Privacy Policy

Last Modified: January 30, 2023

This Privacy Policy (this “Policy”) applies to the website located at www.forallsecure.com (the “Site”) as well as our software, platform, and all services offered by ForAllSecure, Inc. (“ForAllSecure,” “Company,” “we,” or “us”) through the Site or otherwise (collectively, including the Site, our “Services”). This Policy provides you with information on how we collect, gather, process, share, and use information we may obtain about you during your use of our Services and in the context of interactions with our company, including when you contact us for customer support. 

We collect and process personal and/or business data relating to Site visitors, purchasers and users of Services, and other information relating to an identified or identifiable natural person in accordance with this Privacy Policy. Please note that this Policy does not apply to the use of data by third-party businesses or services whose services are accessible via a link on or an integration with our Services. 

This information may be expanded or updated as we change or develop our Services. We suggest that you review this Policy from time to time for updated information. Your continued use of any of our Services signifies your acceptance of our Website Terms of Use and all other terms for our service you have previously accepted, as well as your notice of and consent to the practices described in this Policy.

 

What information do we collect?

ForAllSecure may collect, process, and otherwise use the following categories of data (examples listed below may change over time and will vary depending on the ways in which you interact with us and our Services):

  • Personal Information: This includes information that can identify, relate to, describe, be associated with, or be reasonably capable of being associated with a particular individual.

Examples of Personal Information collected by ForAllSecure may include, but are not limited to:

    1. Identity Data:  Information about you and your identity, such as your name, company name or title.
    2. Contact Data:  Information used to contact you, such as your email address, company address, billing address, and phone number.
    3. Account Data:  Information created when you open an account with us (such as your login credentials for our Services) or authentication credentials you may provide in connection with a third-party API or other service you wish to test using our Services.  This may also include data relating to your usage of your account on our Services. 
    4. Transaction Data:  Information relating to a purchase order or request for information on our Site, or other transaction on or relating to our Services, such as the details of your transaction.
    5. Financial Data:  Information provided when you pay for Services, such as a credit card or other financial or billing account number, and other information you provide in connection with a financial transaction.
    6. Device/Network Data: Information relating to your device, browser, or application (e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies), session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies.
    7. Freeform Data: Unstructured/free-form data that may include any category of Personal Information described above (and Non-Identifying Information), including data that you include in emails/comments, feedback forms, or survey responses.

  1. Non-Identifying Information: This includes information that cannot on its own identify or be associated with a particular person. Examples of Non-Identifying Information collected by ForAllSecure may include, but are not limited to: demographic data, information regarding your use of the Services (to the extent it is not associated with a registered account), and general data. We may aggregate information collected from all users, and in some cases, we may render Personal Information into a form of Non-Identifying Information that does not identify you directly.

 

How do we collect information?

ForAllSecure may collect information automatically when an individual interacts with our Services or we may collect information directly from an individual. At times, we may collect information about an individual from other sources and third parties, even before our first direct interaction. 

  1. From you. You may provide a variety of Personal Information to us when you interact with us and our Services, such as providing Identity Data and Contact Data when you initially contact us, transact with us, or apply for a position with our company; Freeform Data that you provide by filling in forms within our Services; Account Data provided when you register for or use your ForAllSecure account; and Transaction Data or Financial Data provided when you make a purchase from us, register for a webinar or event on our Site, subscribe to receive updates from our blog or otherwise interact with us or our Services.  You may also provide us with data whenever you correspond or otherwise communicate with us.  When you use our Services while you are logged into your account, or when you conduct search queries on the Services, you may also submit certain information to us (some of which may be intentionally provided by you, and some of which may be provided through automated processes and technologies, as described below).

  1. From automated processes and technologies. When you use our Site and Services, you provide certain Device/Network Data and Account Data to us.  This information includes details of your visits to our Site and use of our Services, including traffic data, logs, and other connection data and the resources that you access and use within our Services. Automated technologies can also provide information about your computer and internet connection, including your device type, IP address, operating system, and browser type and version.  It can also include a unique device identifier (“Device Identifier”) for any device (computer, mobile phone, tablet, etc.) used to access the Services. A Device Identifier is a number that is automatically assigned or connected to the device you use to access the Services, and our servers identify your device by its Device Identifier. Some mobile service providers may also provide us or our third-party service providers with information regarding the approximate physical location of the device used to access the Services.

