ThreatDown Privacy Policy

Simply

We collect your information when you use our software, website, or otherwise communicate with us.

Simply

There are two types of information We collect: personal and non-personal.

User-Agent String

Each API communication coming from any of our client software identifies itself with a string that includes information about the software itself:

• The program and build which is sending the request
• The current license state (as identified by the product)
• The version of the software as well as any subcomponents (currently, databases) that it uses

Why?

So we can manage your ThreatDown product and ensure that it is up to date.

GeoIP Data

When we collect data from our client systems, we do not store IP address from which the request originates. However, we do use it to gather geographic information on the system calling in:

• A location item indicating the continent, country, city, and approximate latitude/longitude of the user based on your IP address
• The type of connection (dialup/broadband/satellite/mobile)
• The ISP through which the connection is made
• The organization to which the IP address is licensed, if any

Why?

So our malware intelligence team can track malware and potentially unwanted program (“PUP”) outbreaks and patterns.

GeoIP Data

When we collect data from our client systems, we do not store IP address from which the request originates. However, we do use it to gather geographic information on the system calling in:

• A location item indicating the continent, country, city, and approximate latitude/longitude of the user based on your IP address
• The type of connection (dialup/broadband/satellite/mobile)
• The ISP through which the connection is made
• The organization to which the IP address is licensed, if any

Why?

So our malware intelligence team can track malware and potentially unwanted program (“PUP”) outbreaks and patterns.

Functional Data

We collect data that is necessary for the functionality of the software or for our performance of providing the software to you. For example, we may need to collect system processes and behaviors in order to perform system rollback and recovery operations.

Why?

So our products are able to function as intended, including being able to detect and remediate malware and PUPs, and provide rollback and recovery operations.

Machine Identification Data

We identify each system by assigning each system with a ThreatDown-generated distinct identifier that is created at install time.

Why?

So we are able to get an accurate count of our install base. We are also able to identify changes to an individual system over time, allowing us to recognize trends which are used for improving our products.

License Data

We collect data from products corresponding to the products’ applicable license state. These data also use a unique identifier. In this, we collect:

• The key or keys used to license the current product
• The type of license being used
• If it represents a console system, the number of seats being managed by that installation of the console
• Endpoint and network domain information

Why?

So we can remind you when your ThreatDown subscription is about to expire or to determine the correct license type. We may use such license data in conjunction with other software collection to assist you in resolving licensing issues.

Malware and PUP Data

We collect data about the malware and PUPs that are detected by our products. We collect:

• The vendor name of the malware or PUP removed
• An encrypted description of which database rule was used to remove the malware or PUP in question
• Artifacts detected as malware, PUPs, or suspicious files
• Information related to detected artifacts

Why?

So our malware intelligence team can track malware and PUP outbreaks and improve the efficacy of ThreatDown products.

Trial Data

When a client attempts to start a trial, we track it remotely in order to validate that the trial is allowed. For this information we use another unique system identifier. We collect:

• The client’s request for a trial
• The start date and duration of the trial provided
• Any attempted conversion/purchase generated by clicking an in-app link, so that it can be correlated with a trial

Why?

So we can update your ThreatDown products accurately and when they need it.

Exploit Data

In ThreatDown Anti-Exploit products we collect a complex data object for any exploit process which is blocked by the software. In this data we collect:

• Process ID of the exploit process
• File path of exploit process
• MD5 hash of the exploit payload, if any
• Command-line arguments passed to the exploit
• A list of URLs potentially associated with the exploit, including redirect jumps if any
• Exploit payload files
• Exploit file-format (doc, pdf, xls, etc…)
• (Potentially) a copy of the exploit executable itself

Why?

So our malware intelligence team can track exploit outbreaks and deepen its understanding of new exploit techniques.

Operating System User Account Name and Domain

In certain ThreatDown business products providing brute-force attack protection, we collect user account names and domain information

Why?

So that you (as the customer) can see what credentials are being targeted during brute-force attacks

Port number(s) used for incoming connections.

In certain ThreatDown business products providing brute-force attack protection, we collect user account names and domain information associated with connections to network port numbers, including, but not limited to, those associated with: remote desktop protocol, FTP, SQL, IMAP, POP3, SMTP.

Why?

So that you (as the customer) can see what ports are being used for connections by different protocols, and improve our products.

Mobile Application Data

When you download and use our Services, we automatically collect information on the type of device you use, operating system version, and the unique device identifier.We send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.

