Updated July 1, 2021
What kinds of information do we collect?
Information you provide directly to us
For example, we collect information you provide in order to access our solutions, use our sites, subscribe to our content, or register for an activity associated with Promero, Inc.. This may include, but is not limited to, your name, email address, telephone number, and mailing address.
If you make a purchase from Promero, Inc., become one of our vendors, or otherwise establish a relationship with us that involves financial transactions, we collect information about those transactions. This may include, but is not limited to, your credit or debit card information, account and authentication information, tax identifiers, and other billing, delivery, and contact details.
Information we collect to deliver and improve our solutions and services
In order to provide our solutions and services to you, we must necessarily collect certain information automatically. This also helps us to ensure that our solutions and services are operating correctly. The types of information we collect include:
- Device and network data
- User and system behavior
- Application logs
- Organizational information
- Other relevant machine data
We also collect information about the solutions you use and how you use them, such as how often you access our products and which features you use most frequently. This is done in an effort to improve your experience with our solutions. For example, we may use this information to reach out to you if you seem “stuck” on a certain process within the solution, to make our solutions more intuitive, or to enhance the solution’s most popular features.
On our sites, Promero, Inc. and our third-party partners collect information using cookies and other tracking technologies..
Information from third-parties
We receive various types of information from third-parties on some occasions, such as when we jointly offer services or sponsor events. We also collect data from third party security providers and online databases in connection with our research activities that relate to active or historic threats, vulnerabilities, and risks around the world. This can include data like domain names, IP addresses, email accounts, and usernames that are associated with security risks (for example, known compromised accounts and usernames), and we use this information to enhance the security services we provide to you.
How do we use this information?
To deliver, improve, and develop our offerings
We are able to deliver our solutions and services, understand the behavior of attackers, and better help our customers keep their environments safe by using the information we collect above.
In general, we only process our customers’ information to deliver our offerings on their behalf. Although we may collect the information listed above, we do not access information that we process on our customer’s behalf, such as user, network, vulnerability, incident, or asset information, unless our customers have requested we do so to investigate issues with our solution or carry out a service.
To communicate with you
We use your information to communicate with you about our solutions, services, features, surveys, newsletters, offers, promotions, and events, and to provide other news or information about Promero, Inc. and our partners, in accordance with your communications preferences.
We will also use your information to respond to you when you contact us.
To conduct research initiatives
The vast majority of the data we collect through our research initiatives is data that’s publicly available. It is collected to educate and enrich the security community, and foster secure adoption of technology. For example, one of our research initiatives uses the metadata from publicly expose services to identify large-scale misconfigurations and vulnerabilities in consumer, enterprise, and critical infrastructure systems.
How is this information shared?
With organizations participating in or promoting research
Information related to the research we conduct may be shared with various research and security organizations, including academic institutions or publications, but only when this information is already freely publicly available and/or non-identifiable. We may also publish this research online on our website or through third party social media sites.
With third-party vendors, consultants, service providers, or other business partners
Some third parties provide services on our behalf and may require access to your information to carry out that work, including billing, customer support, etc. These service providers are authorized to use your information only as necessary to provide the services in scope and are subject to strict contractual controls to protect the confidentiality and security of your information.
In the case of a merger, sale, financing, or acquisition
California Consumer Privacy Act
We do not sell our customers’ personal information (as that term is defined in the California Consumer Privacy Act) and we will not sell such personal information without providing any required notice and/or right to opt-out of such sale.
How do we respond to legal requests?
We may share personal information with companies, organizations, or individuals outside of Promero, Inc. if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:
- Protect against harm to the rights, property, or safety of Promero, Inc., our customers or the public.
- Meet any applicable law, regulation, legal process, or enforceable governmental request.
- Detect, prevent, or otherwise address fraud, security, or technical issues.
If we receive a government or law enforcement request for customer data, we will promptly notify the customer and provide them with a copy of the request, unless we are legally prohibited from doing so. Further, we may challenge government or law enforcement requests for customer data that we consider to be overly broad or unlawful.
How will we notify you of changes to this policy?
We encourage you to periodically review this page for the latest information on our privacy practices.
How can you manage or delete information about your organization?
Correcting and updating your information
Upon request, Promero, Inc. will provide you with information about whether we hold any of your personal information. You may access, correct, update or request deletion of your personal information by emailing us at firstname.lastname@example.org. We will respond to your request within a reasonable timeframe and in accordance with applicable data protection laws.
We may use your information to send you a newsletter or other marketing communications in accordance with your communication preferences. You may choose to stop receiving our newsletter or marketing communications at any time by following the unsubscribe instructions included in the newsletters or communications. Alternatively, you can opt-out of receiving such newsletters and communications by contacting us at email@example.com.
If you opt to end your engagement with Promero, Inc., you have the opportunity to collect and transfer any data that is possible to export. If you request that Promero, Inc. delete your data, the request will be processed in accordance with applicable law and regulation.
How secure is my data?
We’re a security company, so naturally we take data security very seriously. We use appropriate technical and organizational security measures to protect your data against any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the information we process.
How long do you keep data for?
If you are a customer, we will retain your information for as long as your account is active, or as needed to provide you products and/or services. If you wish to cancel your account or request that we no longer use your information to provide our offerings, contact us at firstname.lastname@example.org.
In all other cases, we will retain and use your information as necessary for legitimate business reasons, including as needed to comply with our legal obligations, to resolve disputes, and to enforce our agreements. When we have no ongoing legitimate business reason to process your information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your information and isolate it from any further processing until deletion is possible.