Heading to RSA? Reserve your 1:1 Meeting with Armorblox!
Last Updated: December 21, 2022
Armorblox, Inc. and its subsidiaries and affiliate companies, including Armorblox Private Limited (“Armorblox”, “we”, “our”, “us”) are committed to protecting the privacy and security of personal information we process about individuals who interact with us (“you“ and “your“). After all, security is foundational to what we do at Armorblox.
In connection with the provision of specific Services, we may provide additional “just-in-time“ disclosures or additional information about our data processing practices. These notices may supplement this Policy or clarify Armorblox’s privacy practices in the circumstances described or may provide you with additional choices about how Armorblox processes your personal information.
When you access or use our Services, you acknowledge that you have read this Policy and understand its contents. Your use of our Services and any dispute over privacy is subject to this Policy and any applicable service terms (including any applicable limitations on damages and the resolution of disputes).
We recommend that you read this Policy in its entirety to ensure you are fully informed. However, in order to simplify the reading of the parts hereof that apply to you, we have included quick links to each section below:
How and Why We Use Your Personal Information and Our Legal Basis for Processing
Information That We Share with Third Parties
Transfers of Your Personal Information
Notice to California Residents
Armorblox helps organizations stop business email compromise and targeted phishing attacks, protect sensitive information, and automate remediation of user-reported email threats.
The personal information we collect depends on the context of your interactions with Armorblox and the choices you make, the Services and features you use, your location, and applicable laws, and includes:
Personal Information You Provide to Us
When you use our products and services, subscribe to our marketing or one of our newsletters, request a free trial or demo, create an account, fill out certain of our forms, register for an event or webinar, post comments on our blogs, register a product, seek customer support, participate in an Armorblox promotion and/or otherwise communicate with us in any way, we may ask you to provide certain personal information. This may include:
Business Contact information
(such as your employer name, your name, email address, address, job title, department or role, or phone number);
(such as your contact preferences);
Account login credentials
(such as user IDs, passwords and other information you or admins provisioning your account on your behalf provide to us);
(which is data you provide when you contact Armorblox for support and which may include the products and services you use and other details that help us provide support, such as contact or authentication data, or the content of your chats and other communications with Armorblox); and
(which includes personal information disclosed by you on message boards, chat features, blogs and other services or platforms to which you are able to post information and materials, including third party services and platforms).
If you communicate directly with us, we may collect and maintain an archive of our communications with you (including their content). We also may record or monitor our telephone or other communications with you, to the extent permitted by applicable law.
Providing your personal information is optional, but it may be necessary for certain Services, such as account registration. In such cases, if you do not provide your personal information, we may not be able to provide you with the requested Services.
Information We Collect Automatically
We automatically collect certain information when you use or interact with our websites, emails we send you, or as a part of your use of our products and services.
The information we collect includes:
Information about how a person uses our Services (including when you use our products and services, account holders and authorized end users), including time spent, search terms, the pages or features used, information about the actions taken through the Services and other statistical information, and IP-based general location information.
Information from our business customer’s email environment, including, corporate identity for each mailbox (including, name, email address, company role, company name, business phone number); email header information (IP address to generate a location, sender and recipient email address, subject line, email metadata); email folder and file organization; email body and attachment metadata.
Details about endpoints accessing our business customer’s email environment, your computers, devices, applications, and networks, including internet protocol (IP) address, cookie identifiers, mobile carrier, Bluetooth device IDs, mobile device ID, mobile advertising identifiers, MAC address, IMEI, Advertiser IDs, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type and language, language preferences, battery level, on/off status, geo-location information, hardware type, operating system, Internet service provider.
Email user behavioral data such as where a user logs in from usually; folders usually used; send / receive patterns; IP-based location where email is sent to or from.
Performance information related to use of our products and services, crash logs, success and failure of logins, and other aggregate or statistical information.
Information We Collect from Other Sources
We may receive information about you from other sources (including third parties from whom we have purchased personal information) and combine that information with the information we collect. For example, we collect personal information from joint marketing partners, our affiliated companies, lead generation providers, public databases, data providers, and social media platforms.
