Privacy Policy

Last updated: May 25, 2023


Welcome to the website of Secureframe, Inc. (“Secureframe”, “Company”, “we”, “us” and/or “our”) www.secureframe.com (the "Site"). 

If you are unable to access this Policy due to a disability or impairment, please contact us using the contact details in the Contact Secureframe Section and we will arrange to supply you with the information you need in an alternative format that you can access. You can also access a printable version of this Policy here.

This Privacy Policy ("Policy") sets forth Secureframe’s practices with respect to information including "personal data", "personal information", and "personally identifiable information" as these terms are defined under applicable data protection laws (“Personal Data”), that is collected, used and shared by Secureframe in the usual course of business, including when you:

  • visit, interact with or use our Site; visit our social media pages; visit our offices; submit a job application; receive online advertisements or communications from us, including emails, phone calls and texts; or register for, attend and/or otherwise take part in our contests, events, tutorials or webinars (we collectively refer to all of these activities as our "Marketing Activities"); 
  • purchase or use any Secureframe services as an authorized end user (for example, as an individual customer or as an authorized team member of one of our business customers) (herein referred to as "Service Users") (we collectively refer these activities as the "Services" in this Policy), specifically where we act as a data controller of your Personal Data (unless otherwise noted).

For clarity, our Services are intended for use by our business customers. As a result, for much of the Personal Data we process through the Services, we act as a processor or service provider on behalf of our business customers. For more information, see Section 2 below. 

"You" may, depending on the context, be a visitor to our Site, offices or social media pages; a recipient of our communications or online advertisements; a job applicant; or a Service User. 

We may provide additional "just-in-time" disclosures or additional information about our data processing practices. These notices may supplement this Policy or clarify Secureframe's privacy practices in the circumstances described or may provide you with additional choices about how Secureframe processes your Personal Data.

This Policy does not apply to any third-party websites, services or applications, even if they are accessible through or are necessary for the use of our Services.

When you access or use our Services or engage with our Marketing Activities, you acknowledge that you have read this Policy and understand its content. Your use of our Services and interaction through our Marketing Activities and any dispute over privacy is subject to this Policy, the Terms of Service at secureframe.com/terms and any applicable service terms (including any applicable limitations on damages and the resolution of disputes).

Quick Links

We recommend that you read this Policy in full to ensure you are fully informed. However, to make it easier for you to review those parts of this Policy which apply to you, we have divided up the document into the following sections:

1. About Secureframe

2. Information We Process on Behalf of our Customers

3. The Personal Data We Collect

4. Our Use of Your Personal Data and Our Legal Basis for Processing

5. Our Disclosure of Your Personal Data

6. Social Media and Technology Integrations

7. Cookies and other Tracking Technologies

8. Security

9. Retention

10. Transfers of Your Personal Data

11. Additional Disclosures for U.S. Residents

12. Your Privacy Rights & Choices

13. Children's Personal Data

14. Links to Third-Party Web Sites

15. Changes to Secureframe's Privacy Policy

16. Contact Secureframe

1. About Secureframe
Secureframe makes it easy for businesses to achieve and maintain compliance with information security and privacy standards such as SOC-2, ISO 27001, PCI-DSS, HIPAA, GDPR, and more. The Secureframe product automates many of the manual, time-consuming tasks associated with compliance certifications, such as evidence collection, security policy management, security awareness training for employees, and the ongoing monitoring and management of security hygiene across a company’s assets (personnel, devices, databases, third-party vendors, and more). You can find out more about Secureframe and our Services at https://secureframe.com.

Subject to Section 2 below, if you are located in the European Economic Area ("EEA"), United Kingdom ("UK") or Switzerland, the controller (or processor where applicable) of your Personal Data that Secureframe processes for the purposes described in this Policy is Secureframe, Inc.

2. Information We Process on Behalf of our Customers

Our Services are intended for use by our business customers. As a result, for much of the Personal Data we process through the Services, we act as a processor or service provider on behalf of our business customers. This means that it is our business customers that control what Personal Data we collect through the Services and how we use it. Where our activities as a processor or service provider are clear and consistent across our customer base, we have described those activities herein in the interests of transparency. However, if you are a Service User, and have privacy related questions or concerns about the privacy practices of or the choices the relevant business customer has made regarding your information via the Services, you should contact the relevant customer (e.g. your employer) directly or review their privacy notices.

