Last Updated: September 7, 2023
This Notice provides information about data we collect, use, and share, and our commitment to using the personal data we collect in a respectful fashion.
Skyhigh Security, LLC, and our affiliates (collectively “Skyhigh,” “we,” “our,” or “us”) disclose in this Notice how we collect personal information via this website and other sites and mobile applications that link to this Notice (“Site”). This Notice does not apply to other data collection and processing activities, including data we collect offline or that we process for our corporate and institutional customers which use our products and services, and other offerings (collectively “Products and Services”).
This Notice describes how we process, use, and share your personal information we collect through our Site and is intended to help you understand and exercise your privacy rights.
Important Note: Certain Skyhigh Sites and Products and Services may have their own privacy documentation describing how we handle personal information for those Products and Services specifically. To the extent a specific notice for a Product or Service differs from this Privacy Notice, the specific notice will take precedence. If there is a difference in translated, non-English versions of this Privacy Notice, the U.S.-English version will take precedence.
When we provide our Products and Services to organizations who are our customers (“Customers”), we process personal information on their behalf (“Customer Data”). In that situation, our Customers’ respective privacy policies govern their collection and use of Customer Data. Our processing of Customer Data is governed by our agreements with the Customer, not by this Notice. If you are an individual who interacts with the Products and Services through your relationship to a Customer (for example, if you are an employee of a company that is our Customer), please contact the Customer directly for more information about how your information is processed, including to understand any rights and choices you may have.
We may update this Notice from time to time in our sole discretion. If we modify our Notice, we will post the revised version here with an updated revision date. If we make material changes to our Notice, we may also notify you as required by applicable law. By continuing to use our Products and Services after the new Notice takes effect, you understand and agree that you will be deemed to have accepted the revisions and to abide by them.
If you have any questions or concerns about our processing of your personal information, you may contact us as set forth in “Contact Us” below.
What Kinds of Personal Information Do We Collect?
The categories of personal information we collect depend on how you interact with us, our Products and Services, and the requirements of applicable law. We collect information that you provide us, information we obtain automatically when you use our Products and Services, and information from other sources.
We collect the following types of personal information which you actively provide us:
- Account Information. When you want to update your account, register a product, or enable certain features of our Products and Services, we collect your business contact information (such as name, title, employer, email address, mailing address, including country, username/user ID, phone number, and/preferences).
- Communications between you and us. We may collect your account information when you send us inquiries or requests for information about our Products and Services or online demonstrations, register for our newsletters or events, request customer or technical support, download whitepapers, enter a promotion, apply for a job, or any information you submit, post, or transmit using our Services.
- We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information in connection with the survey, which may include personal information.
- Interactive features. We, and others who use our Sites, may collect personal information that you submit or make available through our interactive features (e.g., messaging and chat features, commenting functionalities, forums, blogs, and social media pages). Any information you provide using the public sharing features of the Sites will be considered “public,” unless otherwise required by applicable law and is not subject to the privacy protections referenced herein.
- Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, and other events.
- Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
- Job Applications. We may post job openings and opportunities on our Sites. If you respond to one of these postings, we may collect your personal information such as your application, CV, cover letter, and/or any other information you provide to us.
Automatic Data Collection
We receive additional personal information automatically when you use our Sites, as further detailed in our Cookie Notice.
Personal Information from Our Sites
We may collect certain information automatically when you use our Sites, such as:
- Your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, browser, Bluetooth, or device information that are automatically assigned to your computer or device when you access the Internet, as well as language preferences, location information (including approximate location derived from IP address), and Internet service provider. We may also automatically collect information regarding your use of and interaction with our Sites, such as unique technical identifiers, authentication credentials, or other personal information you choose to provide to Skyhigh. For example, when you visit our Sites, we may automatically collect information about your use, such as pages that you visit before, during and after using our Sites, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Sites and your preferences.
- Location Information. We may use your IP address to approximate your location when you visit our Sites to identify the specific country/region from which you are visiting.
- Information from cookies and other automated technologies (“Technologies”), such as information about the devices you use to engage with our Sites, and online activity data. For more details about the Technologies we use, the categories of information we collect, and how we use this information, please review our Cookie Notice.
Personal Information from Other Sources
In connection with some of our Products and Services, we may collect certain personal information relevant to security threats (e.g., IP addresses, device identifiers, URLs, and other data associated with malicious activity). We obtain this personal information through our Products and Services, publicly available sources such as online forums, other security providers and researchers, and independent research.
