www.invicti.com
Open in
urlscan Pro
18.214.189.208
Public Scan
Submitted URL: https://go.acunetix.com/e/869541/privacy-policy-/5ckfhn/1163503885?h=cBIuUBoIQdxx2yu4XmLCb8SiLobO5pWRdwduztt5kjk
Effective URL: https://www.invicti.com/privacy-policy/
Submission: On December 15 via api from US — Scanned from DE
Effective URL: https://www.invicti.com/privacy-policy/
Submission: On December 15 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
* About
* Products
* Careers
* Press
* Get in Touch
* Home
* About
* Products
* Careers
* Press
* Get in Touch
INVICTI SECURITY PRIVACY POLICY
Last updated as of August 11, 2020.
Thank you for visiting the Invicti Security websites (“Sites”). Invicti
Security develops web application security solutions. When individuals visit our
Sites, want to hear more about or try our solutions, or purchase our solutions,
we collect and process personal information. This Privacy Policy and our Cookie
Policy govern how Invicti Security collects, uses, stores, and discloses
personal information that we obtain through or from:
* Individuals who visit, access, download, or use the Sites;
* Individuals who contact us via our contact form on the Sites (i.e., potential
customers);
* Individuals who purchase our solutions and register for our products and
services (“Services”).
Our Sites and Services are collectively referred to as the “Platform” throughout
this Privacy Policy.
This Privacy Policy covers our Platform and any other websites, products,
software, applications, content, data feeds, and other services owned and
operated by Invicti Security on which authorized links to this Privacy Policy or
to any affiliated Cookie Policy are posted.
If you have any questions, comments, or concerns regarding this Privacy Policy,
our Cookie Policy, and/or our data practices, or if would like to exercise your
rights, do not hesitate to contact us.
1. Who We Are / Data Controller. If you use our Platform, except as may be
stated in this Privacy Policy, the data controller of your information is
Invicti Security Ltd. or one of its affiliated companies or subsidiaries
(“Invicti Security”, “we”, “us”).
2. Children’s Privacy. Our Platform is not intended for use by individuals
under the age of 18, and Invicti Security does not target the Platform to
minors. Invicti Security does not knowingly collect personal information from
children under the age of 18.
If you are under the age of 18, please do not provide us with any personally
identifiable information.
3. Personal Information We Collect and How It Is Collected. “Personal data” –
or “personal information” as also used throughout this Privacy Policy – means
any information about an individual from which that person may be identified.
For example, it may include your name, telephone number, email address, payment
information, IP address, device ID, and location information. It does not
include data from which the identity of an individual has been definitively
removed along with any identifiers connected to such individual.
What personal information we collect and process depends on how and why you use
our Platform. Generally, we process personal information that we receive:
* Directly from you when you provide it to us, such as when you request more
information about or purchase our Services; and
* Indirectly, through automated technologies, such as cookies, or from third
parties.
This is all explained in more detail below.
3.1 Information Collected Directly. What personal information we collect from
you directly will depend on how you use our Platform. You can generally visit
our Sites without submitting any personal information to us, but you may be
asked for information if you would like to hear more about, or sign up for, our
Services.
3.1.1 Inquiry/ Demo Information. To find out more about our Services, or to
try them out, we request certain personal information from you:
* First and last name;
* Company name;
* Work email; and
* Telephone number.
3.1.2 Account Registration Information. To sign up to use our Services, we
collect:
* First and last name;
* Company name;
* Company website;
* Company email;
* Telephone number; and
3.1.3 Payment Information. If you wish to use our Services, we will process
your payment information in order to get you started. Payment processing is
performed by third-party service providers as explained further below. Invicti
Security only receives confirmation of your payment once it goes through, and
such confirmation is then linked to your transactions and other personal
information.
3.1.4 Communication Information. When you contact us via email or otherwise,
we also collect and process any additional information you provide which may
include personal information that you voluntarily submit to us in those emails,
contact forms, or other communications.
3.2 Information Collected Indirectly.
3.2.1 Device and Usage Information. When you download, use, or interact with
the Platform, even if you do not have an account, we – or authorized third
parties engaged by us – may automatically collect information about your use of
the Platform via your device, some of which is considered personal information.