We are not responsible for the privacy or data security practices of our business customers, which may differ from those set forth in this Policy.

3. The Personal Data We Collect
The Personal Data we collect depends on the context of your interactions with Secureframe and the choices you make (including your privacy and browser settings), the Services you use, your location and applicable law, but can include the following:

Personal Data That You Provide to Secureframe: We collect different types of Personal Data that you voluntarily submit through the Site. We collect Personal Data from you when you voluntarily provide such information, such as when you contact us with inquiries, respond to one of our surveys, register for access to the Services or use certain Services. Wherever Secureframe collects Personal Data, we make an effort to provide a link to this Privacy Policy.

The Personal Data we collect may include: 

  • Marketing information (Identifiers) - such as your business contact information (name, job title, organization, phone number, email address, country/ state of residence, mailing address) and contact preferences; 
  • Online content (Internet activity information) - which includes Personal Data disclosed by you on message boards, chat features, blogs and other services or platforms to which you are able to post information and materials, including third party services and platforms;
  • Applicant information (Employment and Education information) - if you apply for a job with Secureframe (such as your resume, desired pay, education and work history, whether you are over the age of 18, and visa status). You also may choose to provide your gender, ethnicity, veteran status, disability status, and links to your website, blog, portfolio, or LinkedIn profile;
  • Services account registration data (Customer Records) - such as your email, username or account name and hashed password when you sign-up or register for an account with us and the unique Service user ID assigned to you in our systems;
  • Services management data (Customer Records) - data Secureframe needs in order to provide our suite of security compliance services to organizations, such as business information (an individual’s name, job status (e.g. employee/contractor, start/end dates of employment, title, role), email address); 
  • Troubleshooting and support data - which is data you provide or we otherwise access in connection with support queries we receive from you. This may include, for example, contact or authentication data, the content of your chats and other communications with Secureframe, the product or service you are using related to your help inquiry and related crash analytics.

If you communicate directly with us, we may collect and maintain an archive of our communications with you (including their content). We may also record or monitor our telephone or other communications with you, to the extent permitted by applicable law.

Providing your Personal Data is optional, but it may be necessary for certain Services, such as in relation to Services account registration and management data. In such cases, if you do not provide your Personal Data, Secureframe may not be able to provide you with the requested Services.

Personal Data we collect automatically: When you use or interact with the Services and Marketing Activities, we automatically collect or receive certain information through our Services (for example in log files) and through other technologies (such as cookies) about your device and usage of the Services. In some countries, including countries in the EU and UK, this information is considered Personal Data. 

The categories of Personal Data we automatically collect and have collected in the last 12 months include your device's IP address, the domain name of the website from which your device linked to our Services and Marketing Activities, and your browsing habits on and usage of the Services and Marketing Activities through your device:

  • Commercial Information - Information about the products or services you purchased, looked at or searched for, and any related use histories or tendencies;
  • Online Identifiers and Inferences - Details about your computers, devices, applications, and networks, including internet protocol (IP) address, URLs or domain names of websites you visit, information about applications installed on your device, traffic data, cookie identifiers, mobile carrier, mobile device ID, advertising identifiers;
  • In relation to the Services: performance information, data relating to your interaction with the Services (e.g. time of access, features used, length of use, OS version, browser information), device IDs and characteristics (to help ensure devices are using certain security settings, as further described in the “Information on Behalf of Our Customers” section), crash logs, and other aggregate or statistical information.

We use tracking technologies to collect this information, including cookies, web beacons, pixels and clear gifs. For more information, please see our Cookie Manager.

Information on Behalf of Our Customers: We may collect and process Personal Data about individuals at the direction of our customers ("Customer Data"). Customer Data has historically included name, email address, organization name, job title, job status (e.g. start and end dates of employment), IP Address, device IDs, among other information. We also collect other device identifiers and characteristics designed to ensure Service Users have certain endpoint security installed and running, including: the type of internet browser you are using on your device, operating system type and version, whether certain application software is installed and running (e.g. anti-virus), whether lock screens and encryption are enabled, and similar security checks. Our processing of Customer Data is governed by the terms of our service agreements with our customer, and not this Privacy Policy. We are not responsible for how our customer(s) treat the Personal Data we collect on their behalf, and we recommend you review their separate privacy policies.

