Privacy Policy

Effective Date: August 25, 2023

Menlo Security, Inc., together with its affiliates (“Menlo Security”, “we”, “our” or “us”), is committed to transparency in our collection and processing of information. This Privacy Policy describes how we collect, use, disclose and protect information from and about you through our website www.menlosecurity.com and any other website or mobile application that links to this Privacy Policy (the “Site”), and any other interactions (e.g., customer service and other communications) that you may have with Menlo Security (collectively, the “Services”). PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR INFORMATION. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES.

Table of Contents

SCOPE OF THIS PRIVACY POLICY

THE INFORMATION WE COLLECT

HOW WE USE YOUR INFORMATION

LEGAL BASES FOR USE OF YOUR INFORMATION

ONLINE ANALYTICS AND ADVERTISING

HOW WE DISCLOSE YOUR INFORMATION

YOUR RIGHTS AND YOUR CHOICES

THIRD PARTY LINKS AND FEATURES

INTERNATIONAL USERS

HOW WE PROTECT YOUR INFORMATION

RETENTION OF YOUR INFORMATION

PRIVACY INFORMATION FOR CALIFORNIA USERS

NOTICE TO NEVADA RESIDENTS

CHANGES TO OUR PRIVACY POLICY

CONTACT INFORMATION

SCOPE OF THIS PRIVACY POLICY

For purposes of this Privacy Policy:

This Privacy Policy applies to our handling of information about Site Visitors, prospective Customers, and current Customers and Users (in relation to their procurement of the Menlo Security Technology and management of their relationship with Menlo Security). We refer collectively to these categories of individuals as “you” throughout this Privacy Policy.

However, this Privacy Policy does not cover information about Customer End Users that Menlo Security receives from Customer, or otherwise processes on Customer’s behalf, in connection with the Menlo Security Technology provided by Menlo Security to Customer pursuant to an applicable services agreement (including the content of messages, files and attachments of Customer End Users (“End User Communications”)). Menlo Security processes End User Communications and other information of Customer End Users under the instructions of the relevant Customer as the “data controller” or similar role as defined in applicable privacy laws, as described in the applicable services agreement entered into by such Customer and Menlo Security. Menlo Security’s obligations as a “data processor” or “service provider” with respect to such information are defined in such services agreement, and are not made part of this Privacy Policy.

If you are a Customer End User and you have questions about how your information is collected and processed through the Menlo Security Technology, please contact the Customer who has provided your information to us for more information.

THE INFORMATION WE COLLECT

We collect, store and use certain information from or about you for the purposes described below.

The types of data we collect directly from you include:

We may also collect and store any data and related output created, derived or generated by you through the use of the Services, as well as your Services usage, and your usage of the Menlo Security Technology.

2. INFORMATION WE COLLECT THROUGH AUTOMATED MEANS

When you use our Services, we and our service providers (who are third parties that perform services on our behalf) automatically collect certain information about your device and how you use the Services, including your IP address, browser type, browser language, operating system, the state or country from which you accessed the Services, software and hardware attributes (including device IDs), referring and exit pages and URLs, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services, error logs, and other similar information. From your IP address, we may be able to infer your general location (e.g., city/state or postal code).

To collect this information, we and our service providers may also make use of “cookies” or similar tools that track, measure, and analyze the behaviors and usage patterns of our users. Cookies are small data files that can be stored on your browser and device so we can recognize you when you return. We use cookies for analytics and advertising purposes, to deliver certain features of the Services, to help us understand how users engage with the Services, and to improve your experience. You may set your web browser to notify you when you receive a cookie and to accept or refuse certain cookies. However, if you elect not to accept cookies, some functionality and areas of the Services may be restricted. To learn how to manage your cookies, please follow the instructions from your specific browser, or if accessing the Services via a mobile device, refer to the manufacturer’s instructions.

For more details, please refer to the Menlo Security Cookie Policy and the “Your Rights and Your Choices” section below.