This information may include:
mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses that may be used to derive IP-based location, social media profiles, LinkedIn URLs, and custom profiles.
resumes, credit history and order information; and updated delivery or payment information to correct our records; purchase or redemption information and customer support and enrolment information.
Cookies and Similar Technologies.
We use common information gathering tools such as cookies, web beacons and similar technologies to automatically collect certain information from your computer or mobile device as you navigate our sites, our services or interact with emails we have sent as further described herein.
(also known as web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on our Site for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Site, to monitor how many visitors view our Site, and to monitor the effectiveness of our advertising. Unlike Cookies, which are stored on the device, Web Beacons are typically embedded invisibly on web pages (or in an e-mail).
How and Why We Use Your Personal Information and Our Legal Basis for Processing.
To communicate, including…
With you, our customers, partners and other third parties (e.g. through email) about the Services, including to communicate changes and revisions to our policies, technical notices, security alerts, support, renewal notices, for account verification and other administrative messages in reliance on our legitimate interests in administering our Services;
To ask you to participate in surveys or solicit feedback on our Services in reliance on our legitimate interests;
If you fill out a web form or request support, if you contact us by other means, including via a phone call, we use your data to perform our contract with you or if we do not have a contract directly with you, in reliance on our legitimate interests in fulfilling your requests and communicating with you;
With you about promotions, upcoming events, and news about products and services offered by Armorblox (e.g. marketing newsletters, telemarketing calls, SMS, emails or push notifications) and, in some cases, our selected partners, all in accordance with your marketing preferences as necessary for our legitimate interest in conducting direct marketing, or to the extent you have provided your prior consent;
To conduct marketing research, advertise to you, provide personalized information about us on and off our websites, and to provide other personalized content based on your activities and interests to the extent it is necessary for our legitimate interest in advertising our Services, or where necessary, to the extent that you have provided your prior consent. Please see the “Your Privacy Rights and Choices“ section below to learn how you can control the processing of your personal information by Armorblox for personalized advertising. Generally, Armorblox does not rely on consent as a legal basis for processing your personal information, other than sending direct marketing communications to you via email. If you have provided your consent to receive email marketing from us, you have the right to withdraw your consent to email marketing at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
To process job applications, including…
To evaluate your application, make hiring decisions, and evaluate your authorization to work, if applicable, including evaluating immigration status with respect to authorization to work;
To communicate with you and inform you of current and future career opportunities (unless you tell us that you do not want us to keep your details for such purposes);
To manage and improve our recruiting and hiring processes, such as soliciting feedback via candidate surveys, or to conduct reference and background checks where required or permitted by applicable local law;
Information collected in the context of processing job applications and in general when you apply for a job with Armorblox is processed in reliance on our legitimate interest in assessing the suitability of our candidates and managing our recruiting process, or, where required by applicable law, with your consent.
To provide and improve our products and services, including…
Operating, maintaining and providing to you the features and functionality of the Services, as necessary to perform our contract with you;
Using a person’s IP address to generate aggregate, non-identifying information about how our Services are used in reliance on our legitimate interests and as necessary to perform our contract with you;
To monitor and improve marketing campaigns and make relevant suggestions to users in reliance on our legitimate interests and, where applicable, with your consent, which can be withdrawn at any time;
To understand you and your preferences to enhance your user experience in reliance on our legitimate interest in personalizing and improving the Services and as necessary to perform our contract with you;
To fix problems and protect the Services, you, ourselves, other customers and the public generally and to comply with applicable laws, including…
To troubleshoot and diagnose product problems and to provide other customer support, including to help us provide, improve and secure the quality of our products, services and training and to investigate security incidents, in reliance on our legitimate interests and, where applicable, to perform our contract with you in accordance with the applicable terms;
Using call recording data, including to provide support services and investigate security incidents in reliance on our legitimate interests and, where applicable, to perform our contract with you in accordance with the applicable terms;
To ensure the safety and security of our Services in reliance on our legitimate interests, including verifying accounts and activity, investigating suspicious activity, detecting and preventing fraud and other illegal activities and to protect the rights and interests of us, users, and other customers’ users, third parties, and the public;
To enforce our terms and conditions or protect our business in our legitimate interests;
To comply with our legal obligations under applicable laws, we process your personal information when cooperating with public and government authorities, courts or regulators, to the extent this requires the processing or disclosure of personal information to protect our rights, or is necessary for our legitimate interest in protecting against misuse or abuse of our Services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, or to respond to lawful requests;
For other legitimate business purposes in reliance on our legitimate interests, such as to update, expand, and analyze our records, identify new customers, data analysis, to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity, developing new products, enhancing, improving or modifying our Services, identifying usage trends, benchmarking determining the effectiveness of our promotional campaigns, free trials and operating and expanding our business activities.
