Last Update: June 8th, 2022
Breach Insider (“Breach Insider”, we" or “us”) helps online businesses (our “Clients”) detect and address user account compromise and other malicious behaviour on their digital properties. In doing so, we collect information about how our detection methods (“Insiders”) are activated, and how they are interacted with by our Clients’ digital properties such as their websites and mobile applications (their “Applications”), as well as how they are utilised by unauthorised parties.
This Policy tells you how we use and protect personal information collected through use of the “Services”, defined as our website(s) and our products and services, including the Breach Insider Service (as that term is defined in the Service Agreement).
This Policy covers only information that is collected through the Services and no other web sites, product or services that may be linked to or available via or from the Services or used in association therewith; nor does this Policy apply to practices of companies that we do not control or to people we do not employ or manage.
You expressly consent to our collection, storage, use and disclosure of your personal and non-personal information as described in this Policy and to all other terms herein.
How we collect and use information
We collect the following types of information:
Information about Clients
- Name and identity, email address, virtual and physical contact information (including for example your business address), professional information, log-in data, and financial information, including credit card and/or bank account numbers.
- Information responsive to surveys or applications for employment, disclosed in resumes, or requested in order to provide brochures or information about our business, employment, products or services.
- Transactional information based on your activities with or on the Services.
- Shipping, ordering, billing and other similar information you provide to purchase or ship an item or service.
- Community discussions, chats, dispute resolution, and correspondence sent to us.
- Computer sign-on data, statistics on page views and traffic to and from the Site.
- Other technical information or data collected from traffic, including IP address and standard web log information.
- Supplemental or additional information we may request from you in the event previous information you’ve provided cannot be verified.
- Information that you voluntarily provide to us, information that we collect as per the Service Agreement, and information set forth in the Order Form (as that term is defined in the Service Agreement).
How we store and protect your information
Any information collected through the Services is stored and processed in the United States. If you use our Services outside of the United States, you consent to have your data transferred to the United States.
Breach Insider maintains strict administrative, technical and physical procedures to protect information stored in our servers, which are located in the United States. Access to information is limited (through username and password credentials, and multi-factor authentication) to those employees who require it to perform their job functions. We use industry-standard Secure Socket Layer (SSL) encryption technology to safeguard the account registration process and sign-up information. Other security safeguards include but are not limited to data encryption, firewalls, and physical access controls to building and files.
To discuss the security programs, procedures and policies that we have selected and utilize to reasonably secure the Services, please contact firstname.lastname@example.org. We will be happy to discuss our security program with you.
Our Use of Information
We may combine your information with information we collect from other sources to improve or promote the Services. We do not sell or rent your personal information to non-affiliated third parties for their marketing purposes without your prior consent. You agree that we may use your personal information as specified in the Service Agreement, and to:
- Fulfil the purposes disclosed when you provided your information to us.
- Provide, deliver, and collect payment for the services, products, and customer support you request.
- Resolve disputes, collect fees, and troubleshoot problems.
- Prevent potentially prohibited or illegal activities, and enforce our Services-related agreements.
- Customize, measure, and improve our Services and their functionality, content and layout.
- Provide you with personalized content or recommendations.
- Tell you about targeted marketing, service updates, and promotional offers based on your communication preferences.
- Compare information for accuracy, and verify it with third parties.
We may also share your personal information with:
- Members of our corporate family to help detect and prevent potentially illegal acts and provide joint services to requesting users.
- Service providers, consultants or similar contractors to support or enhance the Services or our business operations, or to whom we contract in order to carry out transactions initiated by you, such as credit card processing organizations or hosting service providers.
- Other third parties to whom you explicitly ask us to send your information (or about whom you are otherwise explicitly notified and solicited consent when using a specific service).
- Law enforcement or other governmental officials, in response to a verified request relating to a criminal investigation or alleged illegal activity.
- Persons as we in our sole discretion believe necessary or appropriate in connection with an investigation of fraud, intellectual property infringement, piracy, or other unlawful activity.
- Other business entities, should we plan to merge with, receive financing from, or be acquired by that business entity.
How Long We Keep Information
We generally discard information about you when it’s no longer needed for the purposes for which we collect and use it — described in the section above on Our Use of Information — and we’re not legally required to keep it. For example, we keep web server logs that record information about a visitor to our website, like the visitor’s IP address, browser type, and operating system, for approximately 30 days. We retain the logs for this period of time in order to, among other things, analyse traffic to our website and investigate issues if something goes wrong on our website.
Your Use of the Site
Your user ID may necessarily be displayed throughout the Services and to the public. All of your activities as such will be traceable to your user ID. Please understand that if you link your name with your user ID, others will be able to personally identify your activities.
Web Site Features (including cookies)
You may also encounter cookies from third parties. Third party cookies are cookies that are served by third parties other than us. You are always free to choose whether to accept or reject website cookies, although doing so may interfere with, terminate and/or restrict your use of the Services. If you wish to reject cookies, you can do so by changing the settings of your web browser, and instructions about how to do this can normally be found in the “help” menu of your web browser.
In addition, the Services may incorporate pixel tags, web beacons or other web site usage measurement technologies. Such devices are used to collect other information, such as the identity of the applicable internet service provider, the user’s IP address of his or her personal terminal device, the type of browser software and operating system in use, the date and time of site access, the website address, if any, from which the user linked to the Services, and other similar traffic-related information. Such information is used for the purposes described above. We may also aggregate such information with similar data collected from other users or disclose such aggregate information to third parties. However, we do not use such data in any way to create or maintain personal information from you.
We do not engage in the collection of personally identifiable information from users across third party sites or applications, except for log-in information that each user provides in order to access the user’s other applications, sites or services via the Breach Insider Service. We do not knowingly enable other parties to collect personally identifiable information about our users’ activities over time and across different sites or services.
Your password to access our Services, if any, deserves careful thought and protection. Use unique numbers, letters, and special characters and do not disclose your password to anyone. If you do share your password or your personal information with others, remember that you are responsible for all actions taken in the name of your account. If you lose control of your password, you may lose substantial control over your personal information and may be subject to legally binding actions taken on your behalf. If your password has been compromised for any reason, you should immediately access your profile on the Site to change your password and notify us immediately at email@example.com.
You can see, review and change most of your personal information by logging into our websites. You must promptly update your personal information if it changes or is inaccurate. We retain personal information from closed accounts in order to comply with law, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, enforce our Services-related agreements, and take other actions otherwise permitted by law or as specified elsewhere in this Policy.
If at any time you choose to opt out from allowing us to use your personal information in the future to provide you with special offers or information regarding new products or services, check the “opt-out” box, either at the time you provide your personal information or via any subsequent marketing communication that we send you.
Contacting Us About These Rights
You can usually access, correct, or delete your personal data using your account settings and tools that we offer, but if you aren’t able to or you’d like to contact us about one of the other rights, please contact us at firstname.lastname@example.org. When you contact us about one of your rights under this section, we’ll need to verify that you are the right person before we disclose or delete anything. For example, if you are a user, we will need you to contact us from the email address associated with your account. You can also designate an authorized agent to make a request on your behalf by giving us written authorization. We may still require you to verify your identity with us.
Except as otherwise expressly included in this Policy, this document addresses only the use and disclosure of information we collect from you.
The Services are not directed to those under 13 years of age, and we do not knowingly collect personal information from children. If you are younger than thirteen, please do not provide any personal information to us. If a person 13 years of age or younger has provided personal information to us, a parent or guardian of such person should contact us at email@example.com so that we can remove such personal information from our database. We reserve the right to limit participation in particular programs, offers or promotions to those over 18 years of age.