKnox, Inc.

Attention: Privacy

333 W. El Camino Real, Ste. 350

Sunnyvale, CA 94087 USA

1-888-704-0748

privacy@cloudknox.io