DATA COLLECTION AND USE
Red Canary Websites and Web Portals
Red Canary Websites provide Internet based access for users to learn about Red Canary and its Offerings and to communicate with Red Canary and with others. Red Canary web portals that may exist within our Offerings as well as open communities such as Twitter and GitHub connections (“Web Portals”) provide customers with Internet based access to our Offerings. When an individual uses our Websites and Web Portals, Red Canary gathers information, some of which is personal information. Information collected and used by Red Canary may include, among other things, the Internet Protocol (IP) address, browser information, device ID, the type of computer and technical information about a user’s means of connection to our Websites or Web Portals, such as the operating system and the Internet service providers utilized and other similar information. From users who are required to login to gain access to a particular Website feature or Web Portal, we collect usernames, passwords, and other login credentials that are used for the purpose of verifying user authorization to access the feature or Offering.
We and our third party partners use Local Storage (HTML5) to provide certain features on our Websites and Web Portals, to display advertising based on your web browsing activities, and to store content information and preferences. Various web browsers may offer their own management tools for removing HTML5.
We partner with a third party to display advertising on our Websites or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this site and other sites to provide you advertising based on your browsing activities and interests.
We may use the information, including personal information, that we collect from users of our Websites and Web Portals for a number of reasons, including but not limited to the following purposes:
- Operate, secure, support, personalize, and improve our Websites
- Provide you requested information and Offerings
- Provide blogs and discussion groups within our Websites
- Run promotions, contests, surveys, or other website features
- Send periodic emails
- Recruit new employees when you respond to career postings
- Analyze trends
- Digital marketing, which may include online advertisements appearing on cookie-based advertising networks
- Direct marketing, which may include postal mail or telemarketing from Red Canary or a service vendor
- Provide you our Offerings, including product updates, documentation, and related information
- Operate, secure, support, and improve our Web Portals and Offerings
- Develop new features, products, and services
- Send periodic emails
- Analyze trends
We may transfer or provide access to personal information obtained through our Websites or Web Portals to individuals or companies that help us provide, operate, support, maintain, secure, and improve our Websites and Offerings.
If you opt-in to our mailing list online or in person, you will receive emails that may include company news, updates, related product or service information, and other Red Canary related information. We may also associate any personal information you submit to us, including email addresses, with information collected about you through other means such as cookies, web beacons, or social media plugins. This will help us better tailor content delivered to you through a variety of ways, including online advertisements. We include unsubscribe instructions at the bottom of each email if at any time you would like to unsubscribe from receiving future emails.
Accessing our blog will load social media cookies that are necessary for displaying content and enabling user interaction. If you make posts to our blogs, your words and identity are made available to other people using the blog. We are under no obligation to publish, maintain, or retain any of your posts. If you provide us with feedback about our company, Offerings, or Websites, we consider this to be freely given and we may use your feedback without compensation or attribution to you.
On our Websites, you can sign up to receive additional information, attend a webinar or sign up to attend a live event. To receive additional information from us, you must provide your name, company name, email address, and phone number. This information is retained by us and our third-party business partners to provide you with information, marketing materials, or updates for Red Canary Offerings similar or related to the information that you have requested. Our third-party business partners provide Red Canary with services that may require us to provide them with your personal information. These third-party business partners are not permitted to use the information collected on our behalf except to help us conduct business, improve, or provide the Red Canary Offerings.
We may also send you notifications via email regarding Red Canary Offerings for the purpose of keeping you informed of any updates or changes to the Red Canary Offerings, e.g., product updates and support communications. These email communications are essential for the continued functionality of the Red Canary Offerings, and you will continue to receive these types of email communications even if you choose to opt-out of any other email communication from us.
If you would like to review your communication preferences, or if you do not want to receive further information or materials from us, you can update your information or opt-out by following the instructions contained within each communication from us. You can also contact us at email@example.com or write to us at the address listed at the end of this Policy.
Red Canary has numerous Offerings, including but not limited to platform and cloud based security and intelligence subscription services, free community security tools, and more. All of our Offerings are centered on our mission to provide cutting-edge security solutions to our customers.
In order to accomplish our mission, Red Canary takes advantage of high volume, high velocity, and high variety information to reveal relationships, dependencies, and perform predictions of outcomes and behaviors in order to detect, contain, and mitigate network intrusions and identify the attackers. Most of the information Red Canary collects through its Offerings is metadata, for example, data about how and when a device or network is being used, login times and attempts, registry keys, types and versions of operating systems, browsers, and information about software applications. Some of the data we collect may be considered personal information depending on the laws of the location where it is collected, such as IP addresses. In some cases, we collect personal information as it may appear within usernames, filenames, file paths, and machine names. However, we only use the data that we collect through our Offerings to help our customers and improve our capabilities in the way described in our more specific product or service documentation and agreements. Red Canary also offers customers the ability to directly provide to Red Canary, or for customers to have Red Canary Offerings configured to collect files (including the content of those files) and other information related to the files for security analysis and response, or when submitting crash reports, to make the product more reliable. At your direction, we may also collect or retrieve files as part of our Offerings. The files and related information may contain personal information.