Secureframe acknowledges that you may have rights in connection with Customer Data. If your information has been processed by Secureframe on behalf of a customer and you wish to exercise any rights you have with such Personal Data, please inquire with our customer directly. If you wish to make your request directly to Secureframe, please provide the name of the Secureframe customer on whose behalf Secureframe processed your information. We will refer your request to that customer and will support them to the extent required by applicable law in responding to your request.

Information From Third-Party Services:  We may receive information about you from other sources, including through Third-Party services that you may connect to Secureframe (such as API integrations) and organizations that supplement information directly provided by you. For example, if you access our Services through a Third-Party application, such as Google Sign-In, we may collect information about you from that Third-Party application that you have made available. Information we collect through integrations and other connected Third-Party services may include your name, email address, logging information, etc. This information allows us to provide you with the Secureframe services and to enhance our ability to provide you with information about our business and products.

Information from Other Sources:

We may obtain Personal Data about you from other sources. The categories of other sources from which we collect and have collected Personal Data from in the last 12 months include:

  • Social networks when you interact with our Services and Marketing Activities or grant permission to us to access your information;
  • Partners with which we offer co-branded services or engage in joint marketing activities; 
  • Third parties that have indicated that they have your consent or are otherwise legally permitted or required to disclose your Personal Data to Secureframe. For example, we may be provided with information about individuals who could be interested in using our Services (e.g., LinkedIn Sales Navigator and similar advertising companies, as well as partners and service providers); 
  • Other individuals at your organization, or individuals who may refer Secureframe to you, for the purpose of learning more about our Services; 
  • Background screening providers that Secureframe uses in the event you are selected to join our team via our careers and recruitment process. We conduct background screenings through a third-party service provider and verify information from your job application that relates to your past education, employment, credit and/or criminal history, as allowed by applicable law; 
  • Recruitment agencies, who may share your Personal Data with us for purposes of helping to identify and select candidates; and
  • Publicly-available sources such as data in the public domain.

Aggregated Personal Data: In an ongoing effort to better understand and serve our prospects and Service Users, Secureframe often conducts research on its customer demographics, interests and behavior based on Personal Data and other information provided to us. As it relates to our Services, we may also use machine learning and performance metrics for the purposes of providing and improving Secureframe's products and services. This information may be compiled and analyzed on an aggregate basis. This aggregate information does not identify you personally. Secureframe may also disclose such aggregated information in order to describe and promote our Services to current and prospective business partners, and to other third parties for other lawful purposes.

4. Our Use of Your Personal Data and Our Legal Basis for Processing

We may use your Personal Data, and may have done so over the preceding 12 months, for the following purposes and in reliance on the legal bases described in this Privacy Policy or disclosed explicitly to you in our Services or other contracts:

To communicate, including…

  • With you, our customers, partners and other third parties (e.g. through email) about the Services, including to communicate changes and revisions to our policies, technical notices, security alerts, support, renewal notices, for account verification and other administrative messages in reliance on our legitimate interests in administering our Services;
  • To ask you to participate in surveys or solicit feedback on our Services in reliance on our legitimate interests;
  • If you fill out a web form or request support, if you contact us by other means, including via a phone call, we use your data to perform our contract with you or if we do not have a contract directly with you, in reliance on our legitimate interests in fulfilling your requests and communicating with you;
  • With you about promotions, upcoming events, and news about products and services offered by Secureframe (e.g. marketing newsletters, telemarketing calls, SMS, emails or push notifications) and, in some cases, our selected partners, all in accordance with your marketing preferences as necessary for our legitimate interest in conducting direct marketing, or to the extent you have provided your prior consent;
  • To conduct marketing research, advertise to you, provide personalized information about us on and off our websites, and to provide other personalized content based on your activities and interests to the extent it is necessary for our legitimate interest in advertising our Services, or where necessary, to the extent that you have provided your prior consent. Please see the “Your Privacy Rights and Choices” section below to learn how you can control the processing of your Personal Data by Secureframe for personalized advertising. Generally, Secureframe does not rely on consent as a legal basis for processing your Personal Data, other than sending direct marketing communications to you via email. If you have provided your consent to receive email marketing from us, you have the right to withdraw your consent to email marketing at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.

