Privacy Policy
Effective from Apr 10, 2023
UpGuard, Inc and its subsidiary UpGuard Pty Ltd (“UpGuard®”, “we”, “us” or “our”) is committed to protecting the privacy of individuals and specifically the privacy of individuals whose personal information (defined below) we collect or may control the processing of in the course of our business operations. This Privacy Policy applies to the website: www.upguard.com (the “Site”) and our products (“CyberRisk”, "Vendor Risk" and “UpGuard BreachSight®”) (collectively, the “Services”) owned and operated by us on our software-as-a-service platform (the “Platform”). This Privacy Policy (“this Policy”) explains how we collect, use, share, store and retain the personal information and your rights in relation to your privacy. We are committed to ensuring we comply with all applicable privacy laws, including but not limited to the General Data Protection Regulation (“GDPR”), California Consumer Privacy Act of 2018 as amended by California Privacy Rights Act of 2020 (“CCPA”), and Privacy Act 1988 (Cth) (“Privacy Act”). We may periodically review and update this Policy from time to time and will post a revised version on the Site. If we make any material changes, we will notify you by email (sent to the email address specified in your account) or with a notice on the Site prior to the changes becoming effective.


What is Personal Information?

Personal Information is any information where your identity is reasonably ascertainable. It is information that can be used to identify you. Depending on how you engage with us, this broad definition may include information such as your name, email address, physical address, phone number, or company or business name (collectively, “Personal Information”). If you are in the European Economic Area, the UK or Switzerland, this will also include any personal data as defined in the GDPR.

What Personal Information do we collect?

The categories of Personal Information we may collect depends on whether you are a customer, vendor or other Platform user, business partner, supplier, job applicant, or visitor to the Site.

Customers

For customers, Personal Information that we collect may include: 

  • Business contact details including name, job title or position, business physical address, business email address, and business phone numbers of employees and representatives authorized to use the Services;
  • Invoicing and payment details;
  • Credit card details and billing information where collected through our third-party PCI compliant service provider; 
  • Records of customer’s use of our Services; 
  • Prospective customer’s business contact details, including name, job title or position, business physical address, business email address, and business phone number of employees and representatives; 
  • Log file data which may include internet protocol (IP) addresses, browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, your mobile carrier, and system configuration information.

The above is applicable if you are a customer, a prospective customer or have requested a demonstration of our Services.

Vendors, Other Platform Users

For vendors and other Platform users, Personal Information that we collect may include:

  • Business contact details such as your name, business email address, and business phone number;
  • Log file data which may include internet protocol (IP) addresses, browser type, URLs of referring/exit pages, operating system, date/time stamp, information you search for within the platform, locale and language preferences, identification numbers associated with your devices, your mobile carrier, and system configuration information.

The above is applicable if you are a vendor or other entity that (i) is selected by a customer to complete a questionnaire or assist with remediation; (ii) has been granted access to view public or published profiles on the Platform; or (iii) has been granted access to perform an approval within the Platform.

Business Partners and Suppliers of UpGuard

For business partners (e.g. reseller) and suppliers of products and services to UpGuard, Personal Information that we collect may include:
  • Business contact details such as your name, business email address, business physical address, and business phone number;
  • Invoicing and payment details.

Applicants and Future Staff

For applicants and  future staff, Personal Information that we collect may include: 

  • Contact details such as your name, physical address, email address, and phone number; 
  • Employment related information such as information in your resume regarding previous working experience, qualifications and certifications, police clearance (where applicable), referee details;
  • References for future staff, which may include name, title, company, email address, and phone number;
  • Records of communications with us which may include information gathered during interviews. 

Visitors to the Site

You are free to explore the Site without registering for an account. For individuals who visit the Site, Personal Information collected from the Site may include: 

  • Your name, address, email address, phone number and possibly financial and credit card data through information that you submit; 
  • Technical information such as Internet Protocol (IP) address used to connect your computer to the internet, browser information, operating systems and platforms (“Technical Information”); 
  • Information about your visit including the Uniform Resource Locators (URL) clickstream to and through the Site, geolocation, length of your visit, pages viewed, and page interaction information which may include scrolling, clicks, and mouse-overs (“Visit Information”).

How do we collect Personal Information?