“Device and Usage Information” that we collect consists of:
* Device Information: information about the devices and software you use to
access the Platform – primarily the internet browser that you use, the
website or source that linked or referred you to the Platform, your IP
address or device ID (or other persistent identifier that uniquely identifies
your computer or mobile device on the Internet), the operating system of your
computer or mobile device, device screen size, and other similar technical
information.
* Usage Information: information about your interactions with the Platform,
including access dates and times, hardware and software information, device
event information, crash data, cookie data, aggregated scan data or
vulnerability data, and feature usage data. This information allows us to
understand the screens that you view, how you’ve used the Platform (which may
include administrative and support communications with us), and other actions
you’ve taken on the Platform. We, or our authorized third parties,
automatically collect log data when you access and use the Platform, even if
you have not created an account or logged in. We use this information to
administer and improve the Platform, analyze trends, track users’ use of the
Platform, and gather broad demographic information for aggregate use.
3.2.2 Cookies and Similar Technologies. Invicti Security or its authorized
third parties use cookies and similar technologies to collect the information
described above. Some cookies are necessary to make the Sites and our content
available to you, while others, such as those used by Google Analytics, enable
us to analyze and measure audience and traffic to the Sites. Cookies are also
used by us, advertisers (or ad-tech providers), and social media companies to
develop and serve ads that are more relevant to your interests or to generally
help us increase the number of customers who use our Services.
3.2.3 Information from Third Parties. In some instances, we process personal
information from third parties which may consist of data from our partners such
as transactional data from providers of payment services or information from our
lead generation partners.
3.3 Analytics/Aggregated Information. With the Device and Usage Information
collected by our third-party analytics services, such as Google Analytics or
Pendo, we generate and process aggregated information, such as statistical or
demographic data. Aggregated Information may be derived from personal data, but
it is not considered personal data if it does not directly or indirectly reveal
your identity. For example, we may track the total number of visitors to our
Platform or the number of visitors to each part of our Platform, and we may
aggregate usage data to calculate the percentage of users accessing a specific
feature of the Platform and analyze this data for trends and statistics.
However, if we or our third-party analytics service providers combine or connect
aggregated information with your personal data so that it can directly or
indirectly identify you, we treat the combined data as personal data which will
be processed in accordance with this Privacy Policy. Please note that you may
opt-out of certain data collection practices covered in this Section by removing
or rejecting cookies in your browser’s settings or by contacting us.
4. Why We Collect Your Personal Information and How We Use It. Our mission is
to provide a safe, efficient, and high-quality Platform, and we – or our
authorized third-party service providers who assist us in providing the Platform
– process your personal information for this purpose. Specifically, personal
information is processed in order to:
* Provide you with access to and the ability to use the Platform;
* Process and complete transactions and send you related information, including
purchase confirmations and invoices;
* Respond to your queries and requests or otherwise communicate directly with
you;
* Improve the content and general administration of the Platform and enhance
user experience;
* Provide customer support;
* Detect fraud, illegal activities, or security breaches;
* Provide you with notices regarding purchases or other important information;
* Ensure compliance with applicable laws;
* Perform system maintenance and upgrades and enable new features;
* Conduct statistical analyses and analytics;
* Increase the number of customers who use our Platform through advertising and
marketing;
* To send you marketing communications if you have opted in to receive them
(depending on your location); and
* Provide information to regulatory bodies when legally required and only as
outlined in this Privacy Policy.
5. Managing Your Preferences. If your personal data changes, or if you no
longer desire to use our Services, you may delete your account or contact us.
We will respond to your request within a reasonable timeframe.
6. Disclosure of Your Personal Information. We only disclose your personal
information as described below.
6.1 Third-Party Service Providers. Invicti Security discloses users’
information to our third-party agents, contractors, or service providers who are
hired to perform services on our behalf. These companies do things to help us
provide the Platform and – in some cases – collect information directly. Below
is an illustrative list of functions for which we may use third-party service
providers:
* Hosting and content delivery network services;
* Analytics services;
* CRM providers;
* Lead generation partners;
* Marketing and social media partners;
* Customer support services;
* Payment processors;
* Functionality and debugging services; and
* Professional service providers, such as auditors, lawyers, consultants,
accountants, and insurers.