  1. From third parties. Other parties, such as our service providers and event partners, may collect certain Personal Information and Non-Identifying Information from you and provide this information to ForAllSecure.  For example, when you register for an event organized by an event partner of ForAllSecure, your registration data (which may include Identity Data, Contact Data, Transaction Data and Financial Data) may be shared with us by the event partner.  If you interact with a service provided to us on our platform by a third party (such as a company facilitating event registrations, or third parties who assist us with marketing or analytics), that party may share information with us to enable us and the service provider to better provide and tailor our communications and Services to you and other users or customers.

 

How do we use the data?

Data will be processed and stored in various ways, including in your ForAllSecure account and on other information technology systems owned or controlled by us.  

We process and otherwise use the information we collect for purposes such as the following:   

  • To provide the Services; 
  • To process product orders received through the Services or other ways you communicate them to us (e.g., email);
  • To evaluate business opportunities; 
  • To effectuate or enforce a transaction or agreement; 
  • To adjust offerings or services provided by us to you;
  • To provide you with information about our products and services that we believe you may find of interest, including to send you mailing lists, and marketing and promotional e-mails (subject to your right to opt-out of marketing communications);
  • To authenticate visitors to the Services; 
  • To generate de-identified and aggregated statistics data for any lawful purpose;
  • To be able to respond to requests or inquiries, and for similar, customer-service-related purposes;
  • To improve the Services and offerings or services provided by us and to better understand how users access and use the Services and offerings provided by us.
  • To respond to job applications. If you decide to apply for a job with us, you may submit your Personal Information and resume online. If you apply for a job with us through a third-party platform (such as Glassdoor or LinkedIn), we will collect certain Personal Information you make available to us through such third-party platform;
  • We automatically collect through the Services information that is often not personally identifying, such as the website from which visitors came to the Services, Services visitors’ IP address, browser type and other information relating to the device through which they access the Services. We may combine this information with the Personal Information we have collected from you; 
  • To detect, protect against, and prosecute privacy and security incidents and fraudulent or illegal activity; To carry out our obligations and enforce rights arising from any contracts entered into between you and us; and
  • To fulfill any other purpose for which you provide it or for which you provide consent.

For clarity, we do not make any warranty, express, implied or otherwise, that we will be able to prevent loss, misuse, unauthorized access to, or alteration of personally identifiable information you provide to us. You make any disclosure of personally identifiable information to us at your own risk.

Cookie Policy:  Our Use of Cookies and Other Automated Technologies

We receive technical information when you use our Site and other Services via the use of cookies and similar technologies. We use these technologies to analyze how people use the Services, to improve how our Services function, and to save your preference information for future sessions.

Your use of our Services indicates your agreement with the use of the cookies described below. If you do not agree with our use of these technologies, do not use our Services for any reason.

  • Necessary cookies.  These cookies are essential, as they enable you to interact with the Services and use their features, such as accessing areas secured by user credentials. Without these cookies, we might not be able to provide or offer some services you may request.
  • Analytics and measurement.  These cookies enable the collection of information about your use of content and various features of our Services, and are combined with previously collected information, to measure, understand, and report on your usage of the Services.
  • Targeting cookies.  These cookies are used to deliver advertisements that are relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of an advertising campaign. They remember that you have visited a website and this information may be shared with other organizations such as advertisers. This means after you have been to our Site you may see some advertisements about our services elsewhere on the Internet. 
  • Matching/linking data. These cookies combine data from online or offline sources that were initially collected in other contexts and allow processing of a user’s data to connect such user across multiple devices. 
  • Geolocation cookies.  These third-party cookies allow processing of a user’s precise geographic location data in support of a purpose for which the cookie installer has consent. 

Do Not Track.  Please note that your browser settings may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit.  Like many websites and online services, ForAllSecure does not currently alter its practices when it receives a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

You can set your browser not to accept cookies. However, some of our website features may not function as a result. For further information visit www.aboutcookies.org.

