Privacy Policy

Effective from Dec 15, 2020
UpGuard, Inc and its subsidiary UpGuard Pty Ltd (“UpGuard”, “we”, “us” or “our”) is committed to protecting the privacy of individuals and specifically the privacy of individuals whose personal information (defined below) we collect or may control the processing of in the course of our business operations. This Privacy Policy applies to the website: www.upguard.com (the “Site”) and our products (“CyberRisk”, "Vendor Risk" and “BreachSight”) (collectively, the “Services”) owned and operated by us. This Privacy Policy (“this Policy”) explains how we collect, use, share, store and retain the personal information and your rights in relation to your privacy. We are committed to ensuring we comply with all applicable obligations including the General Data Protection Regulation, California Consumer Privacy Act of 2018, and Privacy Act 1988 (Cth). We may periodically review and update this Policy from time to time and will post a revised version on our website. If we make any material changes we will notify you by email (sent to the email address specified in your account) or with a notice on our website prior to the changes becoming effective.


What is Personal Information?

Personal Information is any information where your identity is reasonably ascertainable. It is information that can be used to identify you. Depending on how you engage with us, this broad definition may include information such as your name, email address, physical address, phone number, or company or business name (collectively, “Personal Information”). If you are in the European Economic Area, the UK or Switzerland, this will also include any personal data as defined in the GDPR. 

What Personal Information do we collect?

We may collect certain types of Personal Information from you. Depending on you engage with us and our services, that Personal Information may include the following: 

Customers

For customer related Personal Information, it includes: 

  • Contact details including name, position, email address, and phone numbers of some of your employees and representatives;
  • Credit card details and billing information where collected through our third party PCI compliant service provider; 
  • Records of customer’s use of our service; 
  • Prospective customer contact details, including name, position, email address and phone number of its employees and representatives. 

The above is applicable if you are a customer, a prospective customer or have requested a demonstration of our Services. 

Staff and future staff

For current staff, future staff, and applicants, the Personal Information that we collect includes: 

  • Contact details such as your name, physical address, email address, and phone number; 
  • Employment related information such as information in your resume regarding previous working experience, qualifications, police clearance (where applicable), referee details; and 
  • Records of candidate communications with us which may include information gathered during interviews; 

Visitors to our website

You are free to explore our website without registering for an account. For individuals who visit our website, Personal Information collected from the website may include: 

  • Your name, address, email address, phone number and possibly financial and credit card data through information that you submit; 
  • Technical information such as Internet Protocol (IP) address used to connect your computer to the internet, browser information, operating systems and platforms (“Technical Information”); 
  • Information about your visit including the Uniform Resource Locators (URL) clickstream to and through our website, length of your visit, pages viewed, and page interaction information which may include scrolling, clicks, and mouse-overs (“Visit Information”).

How do we collect Personal Information?

Personal Information related to our customers is collected directly from our customers and through their representatives. Our customers are responsible for the completeness and accuracy of the Personal Information provided and ensuring that the persons who the Personal Information relates have been notified and where required by law, have consented. 

Personal Information related to prospective customers may be collected through publicly available means including your websites, LinkedIn, or through participation at events and other public sources. 

Personal Information related to staff and prospective staff will be received directly from you and may be received over email, our recruitment platform, or through recruitment agencies, your referees and other public resources such as LinkedIn. 

Where someone visits our website, we will collect the Personal Information you provide to us directly and also some information such as the Technical Information and Visit Information is automatically collected during your visit to the website. This is enabled through common tracking systems such as cookies and web beacons. 

Cookies

UpGuard and our authorized vendors may use cookies and other technologies to collect information from you for a variety of purposes. These technologies provide us with personal information about your devices and networks you utilize to access our Websites, and other information regarding your interactions with our Websites.

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can change your browser settings to decline cookings if you choose. For more information about UpGuard’s use of cookies, please read our Cookie Policy.

We partner with third parties to manage our advertising on other sites. Our third parties may also use technologies such as cookies to gather information about your activities on our Website and other sites in order to suggest advertising based on your browsing activities and interests.

Clear Gifs

We use a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that help us manage and improve the quality of our Website and marketing communications by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user's computer hard drive, clear gifs are embedded invisibly on Web pages or in emails and are about the size of the period at the end of this sentence. We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. We tie the information gathered by clear gifs in emails to our customers' Personal Information. You can opt-out of emails from us at anytime by clicking ‘unsubscribe’.

Log Files

Like most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites and Services. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, your mobile carrier, and system configuration information. Occasionally, we connect personal information to information gathered in our log files as necessary to improve our Websites and Services. In such a case, we would treat the combined information in accordance with this Policy.

Why do we need your Personal Information? 