We may combine information we collect directly from you with information from other sources. If we link other data with your personal information, we will treat that linked data as personal information.
We may also obtain information about you from other sources, including through third-party services and organizations. For example, if you access our Sites through third-party applications or sites, such as a social networking site, we may collect information about you from that third-party application that you have made available via your privacy settings.
How Do We Use the Information We Collect?
We may use your personal information for a variety of business purposes, including providing our Products and Services, administrative purposes, sending notices, marketing, and other communications, and for other legitimate purposes permitted by applicable laws, as described below.
Provide Our Products and Services
We may use the information we collect for the purpose of fulfilling our contract with you and providing you with our Products and Services, including to:
- Provide customer support, troubleshoot issues, manage subscriptions, and respond to requests, questions, complaints, and comments;
- Provide you access to certain areas, functionalities, and features of our Products and Services;
- Communicate with you about your account, activities on our Services, and policy changes;
- Process applications if you apply for a job we post on our Sites; and
- Allow you to register for events.
Operate and Manage our Business
We use information we collect to manage our business for various administrative purposes, including to:
- Promote and administer special events, conferences, programs, surveys, contests, and other offers and promotions;
- Connect you with our business partners;
- Provide information, whitepapers, reports, newsletters, webcasts, and other materials;
- Engage in marketing to you and others, including direct marketing or online digital advertising;
- Personalize or customize your experience with our Products and Services (for example, based on preferences);
- Conduct and develop market, trend, customer, and industry research and analyses;
- Administer postings on our blogs, forums, and other public communications;
- Operate our Products and Services;
- Measure interest and engagement with our Products and Services, including understanding the use and needs of our Customers;
- Improve, upgrade, and enhance our Products and Services and develop new technologies, databases, products, and services;
- Notify you of Products and Services that we think may be of interest to you and keep track of your preferences;
- Manage our business relationships, perform transactions, accounting, auditing, license management, billing, reconciliation, and payments, and collection activities;
- Ensure internal quality control and safety;
- Authenticate and verify individual identities, including requests to exercise your rights under this policy;
- Short-term transient use;
- Detect security incidents, protecting against malicious, deceptive, fraudulent, or illegal activities and prosecuting those responsible for that activity;
- Debug to identify and repair errors with our Products and Services;
- Share information with third parties as needed to provide our Products and Services; and
- Carry out other activities that are required to comply with our legal obligations.
If your organization partners with us to provide Products and Services, we may also use your information to maintain, administer, analyze, or improve our business relationship with the partner.
Legal, Safety, and Compliance
We may also use the information we collect to:
- Prevent, detect, identify, investigate, and respond to potential or actual claims, liabilities, prohibited behavior, fraud, and criminal activity; and
- Comply with, defend against, or enforce legal rights, legal requirements, agreements, government requests or legal process, and/or policies.
Marketing and Advertising our Services
We may use personal information to tailor and provide you with content and advertisements. We may provide you with these materials as permitted by applicable law.
Some of the ways we market to you include email campaigns and custom audiences advertising.
We also use your information for other purposes as requested by you or as permitted by applicable law.
- Automated Decision Making. We may engage in automated decision making, including profiling. Skyhigh’s processing of your personal information will not result in a decision based solely on automated processing that significantly affects you, unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are permitted by law to engage in such automated decision making. If you have questions about our automated decision making you may contact us as set forth in “Contact Us” below.
- De-identified and Aggregated Information. We may use personal information and other information about you to create de-identified and/or aggregated information, such as de-identified demographic information, information about the device from which you access our Services, or other analyses we create. If we create or receive personal information that has been de-identified or aggregated, we will not attempt to reidentify it, except to comply with applicable law.
With Whom Do We Share Personal Information?