Information You Provide To Us

Personal Information may be provided directly by you or a representative when you create an account on our Platform. Through your use of the Services, we collect and store content that you post, send, receive, and share; this content includes any Personal Information about you that you may choose to include. You may also choose to submit Personal Information to our customer support team if you are experiencing a problem with the Services.

Personal Information may be collected directly when you complete a questionnaire from a customer or post a public profile on the Platform.

Personal Information may be received directly from you through applications of employment on our recruitment platform and communication via email or instant messaging services.

You are responsible for the completeness and accuracy of the Personal Information provided and you must ensure that the persons to whom the Personal Information relates have been notified and where required by law, have consented. 

Information We Receive From Other Sources

Personal Information may be collected or received from other users of the Platform and Services, from our business partners, from third-party services (e.g. recruitment agencies and lead generation services), and through participation in events. Personal Information may also be collected through publicly available means, including your websites, social media platforms (e.g. LinkedIn), recruitment platforms, public databases, and other public sources. 

Information Collected Automatically

Personal Information such as the technical information and visit information is automatically collected during your visit to the Site and the Platform. This is enabled through common tracking systems such as cookies and web beacons. UpGuard does not respond to Do Not Track requests.

Cookies

UpGuard and our authorized vendors may use cookies and other technologies to collect information from you for a variety of purposes. These technologies provide us with Personal Information about your devices and networks you utilize to access the Site, Platform, and Services, and other information regarding your interactions with the Site, Platform, and the Services.

We partner with third parties to manage our advertising on other sites. Our third parties may also use technologies such as cookies to gather information about your activities on the Site and other sites in order to suggest advertising based on your browsing activities and interests.

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can change your browser settings to decline cookies if you choose. For more information about UpGuard’s use of cookies, please read our Cookie Policy.

Clear Gifs

We use a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that help us manage and improve the quality of the Site, Platform, Services, and marketing communications by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user's computer hard drive, clear gifs are embedded invisibly on Web pages or in emails and are about the size of the period at the end of this sentence. We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. We tie the information gathered by clear gifs in emails to our customers' Personal Information. You can opt-out of emails from us at anytime by clicking ‘unsubscribe’ at the bottom of an email.

Log Files

Like most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with the Site, Platform, and Services. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, your mobile carrier, and system configuration information. Occasionally, we connect Personal Information to information gathered in our log files as necessary to improve the Site, Platform, and Services. In such a case, we would treat the combined information in accordance with this Policy.

Why do we need your Personal Information? 

We need Personal Information in order to provide our Services and carry out any incidental functions such as account management and providing service support. Doing so falls within UpGuard’s legitimate and legally-protected interests. Specifically, we use Personal Information for: 

  • Processing a customer’s application; 
  • Providing customer the Services and support services; 
  • Allowing access to the Platform to respond to questionnaires and create profiles;
  • Managing customer’s account and billing for Services; 
  • Managing supplier’s account and paying for products and services;
  • Managing business partner’s account and paying for resale of Services;
  • Administering our agreement with each customer; 
  • Communicating with our customers about our Services, updates and news;
  • Processing a job application and making a decision about whether to employ you; 
  • Enabling you to use the Site and Platform;
  • Improving the Services
  • Providing our Services and internal operations such as troubleshooting, data analysis, testing and statistical purposes, and product maintenance and improvement; 
  • Keeping the Platform and Services safe and secure such as through the authentication cookies. 

How do we use or share your Personal Information?

Use

We use the Personal Information we collect to provide our Services to customers, to manage customers’ accounts, to bill for Services, to pay suppliers, to compensate business partners, and to provide information you requested. We may use Personal Information to:

  • Create and manage your account;
  • Provide the Services;
  • Process your payment for the Services you have purchased;
  • Pay for products and services purchased by us;
  • Identify and authenticate access to certain areas, functionalities, and features of the  Services;
  • Provide you with a personalized experience;
  • Communicate with you with important information about your account, activities on our Services, and policy changes;
  • Send information to you which you requested;
  • Send you advertising, offers, promotions, newsletters, surveys or other marketing content or information we believe may be of interest to you and your business;
  • Provide your information to our suppliers and business partners in order to deliver Services as part of our contractual agreement with you;
  • Provide your information to third parties, who may provide customer support, facilitate business operations and payments. Such third parties are prohibited from using your personal information except for these purposes;
  • Allow you to register for events;
  • Improve, upgrade, or modify our Services;
  • Improve security and troubleshoot Services;
  • Ensure internal quality control;
  • Understand how you interact with the Site and Platform so that we can provide a more optimal user experience;
  • Detect security incidents and protect against malicious, deceptive, fraudulent or illegal activity;
  • Identify and repair errors that impair existing intended functionality;
  • Enforce the legal terms that govern our Services;
  • Comply with our legal obligations;
  • Evaluate your qualifications for a position and make a employment decision;
  • Conduct reference and background checks;
  • For other purposes for which we obtain your consent.