We need Personal Information in order to provide our Services and carry out any incidental functions such as account management and providing service support. Doing so falls within UpGuard’s legitimate and legally-protected interests. Specifically, we use Personal Information for: 

  • Processing a customer’s application; 
  • Providing customer services and support services; 
  • Account management, billing; 
  • Administering our agreement with each customer; 
  • Communicating with our customers about our services, updates and news;
  • For employees and candidates, we must have access for the purposes of processing a job application and make a decision about whether to employ you; 
  • For visitors to the website, we need to enable you to use the website and provide our services and internal operations such as troubleshooting, data analysis, testing and statistical purposes; 
  • Keeping the website safe and secure such as through the authentication cookies. 

How do we use or share your Personal Information?

Use

We use the information we collect to provide our Services to customers, to manage customers’ accounts, for billing, and to provide information you requested. In addition, we may use personal information for the following purposes:

  • Send information to you which we believe may be of interest by email;
  • Send you marketing communications which we believe may be of interest to your business;
  • Provide your information to our partners and/or resellers in order to deliver products or services as part of our contractual agreement with you;
  • Provide your information to third parties, who may provide customer support, facilitate business operations and payments. Such third parties are prohibited from using your personal information except for these purposes;
  • To improve or modify our services; and
  • To understand how users interact with the Site so that we can improve it and provide a more optimal user experience.

We will never sell your information to third parties.

Customer Testimonials

We post customer testimonials on our website which include Personal Information. We will only share this Personal Information where we have obtained the consent of that customer before posting a testimonial which may also include their name, photograph and business name. 

Compelled Disclosure

We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.

Our Vendors and Service Providers 

UpGuard uses third party services which are necessary to the operation of our website, product and business operations. Examples may include, marketing CRM, customer support and payment management in order to provide you with better service. In all cases where our third parties handle your Personal Information we require their acknowledgement and adherence to our Policy and customer data handling policies.

Where is Personal Information stored and processed? 

UpGuard has offices in the United States of America (USA) and Australia. Your Personal Information may be transferred and stored in countries with differing privacy laws to your own. Note that the personal data protection and privacy laws in certain countries may not be as protective of Personal Information as they are within your own jurisdiction including the EU and thus expos you to certain risks (such as a lower standard of protection applying to the processing of your Personal Information or having fewer rights to access your Personal Information, or there might not be a regulatory body dedicated to personal data protection in that country that you approach). UpGuard will take reasonable steps to ensure that recipients in other countries comply with a level of data protection that is considered appropriate such as using the Standard Contractual Clauses approved by the European Commission. However, you acknowledge the potential risks to your Personal Information being processed in such countries such as the USA. 

General

Opting out and Unsubscribing 

You can unsubscribe at anytime from receiving communications from UpGuard by clicking unsubscribe at the bottom of emails from us, emailing us at privacy@upguard.com or by sending us mail to UpGuard at 650 Castro Street, Suite 120-387 Mountain View, CA 94041 United States.

Customers, please note, while you can opt-out of receiving marketing communications from us, you cannot opt-out from receiving transactional emails relating to your use of our product and/or services.

Reviewing, updating, correcting or removing your Personal Information

If you reside or are located in the EEA or Switzerland, on request, and following confirmation of your identity, UpGuard will provide you with access to the personal information we have collected about you in machine readable format. Additionally, we will respond to your requests that we do the following:

  • Correct any errors, omissions, or outdated information you have supplied to us in relation to use of our website and/or products.
  • Not use it to contact you.
  • Object to further processing of your personal information.
  • Delete it from our systems.

To exercise any of these rights please contact us at privacy@upguard.com or 650 Castro Street, Suite 120-387 Mountain View, CA 94041 United States.

When contacting us, please make clear in the email what Personal Information you would like to have changed. For your protection, we may only process requests with respect to the personal data associated with the email address that you use to send us your request. We may need to verify your identity before implementing your request.

We will respond within a reasonable timeframe to all requests for access, change or delete information we have within a reasonable timeframe. In some instances, we may not delete your personal information if we have a legal obligation to retain it, or we otherwise have a legitimate purpose, such as fraud prevention.

Complaints or concerns

If you have any complaints or concerns regarding how your Personal Information has been handled, you may raise these concerns with us directly by speaking with our Privacy Officer at privacy@upguard.com

We will promptly investigate your complaint or concern and attempt to resolve the matter. If you are not satisfied with the outcome of your complaint, you may wish to contact your relevant regulatory authority in your jurisdiction.  

Contact Us 

If you have any inquiries or concerns about UpGuard’s Privacy Policy please contact us at privacy@upguard.com or 650 Castro Street, Suite 120-387 Mountain View, CA 94041 United States.

Anonymously report a code of conduct violation

What would you like to report?

Your report has been received and we will be investigating.
Something went wrong while submitting the form... Please refresh the page.

Book a free demo

Book a free, personalized onboarding call with one of our cybersecurity experts.