To process job applications, including…

  • To evaluate your application, make hiring decisions, and evaluate your authorization to work, if applicable, including evaluating immigration status with respect to authorization to work;
  • To communicate with you and inform you of current and future career opportunities (unless you tell us that you do not want us to keep your details for such purposes);
  • To manage and improve our recruiting and hiring processes, such as soliciting feedback via candidate surveys, or to conduct reference and background checks where required or permitted by applicable local law;
  • Information collected in the context of processing job applications and in general when you apply for a job with Secureframe is processed in reliance on our legitimate interest in assessing the suitability of our candidates and managing our recruiting process, or, where required by applicable law, with your consent.

To provide and improve our products and services, including…

  • Operating, maintaining and providing to you the features and functionality of the Services, as necessary to perform our contract with you;
  • Using a person’s IP address and other online identifiers to generate aggregate, non-identifying information about how our Services are used in reliance on our legitimate interests and as necessary to perform our contract with you;
  • To monitor and improve marketing campaigns and make relevant suggestions to users in reliance on our legitimate interests and, where applicable, with your consent, which can be withdrawn at any time;
  • To understand you and your preferences to enhance your user experience in reliance on our legitimate interest in personalizing and improving the Services and as necessary to perform our contract with you.

To fix problems and protect the Services, you, ourselves, other customers and the public generally and to comply with applicable laws, including…

  • To troubleshoot and diagnose product problems and to provide other customer support, including to help us provide, improve and secure the quality of our products, services and training and to investigate security incidents, in reliance on our legitimate interests and, where applicable, to perform our contract with you in accordance with the applicable terms;
  • Using call recording data, including to provide support services and investigate security incidents in reliance on our legitimate interests and, where applicable, to perform our contract with you in accordance with the applicable terms;
  • To ensure the safety and security of our Services in reliance on our legitimate interests, including verifying accounts and activity, investigating suspicious activity, detecting and preventing fraud and other illegal activities and to protect the rights and interests of us, users, and other customers’ users, third parties, and the public;
  • To enforce our terms and conditions or protect our business in our legitimate interests;
  • To comply with our legal obligations under applicable laws, we process your Personal Data when cooperating with public and government authorities, courts or regulators, to the extent this requires the processing or disclosure of Personal Data to protect our rights, or is necessary for our legitimate interest in protecting against misuse or abuse of our Services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, or to respond to lawful requests.

For other legitimate business purposes in reliance on our legitimate interests, such as to update, expand, and analyze our records, identify new customers, data analysis, to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity, developing new products, enhancing, improving or modifying our Services, identifying usage trends, benchmarking, determining the effectiveness of our promotional campaigns, trials and operating and expanding our business activities.

In carrying out these purposes, we combine data we collect from different contexts or that we obtain from third parties to give you a more seamless, consistent, and personalized experience, to make informed business decisions, and for other legitimate purposes.

If Secureframe intends on using any Personal Data in any manner that is not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time at which the Personal Data is collected.

We may use information that does not identify you (including information that has been de-identified) without obligation to you except as prohibited by applicable law. For information on your rights and choices regarding how we use your information, please see Your Privacy Rights and Choices.

5. Our Disclosure of Your Personal Data 

Secureframe is not in the business of selling your information for monetary consideration. We consider this information to be a vital part of our relationship with you and we only share it where reasonably necessary to provide our services to you or enhance our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you. The types of entities to whom we disclose and have disclosed information within the last 12 months, include:

Affiliates: We may share all categories of your Personal Data with our affiliates for internal business purposes. For example, for customer support, marketing, or technical operations.

Third-party service providers: Our service providers may process all categories of your information in connection with their work on our behalf and are contractually prohibited from retaining, using, or disclosing your information for any purpose other than to provide this assistance, although we may permit them to use aggregate information which does not identify you or de-identified data for other commercial purposes. We may also share your Personal Data with our marketing service providers to help us better market our products and services to you. These marketing service providers may use your Personal Data only for the purpose of helping us to provide relevant products and services information to you and are expressly obligated not to disclose your Personal Data to others. If you do not want us to use your Personal Data for these marketing purposes, you can opt out by contacting us at privacy@secureframe.com       

Vendors, Agents, Consultants and Related Third Parties: Secureframe, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases, analytics and marketing or advertising services, and processing payments. When we employ another entity to perform a function of this nature, we only provide them with the information that they need to perform their specific function. These third parties may act as our service providers, or in certain contexts, independently decide how to process your Personal Data. 

