Product Privacy Policy

Last Updated: October 1, 2019

Purpose

This Product Privacy Policy applies to your use of the ThreatSwitch Subscription Service (the Subscription Service) as a customer of ThreatSwitch (ThreatSwitch, Inc.). This Product Privacy Policy applies to the data ThreatSwitch processes on behalf of our customers (Customer Data) in our capacity as a processor. This Product Privacy Policy does not apply to any information or data collected by ThreatSwitch as a controller for other purposes, such as information collected on our websites or through other channels for marketing purposes. 

ThreatSwitch processes Customer Data under the direction of our Customers. Customers are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the data to ThreatSwitch for processing purposes. Terms not otherwise defined herein shall have the meaning as set forth in the ThreatSwitch Customer Terms of Service (the ‘Agreement’). In the event of a conflict between this Product Privacy Policy and the Agreement, the terms of the Agreement will control.

We periodically update this Product Privacy Policy. We will post any changes on this page and, if the changes are significant, we will provide an update through the Notification app in your ThreatSwitch portal. While we will notify you of any material changes to this Product Privacy Policy prior to the changes becoming effective, we encourage you to review this policy periodically. 

Information We Collect and Receive

Location Information: We collect location-based information exclusively for the purpose of security monitoring on the system.

Service Data (including Session and Usage data): When you use the Subscription Service, we automatically collect information about your computer hardware and software. This information can include your IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times and referring website addresses. This information is fully anonymized and used by ThreatSwitch for the operation of the Subscription Service and to maintain quality of the Subscription Service. 

Data Managed by Customers

ThreatSwitch does not control the content of customer accounts or the data that customers may choose to collect or manage using the Subscription Service.  ThreatSwitch stores our customers' information as they direct and in accordance with our agreements with our customers, and we store it on our servers. For more information, please see our terms and conditions

Data Sharing

Ensuring your privacy is important to us. We do not share your personal information with any third parties.  ThreatSwitch partners with HelloSign, who is exclusively a data processor for electronic form data. For more information on HelloSign’s SOCII compliance and privacy policy, click here.

Data Retention

The data you enter into ThreatSwitch as part of your use of the Subscription Service is retained according to the relevant agreements between you and ThreatSwitch. Customer Data is retained for as long as you remain an active customer. Your data is deleted upon an account administrator’s written request or after an established period following the termination of all customer agreements, typically two months. 

In general, Customer Data is deleted after your paid Subscription ends and your system becomes inactive. Due to regulations in data retention set by the federal government in the industrial security space, individual end-users may not request data deletion of ThreatSwitch, only appointed account administrators. Data deletion conducted by ThreatSwitch is completed for an entire company, not individual users.