In carrying out these purposes, we combine data we collect from different contexts or that we obtain from third parties to give you a more seamless, consistent, and personalized experience, to make informed business decisions, and for other legitimate purposes.
Information that We Share with Third Parties.
Whenever we share your personal information with a third party provider, we ensure that this is done so in accordance with applicable laws. The types of entities to whom we disclose and have disclosed information, include:
Information Disclosed in Connection with Business Transactions.
We may share your personal information in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction, or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another company. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of personal information to an unaffiliated third party.
Information Disclosed for Our Protection and the Protection of Others.
We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to respond to claims, legal process (including subpoenas); (ii) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general; and (iii) to stop any activity that we consider illegal, unethical or legally actionable activity.
Information Shared with Our Services Providers.
We may engage third-party services providers to work with us to administer and provide the Services. These third-party services providers have access to your personal information only for the purpose of performing services on our behalf and are expressly obligated not to disclose or use your personal information for any other purpose. We may also share your personal information with our marketing service providers to help us better market our products and services to you. These marketing service providers may use your personal information only for the purpose of helping us to provide relevant products and services information to you and are expressly obligated not to disclose your personal information to others. If you do not want us to use your personal information for these marketing purposes, you can opt out by contacting us at firstname.lastname@example.org.
Information Shared with other Third Parties.
We may share anonymized, de-identified or aggregated data we collect with third parties to help us perform analyses and make improvements to the Services, such as de-identified demographic information, de-identified location information, information about the computer or device accessing the Services and the browser used, market trends and other analyses that we create based on the information we receive from you and other users.
Information Shared with Web Analytics Site Providers.
We use Google Analytics, a service provided by Google, Inc. (“Google”), to gather information about how users engage with our websites. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout.
Social Media Features
Our websites include plugins of social media platforms, such as Twitter Inc., 795 Folsom St., Suite 600, San Francisco CA 94107, USA; and LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA; and YouTube. You can identify the plugins by the respective network’s logo. Details about purpose and extent of data collection, as well as processing and use of the data, by the social media networks can be obtained by reading the privacy policies of Twitter, YouTube and LinkedIn. Any personal information or other information you choose to submit in communities, forums, blogs, or chat rooms on our websites may be read, collected, and used by others who visit these forums, depending on your account settings.
For further information on the recipients of your personal information, please contact us (see the “How to Contact Us“ section below).
The Security of Your Information.
Storage and Retention.
We may retain your personal information for as long as necessary for the purposes it was collected, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly. We determine the appropriate retention period for personal information based on the amount, nature and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as applicable legal requirements (such as applicable statutes of limitation). After expiry of the applicable retention periods, your personal information will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of that data. For further information on applicable data retention periods, please contact us (see “How To Contact Us“ below).
Links to Other Sites.
Transfers of Your Personal Information.
Therefore, we may transfer personal information from the European Economic Area (EEA), UK, and Switzerland (collectively “Europe“) to other countries that may not have the same level of data protection that applies in your jurisdiction. In these cases, we use a variety of legal mechanisms to ensure that the recipient of your personal information offers an adequate level of protection, including entering into the standard contractual clauses for the transfer of European data approved by the European Commission, or where required, we will ask you for your prior consent.
Our Policy Towards Children.
Our Services are not directed to children under 16 and we do not knowingly collect personal information from children under 16. If you are under 16 years of age, then please do not use or access this Site at any time or in any manner. If we learn that we have collected personal information of a child under 16 we will take appropriate steps to delete such information from our files as soon as possible. We do not knowingly “sell,“ as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.