6.2 Business Transfers. As we continue to grow, we may purchase websites,
applications, subsidiaries, and other businesses or business units.
Alternatively, we may sell businesses or business units, merge with other
entities, and/or sell assets or stock, in some cases as part of a reorganization
or liquidation in bankruptcy. As part of these transactions, we may transfer
your personal information to a successor entity upon a merger, consolidation, or
other corporate reorganization in which Invicti Security participates, or to a
purchaser or acquirer of all or a portion of Invicti Security’s assets,
bankruptcy included.
6.3 Anonymized Information. We share aggregated, automatically-collected, or
otherwise non-personal information with third parties for various purposes,
including: (i) compliance with reporting obligations; (ii) for business or
marketing purposes; (iii) to assist us and other parties in understanding our
users’ interests, habits, and usage patterns for certain programs, content,
services, marketing, and/or functionality available through the Platform. We do
not share personal information about you in these cases.
6.4 Legal Obligations and Security. In addition, Invicti Security will
preserve or disclose your personal information in limited circumstances (other
than as set forth in this Privacy Policy), including: (i) with your consent;
(ii) when we have a good faith belief it is required by law, such as pursuant to
a subpoena, warrant, or other judicial or administrative order (as further
explained below); (iii) to protect the safety of any person, to protect the
safety or security of our Platform or to prevent spam, abuse, or to protect
against any other malicious activity of actors with respect to the Platform; or
(iv) to protect our rights or property or the rights or property of those who
use the Platform.
If we are required to disclose personal information by law, such as pursuant to
a subpoena, warrant, or other judicial or administrative order, our policy is to
respond to requests that are properly issued by law enforcement within the
United States or via mutual legal assistance mechanism (such as a treaty).
Under such circumstances, we may at our discretion attempt to provide you with
prior notice that a request for your information has been made in order to give
you an opportunity to object to the disclosure. However, government requests
may include a court-granted non-disclosure order which prohibits us from giving
notice to the affected individual.
Note that if we receive information that provides us with a good faith belief
that there is an exigent emergency involving the danger of death or serious
physical injury to a person then we may provide information to law enforcement
trying to prevent or mitigate the danger as determined on a case-by-case basis.
7. Payment Processing. We do not directly collect your payment information,
and we do not store your payment information. We use third-party, PCI-compliant
payment processors that collect payment information on our behalf in order to
complete transactions. While our administrators are able to view and track
actual transactions via customer portals, we do not have access to or process
your credit card information.
8. Retention Period.
8.1 General. We use the following criteria to determine our retention periods:
the amount, nature, and sensitivity of your information; the reasons for which
we collect and process your personal data; the length of time we have an ongoing
relationship with you and provide you with access to our Services; and
applicable legal requirements. We will retain personal information we collect
from you where we have an ongoing legitimate business need to do so (for
example, to comply with applicable legal, tax, or accounting requirements).
Additionally, we cannot delete information when it is needed for the
establishment, exercise, or defense of legal claims (also known as a “litigation
hold”). In this case, the information must be retained as long as needed for
exercising respective potential legal claims.
When we have no ongoing legitimate business need to process your personal
information, we will either delete or anonymize it or – if this is not possible
(for example, because your personal information has been stored in backup
archives) – we will securely store your personal information and isolate it from
any further processing until deletion is possible.
If you have questions about, or need further information concerning, our data
retention periods, please contact us.
8.2 Time Frame of Deletion. If personal data can no longer be retained or is
no longer necessary, it will be erased or anonymized in the time frame required
by applicable law.
8.3 Anonymization. In some instances, we may choose to anonymize your personal
data instead of deleting it, for statistical use, for instance. When we choose
to anonymize your personal data, we make sure that there is no way that the
personal data can be linked back to you or any specific user.
9. Protecting Your Personal Data. No method of transmission over the Internet,
or method of electronic storage, is 100% secure. However, we take steps that
are reasonably necessary to securely provide our Platform. We have put in place
reasonably appropriate security measures designed to prevent your personal data
from being accidentally lost, used, or accessed in an unauthorized way, altered,
or disclosed. We limit access to personal data only to those employees, agents,
contractors, and third parties who have a business need-to-know.