Partners: Secureframe may share business contact information, marketing information, troubleshooting and support data with business partners of ours (including referral partners, resellers, and managed service providers), for the purpose of assisting with sales, marketing and support activities.

Merger or acquisition: We may share all categories of your information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.           

Legal Requirements: Secureframe may disclose any categories your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, (ii) protect and defend the rights or property of Secureframe, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.

Consent: To any other person you have consented to us sharing Personal Data.

Without limiting the foregoing, we may share aggregated information which does not identify you or de-identified information with other parties or affiliates except as prohibited by applicable law. For information on your rights and choices regarding how we share your information, please see Your Privacy Rights and Choices.

6. Social Media and Technology Integrations

Our Services and Marketing Activities contain content from and hyperlinks to websites, locations, platforms, and services operated, owned, and maintained by third parties. In addition, we integrate technologies operated or controlled by other parties. For example, we hyperlink from our Site and Services to websites, social media platforms, and other services not operated or controlled by us. These other parties may use tracking technologies to independently collect information about you and may solicit information from you. Also, if you use one of their features, both we and the applicable other party may have access to and use information associated with your use of that feature. If you publicly reference our Site or Services or Marketing Activities on a social network (e.g., by using a hashtag associated with Secureframe in a tweet or post), we may use your reference on or in connection with our Services and Marketing Activities.

The information collected and stored by third parties, whether through our Services and Marketing Activities, or another parties' service or device, remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. Secureframe is not responsible for and makes no representations regarding the privacy practices of third parties. You should carefully read their own privacy policies before providing any information to such parties.

7. Cookies and other Tracking Technologies  

We may, and we may allow third party service providers to, use cookies or other tracking technologies to automatically collect information from your computer or mobile device about your browsing activities over time and across different websites following your use of the Site, your interaction with our Marketing Activities as well as in connection with the Services.

For example, we use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help us analyze your use of the Services and Marketing Activities, compile statistic reports on the service's activity, and provide other services relating to your activities and internet usage. For more information on how Google uses this data, go to www.google.com/policies/privacy/partners/.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the Site. For more information, and to manage how Secureframe collects and stores non-essential cookies, please see our Cookie Manager.

8. Security

Secureframe takes reasonable administrative, physical and electronic measures designed to protect your Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. Therefore, we cannot guarantee the security of your Personal Data. Please keep this in mind when disclosing any Personal Data to Secureframe via the Internet.

9. Retention

We may retain your Personal Data for as long as necessary for the purposes it was collected, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types in the context of different services, actual retention periods can vary. We determine the appropriate retention period for Personal Data based on the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, as well as applicable legal requirements (such as applicable statutes of limitation). After expiry of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of that data. For further information on applicable data retention periods, please see the section entitled Contact Secureframe.

10. Transfers of Your Personal Data

Personal Data we collect may be stored and processed in your region, in the United States, Canada, the United Kingdom or any other country where we or our affiliates, subsidiaries or service providers maintain facilities. We maintain primary data hosting centers in the United States. We take steps designed to ensure that the data we collect under this Privacy Policy is processed as described in this Privacy Policy and according to applicable law wherever the data is located.

Therefore, we may transfer Personal Data from the European Economic Area (EEA), UK and Switzerland (collectively, “Europe”) to other countries that may not have the same level of data protection that applies in your jurisdiction. In these cases, we use a variety of legal mechanisms to ensure that the recipient of your Personal Data offers an adequate level of protection, including entering into the standard contractual clauses for the transfer of European data approved by the European Commission, or where required, we will ask you for your prior consent.

11. Additional Disclosures for U.S. Residents

This section describes how Secureframe collects, uses and discloses your Personal Data pursuant to the following U.S. state privacy laws: 

  • the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (CCPA); 
  • the Virginia Consumer Data Protection Act (VCDPA); 
  • the Colorado Privacy Act (CPA); 
  • the Connecticut Data Privacy Act (CDPA); and 
  • the Utah Consumer Privacy Act (UCPA).

This section applies only if you live in the US states of California, Colorado, Connecticut, Virginia, Utah or any other US state that has enacted similar privacy laws. This section also describes the rights you have with regard to your Personal Data, which apply when these laws take effect in these states. This section does not apply to any of our employees, owners, directors, officers, or contractors.