Notice to California Residents.
This section provides additional details about the personal information we collect only about California consumers and the rights afforded to them under the California Consumer Privacy Act (“CCPA“). Armorblox acts as a service provider for most of the personal information it receives or processes through the provision of its products and services, and follows the instructions of its customers that engage Armorblox with respect to how it processes your personal information. If you would like more information about how your personal information is processed by other companies, including our customers, please contact those companies directly.
Please also note that this section does not apply to information that is outside of the scope of the CCPA, including, without limitation, information collected (i) about our employees, contractors, or job applicants; and (ii) from non-California residents. Further, the privacy rights described in this section do not apply to information that is collected from individuals acting as representatives of another business in connection with business communications or transactions with us (e.g., our customers’ or vendors’ employees).
In particular, the categories of personal information we collect and the sources from which we collect it are described in detail in the section above, titled “Information Collected”. The business and commercial purposes for which we collect this information are described in the section above, titled “How and Why We Use Your Personal Information and Our Legal Basis for Processing“. The categories of third parties to whom we “disclose“ this personal information for a business purpose are described in the section above, titled “Information that We Share with Third Parties“.
Armorblox does not “sell“ your personal information to another business or third party for monetary or other valuable consideration.
California Do Not Track Notice
California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Because there currently isn’t an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time. For more information on “Do Not Track,“ visit http://www.allaboutdnt.com.
Your Privacy Rights and Choices.
You have certain rights in relation to your personal information. Depending on your location and subject to applicable law, you may have the following rights with regard to the personal information we control about you:
You can access, correct, update, delete, and deactivate your personal information. We’ll take steps to delete your information as soon as we can, but some information may remain in archived and backup copies for our records or as otherwise required by law.
You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and UK are available here.
You can also send requests about changes to your information or your contact preferences, including requests to opt-out of sharing your personal information with third parties, by emailing: email@example.com.
If you would like further information in relation to your rights or would like to exercise any of them, please contact firstname.lastname@example.org (see “How To Contact Us“ below). We will review and process your request in accordance with our obligations under applicable law.
Based on the nature of our Services, many of the choices regarding the collection of information are handled at the employer-level rather than at the user level. For example, the active analysis of your inbound and outbound emails via our Services may be mandated by your employer.
California privacy rights
This section applies only to California consumers. The CCPA provides California residents with the additional rights listed below. To exercise these rights, please reach out to us at email@example.com (see “How To Contact Us“ below) with your request.
Right to Know. You have the right to request access to, or a copy of the personal information we have collected, used, disclosed and sold about you over the past 12 months, including:
The categories of personal information we have collected, used, disclosed and sold about you;
The categories of sources from which the personal information is collected;
The business or commercial purpose for collecting your personal information;
The categories of third parties with whom we have shared your personal information; and
The specific pieces of personal information we have collected about you.
Right to Delete.
You have the right to request that we delete the personal information we have collected from you (and direct our service providers to do the same), subject to certain limitations under applicable law.
Right to Opt-Out of the Sale of your personal information.
You may also have the right to opt out of the sale of your personal information. Armorblox does not “sell“ your personal information.
You can request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. You also have the right not to be discriminated against for exercising your rights under California law.
If you are a California resident seeking to exercise your CCPA rights, or if you are an authorized agent wishing to exercise CCPA rights on behalf of someone else, please contact us via email at firstname.lastname@example.org. Please include your full name and email address along with why you are writing so that we can process your request in a timely manner.
Please note that to protect your personal information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent (as applicable) have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent’s identity to protect your personal information.
How To Contact Us.
If you have any privacy-related questions, suggestions, unresolved problems, or complaints, you may contact us at email@example.com or at Armorblox, Inc., Attention: Privacy Department, 100 S. Murphy Ave. Suite 200 Sunnyvale, CA 94086, United States of America.
We are committed to ensuring this Policy is accessible to individuals with disabilities. If you wish to access this Policy in an alternative format, please contact us as described above.