We do not ask for, access or track any location-based information from your mobile device at any time while downloading or using our Mobile Apps or Services. We use mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personal information you submit within the mobile application.

As part of our text message filtering functionality, our Mobile Software also collects text messages from senders who are not in your contacts, and analyzes these text messages to determine whether they are malicious. We only receive the sender information and the body of the message which is analyzed to determine if they contain malicious URLs or come from malicious senders; no information is provided about the recipient. Text messages that are malicious are retained for analysis by our researchers, however, all other text messages are discarded.

Simply

We collect information that allows us to fight against malware and PUPs on your device and contact you if you allow us to send push notifications.

Where you use CSS:

• You provide ThreatDown with access to data contained in the applicable cloud repositor(ies) you share with ThreatDown.
• You control what files in those repositories are subject to scanning and access by ThreatDown.
• You are responsible for any requirements or necessary consents for providing such files to ThreatDown.
• In order to perform the scan, ThreatDown may transfer the files to ThreatDown controlled servers in the United States. Such files are promptly deleted after the completion of the scan. ThreatDown does not retain any copies of such files.

Why?

So that our products are able to function and perform your instructions.

Where you use ITDR:

• You provide ThreatDown with access to identity and authentication data from the identity providers and directories you connect to the Software (such as Active Directory, Microsoft Entra ID, and Okta).
• Depending on your configuration, this data may include:
  – Authentication and login event logs
  – User account information (usernames, email addresses, display names, account status)
  – Group membership and privilege information
  – Session and token metadata
  – Multi-factor authentication events and status
  – Failed authentication attempts
  – IP addresses and geolocation data associated with authentication events
  – Service account and machine account information
• You control which identity providers and directories are connected to the Software.
• You are responsible for ensuring you have the necessary rights, consents, and legal bases to provide this data to ThreatDown.
• Our ITDR products integrate with third-party threat intelligence providers, including compromised credential databases. We receive indicators only; we do not receive the credentials themselves. Third-party threat intelligence data may be incomplete, inaccurate, delayed, or outdated.
• Response actions initiated through the Software (such as account suspensions or session revocations) are logged.
• We collect, aggregate, and anonymize identity threat data to improve our detection capabilities. This collection cannot be disabled.

Why?

So our ITDR products can detect identity-based threats, including credential theft, privilege escalation, and unauthorized access attempts, and so you can maintain audit trails for compliance purposes.

Simply

We collect your information when you give it to us as part of a job application.

We use personal information for the following purposes: providing you with information, products or services; providing support to you and responding to your requests; providing information about our products, services, events, or news, including newsletters and promotional messages; performing and enforcing any contract(s) between yourself and ThreatDown, including billing and collections; to improve our products and services, including malware research, as well as our websites and present content to you; to market new and existing products to you; and as otherwise described to you when collecting your personal information or as otherwise allowed by applicable law.

We will not use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Other than with respect to the exceptions below, we do not share personal information with third parties

Simply

We use your information for providing you with our services. In certain situations, described below, we may share your personal information with a third party.

Website Analytics

Our servers automatically record Log Data information about how a user interacts with our software and services on our websites, including but not limited to our public website and our web-based management consoles. Log Data may include a user’s Internet Protocol (IP) address, browser type, operating system, web page that the user was visiting before accessing our server, search terms, and the pages or features of our software or services accessed by the user and the time spent there. Google Analytics provides us with the analysis of such data. Google’s privacy policy is available at http://www.google.com/policies/privacy.

Simply

Exception #1: We receive your website interaction information from Google for analytical purposes.

Service Providers

We may engage service providers to administer and provide our services. We may provide personal information to such service providers only for the purpose of performing services on our behalf, such as fulfilling orders and delivering updates, payment processing, providing customer service, sending marketing communications, conducting research and analysis, and providing cloud computing infrastructure. We require such service providers to agree not to disclose your personal information or use your personal information for any other purpose.

Simply

Exception #2: If we give your information to a service provider company, they won’t use your information outside of our business relationship.

Business Transactions

Information that we collect from users, including personal information, is considered a business asset. Accordingly, if we go out of business or enter bankruptcy, or if we are acquired, e.g., as a result of a transaction such as a merger, acquisition, or asset sale, your personal information may be disclosed or transferred to the third-party acquirer in connection with the transaction. You will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choice you may have regarding your personal information.

Simply

Exception #3: If someone buys us or we go bankrupt, your information may be transferred to someone else.