Since the rules and regulations implementing some of these laws have not yet been finalized, we will continue to update our processes and disclosures as well as this section once these implementing rules and regulations are finalized. Certain terms used herein have the meanings given to them in the respective state privacy laws.

Categories, Sources, and Use of Personal Data we collect: 

The categories of Personal Data we collect and the sources from which we collect it are described in detail in the section entitled The Personal Data We Collect. The business and commercial purposes for which we collect this information are described in the section entitled Our Use of Your Personal Data.

In addition, and specifically with respect to job applicants, Secureframe may collect Personal Data:

  • that contains characteristics which may be protected classifications under California or Federal Law solely to the extent such characteristics are voluntarily disclosed to us or contained in any content transmitted across or stored on our network (e.g. age, ethnicity, race, languages spoken and gender);
  • which includes sensitive Personal Data as defined under the CCPA (such as social security number, driver’s license, state identification card, passport number, the contents of mail/email and text messages (unless we are the intended recipient of the communication), precise geolocation, and health information).

We collect sensitive Personal Data in relation to job applicants for various purposes, including: 

  • to uniquely identify you; 
  • to comply with our legal obligations pursuant to applicable federal and state employment laws and regulations, including collecting and disclosing Personal Data as required by law (e.g., for minimum wage, payroll tax, as well as to comply with equal opportunity and anti-discrimination laws);
  • to facilitate and provide reasonable accommodations; and
  • to facilitate other business purposes as enumerated under the CCPA.

As defined by the CCPA, sensitive Personal Data shall be treated as Personal Data, except where it is collected or processed for “the purpose of inferring characteristics about a consumer.” We do not collect or process sensitive Personal Data for the purpose of inferring characteristics about individuals.

Sale or Disclosure of Personal Data

This section only applies where Secureframe is acting as a business, and not a service provider, under applicable US data protection laws. The categories of third parties to whom we "disclose" your Personal Data, and the categories of information disclosed for a business purpose are described in the section entitled Our Disclosure of Your Personal Data.

When we disclose Personal Data for a Business Purpose, we enter into a contract that describes the purpose and requires the recipient to keep that Personal Data confidential and use it only for the purposes specified in the contract, and not for any other purpose. We share or make your information available, including any Personal Data, in the circumstances described below.

While Secureframe does not sell Personal Data in exchange for any monetary consideration, we may share Personal Data for cross-context behavioral advertising purposes and for other benefits as defined by certain state privacy laws, such as the CCPA under Cal. Civ. Code 1798.140(ad)(2). Some of our processing activities may also constitute “targeted advertising” as that term is defined under certain state laws.

We have shared in the preceding 12 months Personal Data as necessary for business purposes, as defined by Cal. Civ. Code 1798.140. This includes sharing personal identifiers, commercial information, and internet or other electronic network activity with customer relationship management, consulting, email, product feedback, helpdesk services, advertising networks and website analytics companies. 

We make Personal Data available to the following categories of third parties:

  • partners (including analytics providers);
  • marketing service providers; 
  • affiliated persons, third-party service providers and partners assisting us in the operation, management, improvement, research and analysis of the Site, Marketing Activities and Services. Affiliated persons or our third-party service providers may augment, extend, and combine non-personally identifiable information with data from additional third-party sources in order to assist us with the above. Use of information by affiliated persons and third-party service providers will be subject to this Policy or an agreement that is at least as restrictive as this Policy.

You have a right to direct Secureframe not to sell or share your Personal Data. We do not have actual knowledge that we have sold or shared Personal Data of individuals under the age of 16 for targeted advertising or cross-context behavioral advertising purposes.

12. Your Privacy Rights & Choices

Secureframe provides ways for you to access and delete your Personal Data as well as exercise other rights that give you certain control over your Personal Data.

A. All Users

  • Email Subscriptions. You can always unsubscribe from our commercial or promotional emails by clicking unsubscribe in those messages. We make every effort to promptly process all unsubscribe requests. If you choose to no longer receive marketing information, we may still communicate with you regarding such things as your security updates, product functionality, responses to service requests, or for other transactional, non-marketing related reasons.
  • You may exercise choice regarding the use of cookies as described in our Cookie Manager. To opt-out from Google Analytics, please visit https://tools.google.com/dlpage/gaoptout or download the Google Analytics Opt-out Browser Add-on.

