skip to Main Content

Privacy Policy for Signal Sciences

This Privacy Policy was last updated on March 8, 2019.

Welcome to the web site (the “Site”) of Signal Sciences Corp. (“Signal Sciences”, “we”, “us” and/or “our”). This Site is operated by Signal Sciences and has been created to provide information about our company and our web application defense services (together with the Site, the “Services”) to our Services visitors (“you”, “your”). This Privacy Policy sets forth Signal Sciences’ policy with respect to personal data (“Personal Data”) and other information that is collected from visitors to the Services.

We are committed to protecting your privacy, being transparent about the Personal Data and other information being collected, and exceeding information security standards for protecting that data. With our Services, we have worked to build features that give customers more control over their data, like IP anonymization and data redactions. We also are certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks established by the U.S. Department of Commerce regarding the handling of Personal Data transferred from the European Union and Switzerland to the United States, as discussed more below.

Please feel free to contact us if you have any questions about our Privacy Policy or the information practices of the Services. You may contact us at: privacy@signalsciences.com.

By voluntarily providing us with Personal Data or using our Services, you agree to our use of it in accordance with this Privacy Policy. If you do not agree to this Privacy Policy, please do not access or use the Services.


Information we collect and our use of that information

When you interact with us via the Services, we may collect Personal Data and other information from you, as further described below.

Signal Sciences uses the Personal Data you provide in a manner that is consistent with this Privacy Policy. If you provide Personal Data for a certain reason, we may use the Personal Data in connection with the reason for which it was provided. For instance, if you contact us by email, we will use the Personal Data you provide to answer your question or resolve your problem. Also, if you provide Personal Data in order to obtain access to the Services, we will use your Personal Data to provide you with access to such services and to monitor your use of such services. Signal Sciences may also use your Personal Data and other information collected through the Services to help us improve the content and functionality of the Site, and to better understand our users and to improve the Services. Signal Sciences may use this information to contact you in the future to tell you about services we believe will be of interest to you. If we do so, each marketing communication we send you will contain instructions permitting you to “opt-out” of receiving future marketing communications. In addition, if at any time you wish not to receive any future marketing communications or you wish to have your name deleted from our mailing lists, please contact us as indicated above. If we intend on using any Personal Data in any manner that is not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time at which the Personal Data is collected.

Automatically Collected Data

When you interact with us through the Services, we automatically receive and store certain information such as your Internet Protocol (“IP”) address, browser type, referring URL, operating system and information on the time and click behavior of the visitor during a browser session. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. We may store such information on our systems or such information may be included in databases owned and maintained by our agents or service providers. The Services may use such information and pool it with other information to track, for example, the total number of visitors to our Site, the number of visitors to each page of our Site, and the domain names of our visitors’ Internet service providers, so that we can better understand usage as well as make improvements. We treat this information as Personal Data if it relates to an identified or identifiable individual and is transferred to us by a visitor to the Site or user of the Services in the EU or Switzerland, as applicable.

Personal Data That You Provide Through the Services

If you are a customer or prospective customer (or a representative or employee of one of our customers), we collect Personal Data from you when you voluntarily provide such information, such as name, company name, address, phone number, and email address when you contact us with inquiries, respond to one of our surveys, register for access to the Services or use certain Services, and payment and billing information when you pay for our Services. Wherever we collect Personal Data we provide a link to this Privacy Policy. As noted above, we collect Personal Data principally in order to respond to your questions and requests about the Services and improve your experience with them.

Cookies

In operating the Site, we and our third-party providers set and use a technology called “cookies.” A cookie is a piece of information that the computer that hosts our Site gives to your browser when you access the Site. Our cookies help provide additional functionality to the Site, help us analyze Site usage more accurately, and deliver targeted advertising. Moreover, on the console website accessible by our customers in relation to their use of the Services, we use analytics cookies (namely, Google Analytics), described below.