We also have procedures in place to deal with any suspected data security
breach. If required, we will notify you and any applicable regulator of a
suspected data security breach. We also require those parties to whom we
transfer your personal information to provide acceptable standards of security.
10. International Transfers. We have locations outside of the EU, and the
personal information that we collect may be stored on servers located in
the United States or in any other country in which Invicti Security, its
affiliates, partners, service providers, or agents maintain facilities.
This means that your personal information may be collected, processed, and
stored in such locations which may have data protection laws that are
different from (and sometimes less protective than) the laws of your
country or region, such as the General Data Protection Regulation (“GDPR”).
By sending us personal information, you agree and consent to the processing of
your personal information outside of the EU in locations such as the United
States which may not offer an equivalent level of protection to that required in
other countries (particularly the EU) and to the processing of that information
by us on servers located outside of the EU, as described in this Privacy Policy.
We have implemented safeguards designed to ensure that the personal information
we process remains protected in accordance with this Privacy Policy including
when processed internationally or by our third-party service providers and
partners. The safeguards we may take in our discretion include, for instance,
entering into binding agreements in connection with any onward transfers of
personal information. We may implement other mechanisms and take similar
appropriate safeguards with our third-party service providers and partners.
Further details can be provided upon request.
11. Changes to this Privacy Policy. Invicti Security may update this Privacy
Policy from time to time, at its sole discretion. If we make material changes,
we will post an updated Privacy Policy within the Platform along with a change
notice. Changes, modifications, additions, or deletions will be effective
immediately on their posting to the Platform. If we make significant changes,
we may also send registered users a notice that this Privacy Policy has been
changed. We encourage you to review this Privacy Policy regularly for any
changes. Your continued use of the Platform and/or your continued provision of
personal information to us after the posting of such notice will be subject to
the terms of the then-current Privacy Policy. If you continue to use the
Platform, you will be deemed to have accepted the change.
12. How To Contact Us About Privacy. If you have any questions regarding this
Privacy Policy, please contact us or at the address below:
Invicti Security
220 Industrial Blvd., Suite 102
Austin, TX 78745
13. Additional Information for Users in California. Invicti Security provides
the Platform to other businesses, and in doing so we may collect and process
personal data on behalf of our business customers, including personal data about
California residents. In doing so, Invicti Security is a service provider under
the CCPA. As a service provider, we will collect and process personal data on
behalf of a customer to provide the Platform for which that customer has engaged
us, in accordance with our contract with such customer. If you’d like to
exercise your rights under the CCPA with respect to your personal data we hold
as a service provider for a customer, you should contact that customer directly.
If you have a question or would like to submit a request related to the personal
data we collect related to our business-to-business relationship with you or
your company, please contact us.
14. Additional Information for Users in the European Economic Area. This
Section applies to individuals located in the EEA.
14.1 Categories of Recipients of Personal Data. The categories of recipients
of personal data with whom we may share your personal data are listed in the
“Disclosure of Your Personal Information” section above.
14.2 Legal Bases and Purposes of Processing. Invicti Security uses your
personal information for a number of different purposes as described in this
Privacy Policy. Some uses are essential for us to provide the Platform or to
fulfill our legal obligations, some uses help us run the Platform efficiently
and effectively, and some uses enable us to improve our Platform with more
relevant and personalized offers and information. In all cases, under GDPR, we
must have a reason and a legal ground for processing your personal information.
Some of the most common legal grounds we rely on are briefly explained below.
14.2.1 Performance of a Contract. We may process your personal data for the
purposes of a contract to which you are a party. For instance, if you want to
use our Platform, we need to process your account registration information,
location information, and payment information in order to enable you to do so.
14.2.2 Legitimate Interests. We may process personal data where it is
necessary for our legitimate business interests, but only to the extent that
they are not outweighed by your own interests or fundamental rights and
freedoms. We generally rely on legitimate interests to: provide and maintain a
Platform that works well and securely; comply with applicable laws; carry out
fraud prevention; and generally improve the Platform. When we rely on this
legal basis, we’ll carry out a legitimate interest assessment to ensure we
consider and balance any potential impact on you (both positive and negative)
and your rights under applicable data protection laws.