3. INFORMATION WE COLLECT FROM OTHERS

From time to time, we may collect information about you from other sources, including marketing vendors, survey providers, data enhancement services, social media, conferences, and other industry events or other purposes that we explain to you at the time of collection, to the extent permitted by applicable law. We use this information to supplement the information that we collect directly or automatically from you in order to derive your possible interests and provide more relevant experiences for you and improve our Services, analytics, and advertising.

When you “like” or “follow” us on Facebook, LinkedIn, Twitter or other social media sites, we may collect some information from you including your name, email address, and any comments or content you post relevant to us.

HOW WE USE YOUR INFORMATION

We use your information for various purposes depending on the types of information we have collected from and about you, in order to:

Aggregate/De-Identified Information. We may aggregate and/or de-identify any information collected through our Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use such information for any purpose, including without limitation for research and marketing purposes, and may also disclose such data to any third parties, including advertisers, partners, and sponsors.

Combined Information. We may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Privacy Policy.

The legal bases for using your information as set out in this Privacy Policy are as follows:

ONLINE ANALYTICS AND ADVERTISING

ANALYTICS. We may use third-party web analytics services (such as those of Google Analytics) on our Services to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here. If you receive email from us, we may use certain analytics tools, such as clear GIFs to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.

ONLINE ADVERTISING. In using the Services, we allow select third party advertising technology partners to place cookies or other tracking technologies on the browser of your device to collect information about you as discussed above. These third parties (e.g., ad networks and ad servers such as Google, Facebook, and others) may use this information to serve relevant content and advertising to you as you browse the Internet, and access their own cookies or other tracking technologies on your browser to assist in this activity. If you are interested in more information about these online advertising activities, and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link, the Digital Advertising Alliance’s Consumer Opt-Out link, or Your Online Choices to opt-out of receiving tailored advertising from companies that participate in those programs. We do not control these opt-out links or whether any particular company chooses to participate in these opt-out programs. We are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms. Please note that if you use these mechanisms, you may still see advertising on our Services or across the Internet, but it will not be tailored to you based on your online behavior over time.

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our Services for third party purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals.

HOW WE DISCLOSE YOUR INFORMATION

We will disclose your information in the following ways:

YOUR RIGHTS AND YOUR CHOICES

You have certain rights with respect to your information as further described in this section.

1. YOUR LEGAL RIGHTS

If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the “Contact Information” section below at any time. Your local laws (e.g., if you are a citizen or resident of the European Economic Area or certain U.S. states) may permit you to request that we:

They may also permit you to revoke your consent for the processing of your information.

We will consider all requests and provide our response within the time period stated by applicable law and as otherwise required by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request. To submit a request, please contact us at legal@menlosecurity.com.

You may be able to designate an authorized agent to make requests on your behalf. In order for an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorized agent’s request.

Depending on applicable law, you may have the right to appeal our decision to deny your request. We will provide information about how to exercise that right in our response denying the request. You also have the right to lodge a complaint with a supervisory authority.

If you are a Customer End User and your information has been collected by Menlo Security as a result of our Customer’s use of the Menlo Security Technology pursuant to a services agreement between Customer and Menlo Security, Menlo Security collects and processes any information of yours under the directions of the relevant Customer. If these circumstances apply to you and you wish to access, edit, delete or exercise any rights you may have under applicable data protection laws with respect to any information that we have collected about you, please direct your query to the relevant Customer, as this may expedite the completion of your request. We nevertheless provide reasonable assistance to our Customers to give effect to data subject rights as appropriate and required by applicable laws. Please note that End User Communications are collected only temporarily by the Menlo Security Technology and the content does not persist in our systems.

2. NOTICE OF RIGHT TO OPT OUT OF SALES OF INFORMATION AND SHARING OR PROCESSING INFORMATION FOR TARGETED ADVERTISING PURPOSES

Depending on your jurisdiction of residence, you may also have the right to opt out of the “sale” of your information and “sharing” or processing of your information for targeted advertising.