We do not share your information with third parties for those third parties’ own business interests. We may share personal information with third parties for the purposes listed in the above section titled “How Do We Use the Information We Collect?” This generally includes sharing with the following categories of recipients:
- Service providers and vendors who assist us with the provisioning of our Products and Services. We may share your personal information with our affiliated and unaffiliated service providers who use that information to help us provide our Products and Services. This includes third-party service providers that provide us with IT support, hosting, payment processing, customer service, legal and professional advisors, such as our auditors and legal counsel, and related services;
- APIs/SDKs. We may use third-party application program interfaces (“APIs”) and software development kits (“SDKs”) as part of the functionality of our Services. For more information about our use of APIs and SDKs, please contact us as set forth in “Contact Us” below;
- To protect us and others. We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to protect the health, safety, welfare, rights, or interests of you, us, Customers, any third party, or the general public, including to prevent physical, financial, or other harm, injury, or loss, including to protect against fraud or credit risk;
- Legal, governmental, or judicial authorities to comply with law enforcement or national security requests and legal processes, such as a court order or subpoena, as we believe prudent or required by those authorities, our contracts, or applicable laws. We may also share personal information to comply with, establish, assert, exercise, defend against, or enforce any legal claims, rights, obligations, process, or policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity;
- Corporate transactions. If we are involved in an acquisition, merger, financing due diligence, reorganization, bankruptcy, receivership, purchase or asset sale, or other similar business transfer that involves all or substantially all our assets or functions, your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract;
- With your consent or at your direction, we may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent such as when you choose to share information or post content on forums or publicly accessible platforms; and
- As directed by our Customers, relating to personal data collected via our Site.
How Do We Protect Your Information?
We use administrative, organizational, technical, and physical safeguards to protect the personal information we collect and process. Our security controls are designed to maintain data confidentiality, integrity, and an appropriate level of availability. We also contractually require that our suppliers protect such information.
What Privacy Choices and Rights Do You Have About Your Personal Information?
Your Privacy Choices.
The privacy choices you may have about your personal information are determined by applicable law and are generally described below.
- To stop receiving marketing communications from us, click on the unsubscribe link in the email you received from us, or click here for Skyhigh’s marketing communications page to unsubscribe from email subscriptions.
- If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that if you choose to no longer receive marketing information, we may still communicate with you regarding transactional, legal, or administrative topics, such as security updates, product functionality, and service requests. We may also send you certain non-promotional communications regarding us and our Products and Services, and you will not be able to opt out of those communications (e.g., communications regarding our Products and Services or updates to our Terms or this Privacy Notice).
- If you receive an unwanted text message from us, you may opt out of receiving text messages from us by following the instructions in the text message you have received from us or by otherwise contacting us as set forth in “Contact Us” below.
- We may send you push notifications through our mobile application. You may opt out from receiving these push notifications by changing the settings on your mobile device. With your consent, we may also collect precise location-based information via our mobile application. You may opt out of this collection by changing the settings on your mobile device.
- “Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
Individual Privacy Rights in Personal Information
In accordance with applicable law, you may have the right to:
- Request confirmation of whether we are processing your personal information;
- Obtain access to or a copy of your personal information;
- Receive a portable copy of your personal information, or ask us to send that information to another organization (the “right of data portability”); or
- Seek correction or amendment of certain personal information where it is inaccurate or incomplete.
In some cases, we may provide self-service tools that enable you to:
- Update your personal information;
- Restrict our processing of your personal information;
- Object to our processing of your personal information; or
- Request erasure of personal information held about you by us.
Each right is subject to certain exceptions prescribed by law.
If you would like to exercise any of these rights, please visit our Individual Data Request Form or contact us as set forth below. We will process such requests in accordance with applicable laws. To protect your privacy, we may take steps to verify your identity before fulfilling your request. For some requests, and where permitted by law, an administrative fee may be charged. We will advise you of any applicable fee prior to performing your request.
How Long Do We Retain Collected Personal Information?
We will keep your personal information we collect as described in this Notice for as long as you use our Products and Services, or for the period necessary to fulfill the purpose(s) for which it was collected, including for the purposes of satisfying any legal, accounting, reporting, or retention requirements, resolving disputes, establishing legal defenses, conducting audits, pursuing legitimate business purposes, enforcing our agreements, and complying with applicable law. As an example, if legal claims are brought or anticipated, we may continue to process your personal information for such additional periods as are necessary in connection with that claim.
Location of Services and International Data Transfers
Our company is headquartered in the United States, and we have operations, entities, and service providers in the United States and throughout the world. As such, we and our service providers may collect your personal information in jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We endeavor to safeguard your information consistent with the requirements of applicable laws.
If we transfer personal information which originates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses. For more information about the safeguards which we use for international transfers of your personal information, please contact us as set forth in “Contact Us” below.
Links to Other Websites
Our Products and Services may contain links to other websites for your convenience and information. These websites may be operated by companies not affiliated with us. Our Products and Services also may contain links to other websites/applications and other websites/applications may reference or link to our Products and Services. Linked websites may have their own privacy policies or notices, which we you should review when you visit those websites. We are not responsible for the content, privacy practices, or use of any websites that are not affiliated with us. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.