We also use pixel tags (usually in combination with cookies), from the third parties described below, to get information about your usage of the Services and your interaction with email or other communications. Pixel tags are a technology similar to cookies that can be embedded in online content or within the body of an email for the purpose of tracking activity on websites (for example, to know when content has been shown to you), or to know when you have viewed particular content or a particular email message.

By choosing to use the Services after having been notified of our use of cookies and other technologies in the ways described in this Privacy Policy, and, in applicable jurisdictions, through notice and unambiguous acknowledgement of your consent, you agree to such use.

Technologies Used.

The Site uses the following technologies:

  • Strictly Necessary Cookies: Used to provide users with the Services and to use some of their features, such as the ability to log-in and access secure areas. These cookies are served by Signal Sciences and are essential for using the Services. Without these cookies, users will not receive the full intended purposes of our service offerings. Because these cookies are strictly necessary to deliver the Services, you cannot refuse them.
  • Analytics/Performance Cookies: We use “analytics” cookies, described below, that allow us to recognize and track visitors to see how visitors move around our Services when they are using them. This helps us to improve the way our Services work, for example by making sure users are finding what they need easily. The collected data provides us only with traffic statistics (like pages viewed, number of visitors, and time spent on each page).
    • Google Analytics, a web analytics service provided by Google Inc. (“Google”). A Google Analytics cookie is also used on the console website accessible by our customers in relation to their use of the Services. The information collected by Google (including your IP address) will be transmitted to and stored by Google on servers in the United States (Google is certified to the Privacy Shield for data transfers). How long a Google Analytics cookie remains on your computer or device depends on what it is and what it is used for. Some Google Analytics cookies expire at the end of your browser session, whilst others can remain for up to two years. You can prevent your data from being collected by Google Analytics on our Site by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser. For more information on Google Analytics privacy practices, read here.
  • Targeting/Advertising Cookies/Pixel. We use cookies and pixel tags from third parties to serve ads to you based on your visit to our Site, as described below:
    • DoubleClick. Enables Google and its partners to serve ads to you based on your visit to our Site. DoubleClick cookies expiration can range from 2 months to 2 years. Learn more about Google’s privacy practices here. You may opt out of personalized advertising by visiting Google’s Ads Settings here. You can also prevent your data from being collected by DoubleClick on our Site by downloading and installing the DoubleClick Opt-out Browser Add-on for your current web browser.
    • HubSpot. Provides us with information on your use of our Site. We may use this information to enable us to provide you with information which we believe will be of interest to you. Some HubSpot cookies expire at the end of your browser session, while others can remain for up to 13 months (for more details, please read here). Learn more about HubSpot’s privacy practices here and, for more details on the types of cookies used by HubSpot, read here.
    • Bing. We use Bing Ads Universal Event Tracking (UET) tracking cookies which allow us to advertise on third party websites through the Bing Ads Advertising network (an advertising service provided by Microsoft, Inc.). These cookies collect information about your online activities once ads have been clicked, including pages you visited and time spent on each. Some cookies expire at the end of your browser session, while others can remain for up to 2 years. Learn more about Bing’s privacy practices here and details on the Universal Event Tracking here. You can opt out of receiving interest-based advertising from Microsoft as described in the Microsoft’s opt-out page.

You can manage cookies in your web browser, including accepting, rejecting, or deleting cookies. On most web browsers, you will find a “help” section on the toolbar that can help in that process. Please also refer to this section for information on how to receive notification when you are receiving a new cookie and how to turn cookies off. We recommend that you leave cookies turned on because they allow you to take advantage of some of the Services features.

Most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit the Network Advertising Initiative’s online resources at http://optout.networkadvertising.org/?c=1 and follow the opt-out instructions there or, if you are located in the European Union, visit the European Interactive Digital Advertising Alliance’s Your Online Choices opt-out tool here.

If you want to know more about cookies, some resources to get you started include: www.aboutcookies.org or www.allaboutcookies.org.

Aggregated Personal Data

In an ongoing effort to better understand and serve the users of the Services, we often conduct research on our customer demographics, interests and behavior based on the Personal Data and other information provided to us. This research may be compiled and analyzed on an aggregate and anonymous basis, and we may share this aggregate and anonymized data with our agents and business partners. We may also disclose aggregated and anonymized user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.