As explained in the “How We Disclose Your Information” section above, we provide information to third-party advertising providers for targeted advertising purposes or use advertising analytics partners to assist us in analyzing use of our Services and our user/customer base. Under applicable law, the disclosure of your information to these third parties to assist us in providing these services may be considered a “sale” of personal information or the “sharing” or processing of personal information for targeted advertising purposes.

If you would like to opt out of the disclosure of your personal information for purposes that could be considered “sales” for those third parties’ own commercial purposes, or “sharing” or processing for targeted advertising purposes, please visit the following link available in the footer of our Service: “Your Privacy Choices.” Note that you will need to opt out on each device you use to access the Services. If you have a legally-recognized browser-based opt out preference signal turned on via your device browser, we recognize such preference in accordance with applicable law.

We do not knowingly sell the information of children under 16 years of age.

3. MARKETING COMMUNICATIONS

If, in accordance with applicable legal requirements, we send you marketing communications regarding our Services, The Menlo Security Technology, or the services of third parties that we believe will be interesting to you, you can ask us to stop sending such communications at any time by contacting us using the information in the “Contact Information” section below. In our marketing email messages, you can also opt out by following the instructions located at the bottom of such emails. Please note that, regardless of your request, we may still use and disclose certain information as permitted by this Privacy Policy or as required by applicable law. For example, you may not opt out of certain transactional emails from us, such as those confirming your requests or providing you with updates regarding our Privacy Policy or other terms.

Our Services may contain links to third-party websites. If you choose to visit these sites and use their services, please note that we are not responsible for their content or privacy practices. The collection, use, and disclosure of your information will be subject to the privacy policies of the third-party websites, and not this Privacy Policy. We urge you to read the privacy policies of these third parties.

INTERNATIONAL USERS

Your information is maintained and processed by us and our third-party service providers in the United States, and may also be maintained, processed, and stored in other jurisdictions that may have different data protection laws than those in your country of residence. In the event that your information is transferred in these ways, please note that we comply with applicable legal requirements governing the transfer of information across borders. By using the Services, you agree to and acknowledge these transfers.

HOW WE PROTECT YOUR INFORMATION

Menlo Security takes a variety of technical and organizational security measures to protect the information provided to us from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. Please keep this in mind when disclosing any information to us online.

RETENTION OF YOUR INFORMATION

We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.

PRIVACY INFORMATION FOR CALIFORNIA USERS

If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).

Throughout this Privacy Policy, we discuss in detail the specific pieces of personal information we collect from and about our users. We provide additional information required by the CCPA in the chart below.

Category of Personal InformationHow We Use this Personal InformationCategories of third parties to which we disclose this personal information for a business purposeCategories of third parties to which we “share” and “sell” this personal information for advertising/ analytics purposes
Contact Information (such as your full name, phone number, address, email address)• Provide the Services and respond to your requests
• Contact you with relevant information and offers
• Customize content, and analyze use of and improve the Services
• Business Transfers
• Comply with law or defend our legal rights
• Security/fraud prevention
• Create aggregate/de-identified information
• Affiliates and Subsidiaries
• Service Providers
• Your Company
• Analytics and Advertising Providers
• Analytics and Advertising Providers
Login Information (such as your account name and password)• Provide the Services and respond to your requests
• Business Transfers
• Comply with law or defend our legal rights
• Security/fraud prevention
• Create aggregate/de-identified information
• Affiliates and Subsidiaries
• Service Providers
We do not sell or share
Professional or Employment Information (such as the name and address of the company you work for and your title)• Provide the Services and respond to your requests
• Contact you with relevant information and offers
• Customize content, and analyze use of and improve the Services
• Business Transfers
• Comply with law or defend our legal rights
• Security/fraud prevention
• Create aggregate/de-identified information
• Affiliates and Subsidiaries
• Service Providers
• Your Company
• Analytics and Advertising Providers
• Analytics and Advertising Providers
Device and Online Information (such as mobile device content, IP address, browsing history, and usage information)• Provide the Services and respond to your requests
• Contact you with relevant information and offers
• Customize content, and analyze use of and improve the Services
• Business Transfers
• Comply with law or defend our legal rights
• Security/fraud prevention
• Create aggregate/de-identified information
• Affiliates and Subsidiaries
• Service Providers
• Analytics and Advertising Providers
• Analytics and Advertising Providers
Marketing preferences• Provide the Services and respond to your requests
• Contact you with relevant information and offers
• Customize content, and analyze use of and improve the Services
• Business Transfers
• Comply with law or defend our legal rights
• Security/fraud prevention
• Affiliates and Subsidiaries
• Service Providers
• Analytics and Advertising Providers
• Analytics and Advertising Providers
Other information (any other information you choose to provide directly to us)• Provide the Services and respond to your requests
• Contact you with relevant information and offers
• Customize content, and analyze use of and improve the Services
• Business Transfers
• Comply with law or defend our legal rights
• Security/fraud prevention
• Create aggregate/de-identified information
• Affiliates and Subsidiaries
• Service Providers
• Your Company
• Analytics and Advertising Providers
• Analytics and Advertising Providers