B. EEA, UK and Switzerland Residents and Visitors

If you are a resident of or visitor from the EEA, UK or Switzerland, where we are acting as a data controller, you may have the following rights with regard to the Personal Data we control about you:

  • You can access, correct, update and delete your Personal Data by emailing us at privacy@secureframe.com. If you are a Service User, you can also do this by signing into your account and editing your information as desired.
  • You can object to processing of your Personal Data, ask us to restrict the processing of your Personal Data or request portability of your Personal Data. To exercise these rights, please send an email to privacy@secureframe.com.
  • If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time for future processing. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your Personal Data but we encourage you to first contact us with any questions or concerns. 
  • Secureframe does not engage in any automated decision making with your Personal Data.

C. US Privacy Rights

Subject to certain limitations (as defined under applicable law), you have the rights listed below with respect to the Personal Data that we collect about you when Secureframe is acting as a business under applicable US data protection laws. 

Right to Know 

You have the right to request access to, or a copy of the Personal Data we have collected, used, disclosed and sold about you, including:

  • The categories of Personal Data we have collected, used, disclosed or sold;
  • The categories of sources from which the Personal Data is collected;
  • The business or commercial purpose for collecting your Personal Data;
  • The categories of third parties with whom we have shared your Personal Data; 
  • The specific pieces of Personal Data we have collected about you;
  • If we disclosed your Personal Data for a Business Purpose, the Business Purpose for which such Personal Data was disclosed, and the Personal Data categories that each category of recipient obtained; and
  • If applicable, (1) the categories of your Personal Data that we have made available for valuable consideration; (2) the categories of third parties to whom such Personal Data was made available; and (3) the category or categories of Personal Data that we have made available to each category of third parties.

You also have a right to know if we have sold or shared your Personal Data for a business purpose and, if so, the categories of Personal Data sold or disclosed and the categories of third parties to whom such information was sold or disclosed, along with the business or commercial purpose for which such information was sold or disclosed.

Right of Access

You may request a copy of the Personal Data we have collected about you.

Right to Delete 

You have the right to request that we delete the Personal Data we have collected from you (and direct our service providers to do the same) and retained, subject to certain limitations under applicable law. 

Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Data from our records, unless an exception applies.

Right to Correct 

You have the right to correct inaccurate Personal Data that we maintain about you. We will take into account the nature of the Personal Data and the purposes for which we process it. We may require documentation from you in order to process your request, including your name, email address, phone number, and request details.

Right to Opt-Out of Sale/Sharing 

You may also have the right to opt out of the sale or sharing of your Personal Data. You can request to opt out of such “sale” or "sharing" of your Personal Data by submitting a request to us by sending us an email at privacy@secureframe.com.

If you decide to opt-out, we will stop selling or sharing your information with third parties. However, please note that for example your use of our Website may still be tracked by us and our service providers to perform functions that are necessary for our business such as hosting our Website, ensuring there is no fraud, etc. These entities are contractually obligated to keep this information confidential and will not use it for any purpose other than for the services they provide to our business.

You may change your mind and opt back in at any time by sending us an email at privacy@secureframe.com. We will only use Personal Data provided in an opt-out request to review and comply with the request.

Right to Limit the Use of Sensitive Personal Data

Secureframe does not knowingly collect, use or disclose any sensitive personal information, as defined by the CCPA, for the purpose of inferring characteristics about you. Accordingly, submitting a request to limit the use of your sensitive Personal Information is not required.      

Right to Not Receive Discriminatory Treatment

You have the right to not receive discriminatory treatment for exercising your CCPA privacy rights. We do not use the fact that you have exercised or requested to exercise any CCPA rights for any purpose other than facilitating a response to your request.

You can contact us with your request through one of the contact methods described under the Contact Secureframe section below. 

We may ask you to provide information that will enable us to verify your identity in order to comply with your request to exercise your privacy rights. Consumers in some states may also authorize an agent to make requests on their behalf. In particular, if you are a California resident, or if you are an authorized agent wishing to exercise CCPA rights on behalf of someone else, please contact us via email at privacy@secureframe.com. Please include your full name and email address along with why you are writing so that we can process your request in a timely manner. In some instances, we may decline to honor your request if an exception applies under applicable law. We will respond to your request in accordance with the requirements of applicable law.