Customer Data

We collect on behalf of our customers very limited data from users of the Services, primarily IP addresses, which is collected along with usage data, in part, via cookies (“Customer Data”). This data is collected for providing our Services to customers, protecting the systems supporting our Services, ensuring all the necessary functions of the Services are working properly, gathering necessary analytics, and ensuring compliance with our contractual agreements, or as may be required by law. Our use of Customer Data is governed by our contract with the specific customer and the customer’s own privacy policies. Signal Sciences will not review, share, distribute, or reference any such Customer Data except as provided in the Signal Sciences Master Customer Agreement (or other contract documents), or as may be required by law.


Our disclosure of your personal data and other information

Signal Sciences is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below.

Business Transfers

As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.

Agents, Consultants and Related Third Parties

Signal Sciences, like many businesses, sometimes hires other companies to perform certain business-related functions, such as (i) mailing information, (ii) hosting, cloud service providers and other information technology providers, (iii) processing payments, (iv) web analytics providers, (v) providers of digital advertising services and (vi) providers of CRM, marketing and sales software solutions. When we employ another entity to perform a function of this nature, we only provide them with the information that they need to perform their specific function.

Legal Requirements

Signal Sciences may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation or respond to lawful requests by public authorities, including to meet national security or law enforcement requirements, (ii) protect and defend the rights or property of Signal Sciences, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.


Your choices

You can visit the Site without providing any Personal Data and/or disabling cookies. If you choose not to provide any Personal Data or disable cookies, not all of the functions on the Site may be functional. As noted above, you may “opt out” of marking communications by following the instructions contained in all such communications.

To keep your Personal Data accurate, current, and complete, please contact us as specified below. We will take reasonable steps to update or correct Personal Data in our possession that you have previously submitted via the Site or Services.

Please read the General Data Protection Regulation (“GDPR”) section below for information on rights granted by the GDPR to users in the EU (and, to the extent applicable, Switzerland).


Exclusions

This Privacy Policy does not apply to any Personal Data collected by Signal Sciences other than Personal Data collected through the Site or Services. Without prejudice to your rights under the GDPR, this Privacy Policy shall not apply to any unsolicited information you provide to us through the Site, Services or through any other means. This includes, but is not limited to, information posted to any public areas of the Site or Services, such as forums, any ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and Signal Sciences shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.


Children

Signal Sciences does not knowingly collect Personal Data from children under the age of 13. If you are under the age of 13, please do not submit any Personal Data through the Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data on the Services without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Data to us through the Services, please contact us, and we will endeavor to delete that information from our databases.


Links to other web sites

This Privacy Policy applies only to the Services. The Services may contain links to other web sites not operated or controlled by Signal Sciences (the “Third Party Sites”). The policies and procedures we described here do not apply to the Third Party Sites. The links from the Services do not imply that Signal Sciences endorses or has reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies.


Security

Signal Sciences takes reasonable steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Site or Services may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any Personal Data to us via the Internet.


Data retention

We will keep your Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a legitimate business need to do so, or as required by law (e.g. for tax, legal, accounting or other purposes), whichever is the longer

If you have elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving these communications and request that we delete information about you in accordance with our policies.

To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we use your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data.


Changes to the privacy policy

The Site, Services and our business may change from time to time. As a result, at times it may be necessary for us to make changes to this Privacy Policy. Signal Sciences reserves the right to update or modify this Privacy Policy at any time and from time to time without prior notice. However, should we make a substantive change, we will notify you by prominently posting notice of the changes on our website. Please review this policy periodically, and especially before you provide any Personal Data. This Privacy Policy was last updated on the date indicated above. Your continued use of the Services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.


Your California privacy rights

Under California law, a California resident who has provided Signal Sciences with Personal Data (a “California Customer”) is entitled to request certain information with respect to the types of Personal Data that Signal Sciences has shared with third parties for their direct marketing purposes. Please email us at privacy@signalsciences.com in order to request such information.