Governmental; Law Enforcement

We may disclose personal information to government agencies, law enforcement officials, and private parties as we, in our sole discretion, believe necessary: (1) to satisfy or comply with any applicable law, regulation or legal process; (2) to respond to lawful requests, including subpoenas, warrants or court orders; (3) to protect our property, rights and safety and the rights, property and safety of third parties or the public in general; and (4) to prevent or stop activity we consider to be illegal or unethical.

In certain situations, ThreatDown may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Simply

Exception #4: If the government asks for your information, we may comply.

Consent

We may share your personal information with third-party sites or platforms, such as social networking sites, but only if you have expressly requested that we do so.Similarly, by posting profile, content, or other information, including personal information to a forum or blog, you indicate your consent to its public use. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We will list you in our publicly accessible member directory on the forum website.We also display testimonials of satisfied customers on our websites in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at privacy@threatdown.com.

Simply

Exception #5: If you post your information in one of our forums or on the blog, well, that’s public

Simply

These are the legal bases we use for processing data subject to the GDPR.

California Residents

If you are California resident, you can find more information about your rights on our California Residents Privacy Notice Supplement.

Simply

California residents can learn more about their rights on our California Residents Privacy Notice Supplement.

Security

We take commercially reasonable measures to protect personal information from unauthorized access, use, and disclosure. However, no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we can’t guarantee the absolute security of your personal information.

Simply

We do what we reasonably can to protect your information

Retention

We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements. Because these needs can vary for different data types in the context of different products or services, actual retention periods can vary significantly.

Simply

Our retention periods differ for each type of personal information, but we only retain such information to fulfill the purposes for which it was collected.

Links

Our website may contain links to other websites and services. Any information that you provide on or to a third-party website or service is provided directly to the owner of the website or service and is subject to that party’s privacy policy. Our Privacy Policy does not apply to such websites or services and we are not responsible for the content, privacy, or security practices and policies of those websites or services.

Simply

Our privacy policy doesn’t apply when you visit sites we link to.

Simply

Subject to applicable laws, we’ll delete or modify your information if you ask.

International

International: EU – U.S. Data Privacy Framework, UK Extension to the EU – U.S. Data Framework, and Swiss – U.S. Data Privacy Framework

Your personal information may be transferred to, and maintained on, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your personal information to us, we may transfer your personal information to the United States and process it there.
If we transfer personal information which originates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.

ThreatDown complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set for by the U.S. Department of Commerce.

As part of this process, ThreatDown has certified to the U.S. Department of Commerce that, for transfers of personal information to the U.S., we will adhere to: (i) the EU-U.S. Data Privacy Framework Principles with regards to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF, and (ii) the Swiss-U.S. DPF with regards to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF (collectively, the “DPF Principles” or the “EU, UK, and Swiss Data Privacy Framework Principles”).
All of ThreatDown U.S. subsidiaries using the ThreatDown brand name adhere to the DPF Principles.

The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF (collectively, the “DPF”). To learn more about the DPF and to view our certification, please visit the Data Privacy Framework Program’s website.
If we receive personal information in the United States that is subject to the DPF Principles and subsequently transfer that personal information to a third party acting as an agent, we will remain liable under the DPF Principles if our agent processes such personal information in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.

Please note that we may be required to disclose your personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, we will commit to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal information received in reliance on the DPF should first contact us using the contact ThreatDown at Attn: Privacy (Legal), ThreatDown, 2445 Augustine Drive, Suite 550, Santa Clara, CA 95054 USA

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, we will further commit to refer unresolved complaints concerning our handling of personal information received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to JAMS Data Privacy Dispute Resolution Program, an independent dispute resolution provider located in the U.S.

If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit the JAMS EU-U.S. Data Privacy Framework website for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Under certain conditions, as more fully described in Pre-Arbitration Requirements of Annex I of the DPF Principles, you may invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms.

Simply

If you’re not in the U.S., we may transfer your information to the U.S. We participate in the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce.

Children

Our services are not directed to children under eighteen, and we do not knowingly collect personal information from children under thirteen. If we learn that we have collected personal information of a child under thirteen we will delete such information from our files as soon as possible, provided, however, that some information may remain in archived/backup copies for our records or as otherwise required by law.

Simply

We don’t knowingly collect information on children and delete it if we inadvertently do collect it.

We may modify and revise this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we will notify you of such changes by posting them on our website or by sending you an email or other notification prior to the change becoming effective.

Simply

We’ll let you know if we revise our privacy policy. If we make a material change, we will let you know before the change takes place.