We will never sell to or share with third parties as defined under CCPA.

Customer Testimonials

We post customer testimonials on the Site which include Personal Information. We will only share this Personal Information where we have obtained the consent of that customer before posting a testimonial which may also include their name, photograph and business name. 

Compelled Disclosure

We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.

Our Business Partners and Suppliers 

UpGuard uses third-party products and services which are necessary to the operation of the Site and Platform, the Services, and business operations. Examples may include marketing CRM, customer support and payment management in order to provide you with better service. In all cases where our third parties handle your Personal Information we require their acknowledgement and adherence to our Policy and customer data handling policies and restrict such use as required to provide their services.

Where is Personal Information stored and processed? 

UpGuard has offices in the United States of America (USA) and Australia. Your Personal Information may be transferred and stored in countries with differing privacy laws to your own. The Data Protection Addendum reflects the commitment to abide by applicable data protection laws concerning the processing of Personal Information for our customers. Note that the personal data protection and privacy laws in certain countries may not be as protective of Personal Information as they are within your own jurisdiction including the EU and thus exposes you to certain risks (such as a lower standard of protection applying to the processing of your Personal Information or having fewer rights to access your Personal Information, or there might not be a regulatory body dedicated to personal data protection in that country that you approach). UpGuard will take reasonable steps to ensure that recipients in other countries comply with a level of data protection that is considered appropriate such as using the Standard Contractual Clauses approved by the European Commission. However, you acknowledge the potential risks to your Personal Information being processed in such countries such as the USA. 

Personal Information will be retained so long as it is required to provide the Services, maintain Platform access, prevent fraud, and meet legal and financial obligations.

General

Opting out and Unsubscribing 

You can unsubscribe at anytime from receiving communications from UpGuard by clicking unsubscribe at the bottom of emails from us, emailing us at privacy@upguard.com or by sending us mail to UpGuard at 650 Castro Street, Suite 120-387 Mountain View, CA 94041 United States.

Customers, please note, while you can opt-out of receiving marketing communications from us, you cannot opt-out from receiving transactional emails relating to your use of our Platform and Services.

Reviewing, Updating, Correcting, or Removing Your Personal Information

Under applicable privacy laws (including GDPR, CCPA, and Privacy Act), you may have certain privacy rights to your Personal Information. Following confirmation of your identity, UpGuard will provide you with access to the Personal Information we have about you in machine readable format. Additionally, we will respond to your requests that we do the following:

  • Correct any errors, omissions, or outdated information you have supplied to us in relation to use of the Site, Platform, and/or Services;
  • Not use it to contact you;
  • Not sell Personal Information;
  • Object to further processing of your Personal Information;
  • Delete it from our systems.

To exercise any of these rights please contact us at privacy@upguard.com or 650 Castro Street, Suite 120-387 Mountain View, CA 94041 United States.

When contacting us, please make clear in the email what Personal Information you would like to have changed. For your protection, we may only process requests with respect to the Personal Information associated with the email address that you use to send us your request. We may need to verify your identity before implementing your request.

We will respond within a reasonable timeframe to all requests for access, change or delete information we have within a reasonable timeframe. In some instances, we may not delete your personal information if we have a legal obligation to retain it, or we otherwise have a legitimate purpose, such as fraud prevention.

Complaints or concerns

If you have any complaints or concerns regarding how your Personal Information has been handled, you may raise these concerns with us directly by emailing us at privacy@upguard.com

We will promptly investigate your complaint or concern and attempt to resolve the matter. If you are not satisfied with the outcome of your complaint, you may wish to contact your relevant regulatory authority in your jurisdiction.  

Contact Us 

If you have any inquiries or concerns about UpGuard’s Privacy Policy please contact us at privacy@upguard.com or 650 Castro Street, Suite 120-387 Mountain View, CA 94041 United States.

Book a free demo

Book a free, personalized onboarding call with one of our cybersecurity experts.