To opt out of our sharing of your Personal Data with third parties for their direct marketing purposes, please email us at privacy@signalsciences.com and clearly state your request, including your name, mailing address, email address and phone number.


Do not track

Signal Sciences currently does not respond to “Do Not Track” signals and operates as described in this Privacy Policy whether or not a “Do Not Track” signal is received


The Privacy Shield Program

Signal Sciences is compliant with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks established by the U.S. Department of Commerce regarding the handling of Personal Data transferred from the European Union and Switzerland to the United States. Pursuant to that program, we have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. In the event there is a conflict between the Privacy Shield Principles and this Privacy Policy, the Privacy Shield Principles would control. To learn more about the Privacy Shield program, and to view Signal Sciences’ certification, please visit www.privacyshield.gov.

We may be accountable for the Personal Data we receive under the Privacy Shield that we may transfer onward to third-party service providers (as described in the “Our Disclosure Of Your Personal Data And Other Information” section above) if they process Personal Data in a manner inconsistent with the Privacy Shield Principles and we are responsible if they do so and for the harm caused.

You have certain rights to access, correct, amend, or delete Personal Data where it is inaccurate, or has been processed in violation of the Privacy Shield Principles. You can contact us as described in the “Contact Us” section below. We will respond to your request within a reasonable timeframe. Please see the “General Data Protection Regulation (“GDPR”) section below for more information on the rights of individuals in the EU and, as applicable, Switzerland. When we process Customer Data on behalf of our customers, we will process such requests pursuant to our contract with the applicable customer.

Pursuant to the Privacy Shield Principles, Signal Sciences is dedicated to resolving any concerns or complaints about our collection or use of your Personal Data. Individuals in the EU and Switzerland that have questions or complaints regarding our Privacy Shield policy should start by contacting us at: privacy@signalsciences.com. If your complaint cannot be resolved through our internal processes, please contact our U.S.-based third party dispute resolution provider JAMS (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield. Signal Sciences will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website at https://www.jamsadr.com/international-mediation-rules/. The mediator, or you, also may refer the matter to the U.S. Federal Trade Commission, which has Privacy Shield investigatory and enforcement powers over Signal Sciences.

If your complaint is not resolved through these channels, under certain circumstances, you may be able to invoke binding arbitration before a Privacy Shield Panel to address complaints about Signal Sciences’ compliance with the Privacy Shield Principles. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.


The General Data Protection Regulation (“GDPR”)

Data Controller

Signal Sciences is the data controller for processing Personal Data provided by our Services visitors, but we act as data processor on behalf of our customers for Customer Data that we process on behalf of customers through the Services. You can find our contact details under the “Contact Us” section below.

Lawful Basis for Processing

We rely on the following legal bases for the processing of Personal Data we collect or process about you:

  • Processing of our customers’ Personal Data for the purpose of fulfilling our customer contract, including accepting payments and providing relevant customer support, is necessary to perform our contract with the applicable customer or, as applicable, to take steps at the request of the data subject before entering into a contract.
  • We process Personal Data as necessary for certain legitimate interests, as follows:
    • To respond to your inquiries and fulfill your requests for products and services;
    • To customize our Services for you. For example, we use information on your use of Services features, including information that we obtain through cookies and other technologies, to better understand your needs and interests in order to personalize your experience with our Services by presenting content or functionalities tailored to your interests;
    • To send administrative information to you, for example, information regarding the Site, and changes to our terms, conditions, and policies;
    • To provide, maintain and improve the content and functionality of the Services. For example, we regularly fix bugs or user experience issues that may be tied to particular user accounts. We use cookies and other technologies to analyze how users interact with our Services and that analysis can help us build better Services;
    • If you ask us to delete your data and we are required to fulfil your request, to keep basic data to identify you and prevent further unwanted processing;
    • To prevent fraud or criminal activity, misuse of our products or services, and ensure the security of our IT systems, architecture and networks; and
    • To comply with legal obligations and legal process and to protect and defend our rights, privacy, safety or property, and/or that of our customers or other third parties.
  • Marketing. We rely on your consent to contact you to tell you about services we believe will be of interest to you. You may opt out of receiving such emails at any time by following the instructions contained in each promotional email we send you. In addition, if at any time you do not wish to receive future marketing communications, please contact us as described below.