An important type of data we detect and collect, analyze, and use through our Offerings (or provide our customers the ability to provide to us) is information about adversaries, for example, malware and URLs where adversaries try to send your data. We often discover this type of information from analyzing samples customers provide to us or from the data we collect from customers through our Offerings. We use the information we collect about adversaries to help all of our customers and the public . However, when we share information that we learn about adversaries, we do not identify customers or individuals.
To the extent Red Canary collects personal information through its Offerings, Red Canary collects that information under the authority and direction of its customers, which often are corporate entities. Red Canary typically has no direct relationship or contact with an individual whose personal information we may collect or receive from a corporate customer and subsequently analyze and use. Regardless, the use of information collected through our Offerings shall be limited to the purpose of providing the service for which our customers have engaged Red Canary. We do not use any personal information collected through our Offerings to contact or market products or services to these individuals. We also do not provide any personal information obtained through the Offerings to third parties for the purpose of contacting or marketing products or services to these individuals.
If you are a user of one of our Offerings, we will obtain the personal information you provide us during the sales and/or fulfillment process. We may use personal information collected such as name, phone number, mailing address, and email address to contact you and to provide you with Offerings, send you an invoice, perform accounting, auditing and collection activities, answer questions, provide support and tell you about other Offerings.
If you are an individual who would no longer like to be contacted by one of our customers, please contact the customer that you interact with directly. An individual who seeks access, or who seeks to correct or delete personal information, should direct his/her query to the Red Canary’s customer, the data controller. If our customers request Red Canary to correct or delete the personal information, we will respond within a reasonable timeframe.
We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our customers.
How We Protect Your Information
The security of customer data and your personal information is not only important to us, it is our mission. We adopt data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of customer data and your personal information. We follow generally accepted practices to protect customer data and the personal information collected and submitted to us, both during transmission and once we receive it. If you have questions about the security of your personal information collected through our Offerings or Websites, you can contact us at firstname.lastname@example.org.
Non-United States Users
The information we collect may be stored in the United States because our operations are primarily in the United States. As such, your information may be transferred to, used, processed, or maintained on computers located outside of your province, country, or other governmental jurisdiction, and privacy laws may not be as protective as those in your jurisdiction. In situations where you are located outside the United States and choose to provide information to us, we will transfer your information to the United States and process it there. Furthermore, this Policy is governed by the laws of the United States and the State of Colorado.
Retention of Personal Information
We will retain your personal information for as long as needed to fulfill the purpose for which we collected it and for a reasonable period thereafter in order to comply with audit, contractual, or legal requirements. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may retain aggregated or de-identified data indefinitely or to the extent allowed by applicable law. We may retain personal information preserved in automatically generated computer back up or archival copies generated in the ordinary course of our information technology systems procedures.
User Access and Choice
You may also request us to correct, update, amend, or remove your personal information that you know or have reason to believe is in our possession by emailing us at email@example.com or by contacting us by postal mail at the contact information listed below. When contacting us, please provide us with detailed information about the personal information you are requesting we correct, update, amend, or remove, and the timeframe and manner in which you believe we came to collect it. We will respond to your request within a reasonable timeframe. If we obtained your personal information from a customer or third party acting on your behalf, you should contact the company or person you provided your information to. In certain circumstances, we may be required by law, our auditors, or other legitimate business purposes to keep information about you.
Sharing Your Personal Information
We may also disclose your personal information as required by law, such as to comply with a subpoena or similar legal process; or when we believe that disclosure is necessary or appropriate to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. We may transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets.
Red Canary’s mission is worldwide, and therefore, we may store information in the United States and other locations worldwide where we, or our service providers, have facilities.
Except to the extent otherwise specified in a specific agreement with you, such as for specific products and services, the terms of this Policy shall govern. By using our Offerings and Websites, you are agreeing to our practices described in this Policy, which includes the collection and use of your personal information worldwide.
Red Canary by emailing us at firstname.lastname@example.org or by sending us a letter at:
Red Canary, Inc.
1515 Wynkoop Street, Suite 390
Denver, CO 80202
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us at first as provided above. If there is no resolution, you and us appoint JAMS pursuant to JAMS’ Streamlined Arbitration Rules and Procedures as our U.S.-based third party dispute resolution provider (free of charge). Please access the JAMS website at https://www.jamsadr.com for information on how to initiate dispute resolution.
Copyright © 2019 Red Canary, Inc.