With whom does ForAllSecure share your information?

We may share any Personal Information and Non-Identifying Information we consider to be relevant with any of the following:

  1. Our current or future subsidiaries and affiliates in order to streamline provision of Services or for other business purposes, or a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets;
  2. Contractors, service providers, and other third parties we use to support our business, such as cloud hosting providers, payment processors, and event management vendors;
  3. Third parties who assist us in fulfilling the purpose(s) for which you provide it, including marketing our products or services to you or enabling you to engage in providing services to other users or our customers;
  4. Third parties to market their products or services to you (subject to your right to opt-out of such communications);
  5. Law enforcement, government entities or others, to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
  6. Other third parties as we deem appropriate in order to enforce or apply our terms of use, license agreements, and other agreements, including for billing and collection purposes and to obtain advice about legal and financial matters;
  7. Other third parties if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Site, our customers, or others, including disclosures or exchanging information with other companies and additional parties for the purposes of fraud protection and credit risk reduction, or to respond to a crime, to investigate violations of our Terms of Use.

International Data Transfers

ForAllSecure is a U.S. company. If you are located outside the United States and choose to provide information to us, we transfer at least some Personal Information to the United States for processing, and our service providers may process Personal Information in the United States and elsewhere. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to the United States, we will protect it as described in this Policy.  Data we collect may be transferred to, stored, and processed in any country or territory where one or more of our affiliates or service providers are based or have facilities. While other countries or territories may not have the same standards of data protection as those in your home country, we will continue to protect personal data that we transfer in accordance with this Privacy Policy.

If you are located in the European Economic Area (“EEA”), please note that some countries outside the EEA do not have laws that protect your privacy rights as extensively as those in the EEA. However, if we do transfer your Personal Information to other territories, we will put in place appropriate safeguards designed to ensure that your Personal Information will be protected and processed in accordance with this Privacy Policy and the requirements of applicable data protection laws, including, when applicable, the General Data Protection Regulation (“GDPR”) or the UK GDPR (as defined in UK Data Protection Act 2018). We may transfer Personal Information from the EEA to the United States using the EU or UK (as applicable) standard contractual clauses or other lawful mechanisms.

Data Retention

We retain personal data for as long as we deem it as reasonably necessary in order to maintain and expand our relationship and provide you with our Services and offerings; in order to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (i.e., as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use), all in accordance with our data retention policy.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and the applicable legal requirements.

If you have any questions about our data retention policy, please contact us by e-mail at privacy@forallsecure.com.

Data Security

We will take reasonable precautions to prevent the loss, misuse or alteration of your personal information. Data transmission over the Internet is inherently insecure and we cannot guarantee the security of data sent over the Internet.  Please note that we sometimes share Personal Information with third parties as noted above, and we do not have the ability to control all aspects of these third parties’ security.

Data Subject Rights

Individuals have rights concerning their personal data. Please contact us by email at privacy@forallsecure.com if you wish to exercise your privacy rights under any applicable law, including the EU or UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), or the Virginia Consumer Data Protection Act (VCDPA). 

Such rights may include – to the extent applicable – the right to know/request access to (specific pieces of personal data collected; categories of personal data collected; categories of sources from whom the personal data was collected; purpose of collecting personal data; categories of third parties with whom we have shared personal data), to request rectification or erasure of your personal data held with ForAllSecure, or to restrict or object to such personal data processing (including the right to direct us not to sell your personal data to third parties now or in the future), or to port such personal data, or the right to equal services and prices (e.g. freedom from discrimination) (each to the extent available to you under the laws which apply to you). 

Your right to know and right to deletion are not absolute and are subject to certain exceptions. For instance, we cannot disclose specific pieces of personal information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the personal information, your account with us or the security of the business’s systems of networks.