Opt Out of Sale/Sharing of Personal Information

The CCPA sets forth certain obligations for businesses that “sell” personal information or “share” personal information for cross-context behavioral advertising purposes. Under the CCPA, “sale” and “sharing” are defined such that they may include allowing third parties to receive certain information for advertising purposes.

If you would like to opt out of our use of your information for such purposes that are considered a “sale” or “sharing” for cross-context behavioral advertising purposes under California law (as indicated in the chart above), please visit the “Your Privacy Choices” link in the footer of our website. If you have a legally-recognized browser-based opt out preference signal turned on via your device browser, we recognize such preference in accordance with applicable law.

We do not knowingly sell the personal information of minors under 16 years of age.

Your California Privacy Rights. The CCPA allows you to make certain requests about your personal information. Specifically, the CCPA allows you to request us to:

Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we share/disclose personal information.

In addition, California residents may make certain requests about their personal information under the CCPA as set forth in “Your Rights and Your Choices” section above. The CCPA further provides you with the right not to be discriminated against (as provided for in applicable law) for exercising your rights. Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide the Service to you. We also will take reasonable steps to verify your identity before responding to a request. In doing so, we may ask you for verification information so that we can match at least two verification points with information we maintain in our files about you. If we are unable to verify you through this method, we shall have the right, but not the obligation, to request additional information from you.

If you would like further information regarding your legal rights under California law or would like to exercise any of them, or if you are an authorized agent making a request on a California consumer’s behalf, please contact us using the contact information provided below. If you are a Customer End User, please contact the Customer who has provided your information to us for more information.

If we ever offer any financial incentives in exchange for your personal information, we will provide you with appropriate information about such incentives.

In the limited circumstances that we process sensitive personal information as defined in the CCPA, we do not use or disclose it other than for disclosed and permitted business purposes for which there is not a right to limit under the CCPA.

Shine the Light Disclosure: The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.

NOTICE TO NEVADA RESIDENTS

Certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration (as such terms are defined under Nevada law) to a person for that person to license or sell such information to additional persons. We do not engage in such activity; however, if you are a Nevada resident who has purchased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law by contacting us using the methods outlined in the “Contact Information” section. Please note we may take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.

CHANGES TO OUR PRIVACY POLICY

We reserve the right to amend this Privacy Policy at any time to reflect changes in the law, our data collection and use practices, or advances in technology. We will make the revised Privacy Policy accessible on the Services, so you should review the Privacy Policy periodically. You can know if the Privacy Policy has changed since the last time you reviewed it by checking the “Effective Date” included at the beginning of the document. If we make a material change to the Privacy Policy, you will be provided with appropriate notice in accordance with legal requirements. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Privacy Policy.

CONTACT INFORMATION

Menlo Security welcomes your comments and questions regarding this Privacy Policy and the collection and use of your information. If you have questions or concerns, please email us at legal@menlosecurity.com or write to: Legal Department, Menlo Security, Inc., 800 W. El Camino Real, Ste. 250, Mountain View, CA 94040.