Please note that if your information has been processed by Secureframe on behalf of a customer and you wish to exercise any rights you have with such Personal Data, please inquire with our customer directly. If you wish to make your request directly to Secureframe, please provide the name of the Secureframe customer on whose behalf Secureframe processed your information. We will refer your request to that customer and will support them to the extent required by applicable law in responding to your request.

Please note that to protect your Personal Data, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent (as applicable) have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your Personal Data.

We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

You may have the right to appeal our decisions made with respect to your request. To appeal our decision on your request, you may contact us through one of the contact methods described under the section titled Contact Secureframe. Please enclose a copy of, or otherwise specifically reference, our decision on your request, so that we may adequately address your appeal. We will respond to your appeal in accordance with applicable law.

You may also request information about our practices related to our disclosure of your Personal Data to certain third parties for their direct marketing purposes. You may be able to opt out of our sharing of your Personal Data with unaffiliated third parties for the third parties’ direct marketing purposes in certain circumstances. You can contact us with your request through one of the contact methods described under the section titled Contact Secureframe.

California’s Shine the Light law

If you are a California resident, you are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of Personal Data to third parties for their direct marketing purposes in the preceding calendar year. To request the above information, please email us at privacy@secureframe.com or write to us at 548 Market St #30287, San Francisco, CA 94104 with a reference to "CA Disclosure Information" and include your name, street address, city, state, and ZIP code. In your request, please attest to the fact that you are a California resident and provide a current California address. We will reply to valid requests by sending a response to the email address or physical address from which you submitted your request. Please note that Secureframe is not required to respond to requests made by means other than through the provided email address or mail address. Please note that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing and the relevant details required by the Shine the Light law will be included in our response.

13. Children's Personal Data

Our Services and Marketing Activities are not intended for users under the age of 16, and Secureframe does not knowingly collect Personal Data from children under the age of 16 in a manner that is not permitted by the U.S. Children's Privacy Protection Act ("COPPA") or other applicable laws. If you are under the age of 16, please do not use or submit any Personal Data through the Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data without their permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to Secureframe through the Services, please contact us at privacy@secureframe.com or send us a letter to the mailing address in the section entitled "Contact Secureframe" below. 

We do not knowingly "sell" or “share” as those terms are defined under US data protection laws, the Personal Data of minors under 16 years old who are U.S. residents.

14. Links to Third-Party Web Sites

The Site and Services may contain links to other web sites, resources or services not operated or controlled by Secureframe (the “Third Party Sites”). The policies and procedures we described here do not apply to the Third Party Sites. The privacy practices of these websites and services will be governed by their own policies. 

We make no representation or warranty as to the privacy policies of any third parties, including the providers of third party applications. If you are submitting information to any such third party through our Sites or Services, you should review and understand that party’s applicable policies, including their privacy policy, before providing your information to the third party. For example, it is possible that your payment information (such as credit card or debit card information) may be collected and stored by third party payment vendors. We suggest contacting those third parties directly for information on their privacy policies or if you have any questions or concerns about their privacy policies and practices.

15. Changes to Secureframe’s Privacy Policy

The Services and our business may change from time to time. As a result, at times it may be necessary for Secureframe to make changes to this Privacy Policy. Secureframe reserves the right to update or modify this Privacy Policy at any time and from time to time without prior notice. Please review this policy periodically, and especially before you use our Sites or our Services or engage with our Marketing Activities. This Privacy Policy was last updated on the date indicated above. Your continued use of the Services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy. We encourage you to review this Policy frequently to be informed of how Secureframe is protecting your Personal Data.

16. Contact Secureframe
Please feel free to contact us if you have any questions or concerns about Secureframe’s Privacy Policy or our privacy practices, including if you need to access this Policy in an alternative format, or if you wish to lodge a complaint about our privacy practices.

You may contact us as follows:privacy@secureframe.com, by using the Your Privacy Choices form, or by registered mail at 548 Market St., Suite #30287, San Francisco, CA 94104.

The data controller of your Personal Data is Secureframe, Inc.

Country Representative
EEA Osano International Compliance Services Ltd
ATTN: IEIQ
3 Dublin Landings
North
Wall Quay
Dublin 1
D01C4E0
United Kingdom Secureframe Europe Limited
C/O Fieldfisher Riverbank House
2 Swan Lake
London
EC4R 3TT
Attn: Secureframe Legal Dept