Your Rights

Subject to applicable EU law (and, to the extent applicable, Swiss law), you have the following rights in relation to your Personal Data that we hold about you:

  • Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of all Personal Data you are lawfully entitled to receive along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
  • Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it.
  • Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent, where applicable.
  • Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing.
  • Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by us by automated means. We will give you your Personal Data in a structured, commonly used and machine-readable format.
  • Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
    • If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing or
    • If we are processing your Personal Data for direct marketing. We may keep minimum information about you in a suppression list in order to ensure your choices are respected in the future and to comply with data protection laws (such processing is necessary for our and your legitimate interest in pursuing the purposes described above);
  • Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
  • Right to lodge a complaint with the data protection authority: you have the right to lodge a complaint to the data protection authority that is authorized to hear those concerns if you believe Signal Sciences has not complied with the requirements of the GDPR regarding your Personal Data.

You may exercise your rights by contacting us as indicated under “Contact Us” section below.


Contact Us

Signal Sciences Corp.

Address:
8520 National Blvd., Suite A
Culver City, CA 90232
001 424.404.1139

Data Protection Officer: Lindsey Lowe
GDPR@signalsciences.com
001 424.404.1139

GDPR EU Representative:

If you are an individual in the EU, you can also contact DPR Group, who has been appointed as Signal Sciences’ representative in the EU pursuant to Article 27 of the GDPR on matters related to the processing of Personal Data that take place in the EU. To make such an inquiry, please contact DPR Group directly in one of the following ways:

  • sending an email to DPR Group at datainquiry@dpr.eu.com quoting <Signal Sciences Corp.> in the subject line,
  • contacting DPR Group via an online webform at www.dpr.eu.com/datarequest, or
  • mailing your inquiry to DPR Group at the most convenient of the addresses of those listed below

PLEASE NOTE: when mailing inquiries, it is essential that you mark your letters for ‘DPR Group’ and not ‘Signal Sciences Corp.’, or your inquiry may not reach DPR Group. Please refer clearly to Signal Sciences Corp. in your correspondence.

For more information regarding DPR Group, please visit www.dpr.eu.com

CountryAddress
AustriaDPR Group, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
BelgiumDPR Group, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium
BulgariaDPR Group, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria
CroatiaDPR Group, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia
CyprusDPR Group, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus
Czech RepublicDPR Group, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic
DenmarkDPR Group, Lautruphøj 1-3, Ballerup, 2750, Denmark
EstoniaDPR Group, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia
FinlandDPR Group, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland
FranceDPR Group, 72 rue de Lessard, Rouen, 76100, France
GermanyDPR Group, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany
GreeceDPR Group, 24 Lagoumitzi str, Athens, 17671, Greece
HungaryDPR Group, EMKE Building, Rákóczi Út 42, Budapest, 1072, Hungary
IrelandDPR Group, Phoenix House, Monahan Road, Cork, T12 H1XY, Republic of Ireland
ItalyDPR Group, BPM 335368, Via Roma 12, 10073 , Turin, Italy
LatviaDPR Group, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia
LithuaniaDPR Group, 44A Gedimino Avenue, 01110 Vilnius, Lithuania
LuxembourgDPR Group, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg
MaltaDPR Group, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta
NetherlandsDPR Group, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands
PolandDPR Group, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland
PortugalDPR Group, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal
RomaniaDPR Group, World Trade Centre, Piata Montreal no 10, Entrance F, 1st Floor, Sector 1, Bucharest, 11469, Romania
SlovakiaDPR Group, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia
SloveniaDPR Group, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia
SpainDPR Group, Puerta de las Naciones, Ribera del Loira 46, Madrid, 28042, Spain
SwedenDPR Group, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden
United KingdomDPR Group, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom
Back To Top