  1. Right to Know.  You have the right to know the personal information we collect, use, disclose, and sell, if applicable. You have the right to request in writing from us a copy of the categories of personal information we have collected about you, the categories of sources from which we collected that information, why we collected that information about you, the categories of third parties with whom we shared your personal information, the categories of personal information that the business disclosed about you for a business purpose, and the specific pieces of personal information we have collected about you. Please note that we are only required to process your right to know request twice per calendar year.
  2. Right to Deletion. You have the right to request that we delete any personal information we have collected from you or maintain about you. However, we are not required to comply with such requests if it is necessary for us or our partners to maintain the personal information in order to:
    1. complete the transaction for which the personal information was collected;
    2. detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity;
    3. debug to identify and repair errors that impair existing intended functionality;
    4. exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
    5. engage in public or peer-reviewed scientific, historical, or statistical research in the public interest;
    6. comply with a legal obligation; or
    7. use personal information internally in a lawful manner that is compatible with the context in which the information was provided the information and is reasonably aligned with the expectations of the resident based on the resident’s relationship with the business.
  3. Right to Opt-Out of the Sale of Your Personal Information. If a business sells your personal information you have the right to opt-out of having your personal information sold.  
  4. Right to Non-Discrimination. We will not discriminate against those who exercise their rights. Specifically, if you exercise your rights, we will not deny you goods or services, charge you different prices or rates for goods or services or   provide you a different level or quality of goods or services.

If you are an individual protected under an applicable privacy law, you also have the right to lodge a complaint with the relevant supervisory authority.

Asserting Your Rights. You may exercise your right to know or your right to deletion by either emailing us at privacy@forallsecure.com or writing by mail to ForAllSecure, Inc. 3710 Forbes Ave, Pittsburgh, PA 15213. 

To verify your identity, we may ask you to verify personal information we already have on file for you.  If we cannot verify your identity from the information we have on file, we may request additional information from you, which will only be used for the purposes of verifying your identity, and for security or fraud-prevention purposes. In some instances, we may seek for you to 

signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.  We will delete any new personal information collected for the purposes of verification as soon as practical after processing your request. We may redact from the data which we will make available to you, any personal data or confidential information related to others.

You may designate an authorized agent to make a request to know or a request to delete. We will respond to your authorized agent’s request if they submit proof that they are registered to be able to act on your behalf or submit evidence you have provided them with power of attorney.  We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf.

Communications

Service Communications: We may contact you with important information regarding our Services. For example, we may send you notifications (through any of the means available to us) of changes or updates to our Services, billing issues, log-in attempts or password reset notices, etc. If you are registered as a user of our Services, you can typically control your communications and notifications settings through your user account, or otherwise in accordance with the instructions included in the communications sent to you. Please note that you will not be able to opt out of receiving certain service communications which are integral to your use (like password resets or billing notices).

Promotional Communications: We may also notify you about new features, additional offerings, events, special opportunities, or any other information we think you will find valuable, as our customer, user or prospect. We may provide such notices through any of the contact means available to us (e.g., phone, mobile or e-mail), through the Services, or through our marketing campaigns on any other sites or platforms.

If you do not wish to receive such promotional communications, you may notify ForAllSecure at any time by sending an e-mail to privacy@forallsecure.com, changing your communications preferences through your user account, or by following the “unsubscribe”, “stop”, “opt-out” or “change e-mail preferences” instructions contained in the promotional communications you receive.

Children’s Privacy

Our Services are not designed to attract children under the age of 18. We do not knowingly collect personal data from children and do not wish to do so. If we learn that a person under the age of 18 is using the Services, we will attempt to prohibit and block such use and will make our best efforts to promptly delete any personal data stored with us with regard to such child. If you believe that we might have any such data, please contact us by e-mail at privacy@forallsecure.com. 

Changes

We may update this Privacy Policy at any time at our sole discretion and any changes will be effective upon posting. If we make changes, we will notify you by revising the date at the top of the policy and, in some cases, we may provide you with additional notice (such as by adding a statement to Our website homepages or sending you an email notification) or otherwise seek additional consent in accordance with applicable law. You should check regularly for the most up-to-date version of this Privacy Policy.

 

Contacting Us

If you have questions about this Privacy Policy, please contact use at privacy@forallsecure.com or write to us by mail addressed to ForAllSecure, Inc. 3710 Forbes Ave, Pittsburgh, PA 15213.