14.2.3 Consent. Invicti Security may rely on consent where it is required,
such as with respect to certain information collected via cookies and similar
technologies (other than strictly necessary cookies) or when we’re asking you to
confirm your marketing preferences. When we rely on consent, you’ll be asked to
confirm that you give your permission to Invicti Security to process your
personal information. You have the right to withdraw your consent at any time
if you no longer wish to have Invicti Security process your personal data.
14.2.4 Legal Obligation. Invicti Security will on occasion be under a legal
obligation to obtain and disclose your personal data. Where possible, we will
notify you when processing your data due to a legal obligation, but this may not
always be possible. For instance, Invicti Security may need to provide your
data in order to prevent criminal activity or to help to detect criminal
activity, in which case we may share information with law enforcement without
providing notice to you. This is done in a safe and secure manner. It’s
essential that Invicti Security complies with its legal, regulatory, and
contractual requirements, so if you object to this processing then Invicti
Security will not be able to provide its Platform to you.
14.3 Your Rights and Choices Under GDPR. If the GDPR applies to you because
you are in the EEA, you have the following rights in relation to your personal
data:
* The right to be informed – our obligation to inform you that we process your
personal data (and that’s what we’re doing in this Privacy Policy);
* The right of access – your right to request a copy of the personal data we
hold about you (also known as a ‘data subject access request’);
* The right to rectification – your right to request that we correct personal
data about you if it is incomplete or inaccurate (though we generally
recommend first making any changes in your Account Settings);
* The right to erasure (also known as the ‘right to be forgotten’) – under
certain circumstances, you may ask us to delete the personal data we have
about you (unless it remains necessary for us to continue processing your
personal data for a legitimate business need or to comply with a legal
obligation as permitted under the GDPR, in which case we will inform you);
* The right to restrict processing – your right, under certain circumstances,
to ask us to suspend our processing of your personal data;
* The right to data portability – your right to ask us for a copy of your
personal data in a common format (for example, a .csv file);
* The right to object – your right to object to us processing your personal
data (for example, if you object to us processing your data for direct
marketing); and
* Rights in relation to automated decision-making and profiling – our
obligation to be transparent about any profiling we do, or any automated
decision-making.
These rights are subject to certain rules around when you can exercise them. If
are located in the EEA and wish to exercise any of the rights set out above,
please contact us here or at the addresses provided below.
You will not have to pay a fee to access your personal data (or to exercise any
of the other rights) unless your request is clearly unfounded, repetitive, or
excessive. Alternatively, we may refuse to comply with your request under those
circumstances.
We may need to request specific information from you to help us confirm your
identity. This is a security measure to ensure that personal data is not
disclosed to any person who has no right to receive it.
If we cannot reasonably verify your identity, we will not be able to comply with
your request(s).
We will respond to all legitimate requests within one month. Occasionally, it
may take us longer than a month if your request is particularly complex or if
you have made a number of requests. In this case, we will notify you and keep
you updated as required by law.
In addition, if you no longer wish to receive our marketing/promotional
information, we remind you that you may withdraw your consent to direct
marketing at any time directly from the unsubscribe link included in each
electronic marketing message we send to you. If you do so, we will promptly
update our databases, and will take all reasonable steps to meet your request at
the earliest possible opportunity, but we may continue to contact you to the
extent necessary for the purposes of providing our Platform.
Finally, you have the right to make a complaint at any time to the supervisory
authority for data protection issues in your country of residence. We would,
however, appreciate the chance to address your concerns before you approach the
supervisory authority, so please contact us directly first.
If you are a user in the EEA, you may also contact our representative in the
European Union:
Attn: Data Protection Officer
2nd Floor, Mirabilis Bldg.
TRIQ I-Intornjatur Mriehel
Malta BKR 3000
Cc: 220 Industrial Blvd., Suite 102
Austin, TX 78745
About
* About
* Products
Products
* Acunetix
* Netsparker
Company
* Get in Touch
* Careers
220 Industrial Blvd Ste 102
Austin, TX 78745, US
© Invicti 2021 - Privacy Policy
*
*
*