Deep Instinct’s Privacy Policy

Last updated: May 2023

  1. Introduction.

    Deep Instinct is committed to respecting Your privacy. Whether a Visitor www.deepinstinct.com (“the Website”), a Customer of Our cybersecurity platform security solutions, (collectively the "Service(s)"), or a Business Contact (as these terms are defined below in Section 2 and collectively referred to as “You” or “Your”), Your privacy and the integrity of any information You provide are important to Us at Deep Instinct Ltd. and any of our affiliated companies, including but not limited to, Deep Instinct (USA) Inc., Deep Instinct (UK) Limited, Deep Instinct K.K., and Deep Instinct (Germany) GmbH (“Company”, “We”, “Us”, “Our”).

    When and if the Company collects personal information from its Visitors, Customers, and/or Business Contacts as part of its business activities, the Company is acting in its capacity as a data "controller". The scope of this Privacy Policy (the “Policy”) applies on Our role as a data controller. Please see Section 12 of this Policy to read about Our additional role as a data processor.

    We encourage You to read this entire Policy to fully understand its content. We may post changes and updates to this Policy and You should revisit this page from time to time to review the latest version. If You have any questions or concerns regarding this Policy, please see Our contact information outlined in Section 13.

  2. Collection of Data and Information.
    1. General: We collect two types of data:
      1. personal information ("Personal Information" or “Information”) Personal Information means information relating to an identifiable individual or household (for example, email address or name); and
      2. non-Personal Information
    2. From Whom We Collect Information and Personal Information Collected. This Policy applies to the collection, use, and Personal Information associated with each group listed below:
      1. Website Visitors (or “Visitor”): any individual who visits the Website. Visitors may engage with certain features of the Website, and may volunteer Information to the Company, and the Company may collect Information automatically as provided in Section 3 and Section 4 of this Policy. As a Visitor, You are not obliged to provide any Personal Information to Us. However, if You decide not to, then We may not be able to respond to Your questions or requests, or some parts of the Website may not work as intended. The Personal Information that may be collected:
        1. Name, email address, and contact details. We may ask for and collect. Your contact details (such as name and email address) from You when You submit Web forms on Our Website, for Us to provide You with support, services, mailings, sales, and marketing actions. We also may ask You to submit such Personal Information if You choose to use interactive features of the Website, including participation in surveys, requesting customer support, or otherwise communicating with Us.
        2. Log Files. Just as when You visit and interact with most Websites and services delivered via the Internet, when You visit Our Website, We may gather and store in log files. This may include but is not limited to: Internet Protocol (“IP”) addresses, system configuration data, URLs of referring pages, and locale and language preferences (which may be Personal Information or may be linked with Your Personal Information). We also may collect other sets of device identifiers, such as UDID, and other data transmitted by Your device, including among other things the type of browser and operating system Your device Uses.
        3. Geo-Location. The Company may collect Your general location. For example, We may use the IP address to identify Your general location (i.e., city and country). This is a normal part of internet traffic to direct Your inquiry and activities to the appropriate representative. Geo-Location does not tell Us where Your device is precisely located.
      2. Customers: a company who has entered into a signed Agreement with Us for the purpose of forming a business relationship (“Customers”). We may need to process Information to provide Our Services to You or Your organization as Our Customer in accordance with the relevant Services contract. You may not be able to access or use all or certain parts of our Services if We cannot process such Information. The Personal Information that may be collected:
        1. Account details. When Your organization registers for the Services, We collect Your email address and other contact data (i.e., name, phone number, company) to identify You and Your organization. This Personal Information may be required to identify our Customers and permit them to access their account(s). When You register through third-party platform (i.e., Okta), We may have access to this Personal Information provided by such third-party platform.
      3. Business Contacts: anyone else that We deal with in the context of our business, including potential Customers, suppliers of goods or services (or potential suppliers), investors (or potential investors), and any other business contacts such as journalists or influencers. We may need to process Information to communicate with You, evaluate, purchase, or pay for goods or services, or otherwise manage our professional relationship with You as a Business Contact. We may not be able to work together if We cannot process such information. The Personal Information that may be collected:
        1. If You are or work for one of Our Business Contacts, We may store and process Information needed for managing our relationship with You or Your organization which may include: Your name, organization name, position, professional qualifications or interests, mailing address, Website, telephone numbers, e-mail addresses, details of products and services, payment Information, and Information provided to Us in the course of correspondence with You (i.e., by email, phone, or messaging).
  3. Tracking Technologies.

    When You visit or access our Website or Services, We use cookies, pixels, beacons, local storage and similar technologies ("Tracking Technologies"). These allow Us to automatically collect Information about You, Your device, and Your online behavior to: enhance Your navigation in Our Services, improve Our Services’ performance, perform analytics, customize Your experience and offer You, for example, tailored content and advertisements that better correspond with Your interests. For more, please visit our Cookie Policy.

  4. How We Use Your Personal Information.
    1. Where We rely on Our legitimate interests as a legal basis for processing Personal Information, We ensure that We consider Your expectations and rights, and that they are not overridden by such interests and respect that You have the right to object. Where We rely on Your consent to process Your Personal Information (and in accordance with applicable U.S. Privacy Laws), You have the right to withdraw or decline consent at any time (although this will not affect the lawfulness of our processing based on such consent before its withdrawal). Deep Instinct may use Your Personal Information for the following broad purposes:

      PurposeLegal basis
      Provision of our Services; support. We use:

      (i) Your name;

      (ii) Your phone number; and/or

      (iii) Your email address for responding to Your inquiries, and providing You with Our Services and customer service.

      The legal basis for processing this Information:
      Our legitimate interest to perform, and carry out, Our contractual obligations to You. For individual consumers (if applicable) and our Customers: this means, managing Our Services and enforcing Our contracts.

      Payments. (To the extent applicable) We collect Information via our third-party payment processors, and Information from Your payment instruments, for the purpose of:

      (i) connecting Your payment instrument to Your account on Our Services;

      (ii) sending You statements, invoices, and payment reminders; and

      (iii) collecting and recovering (overdue) payments, including via third parties.

      The legal basis for processing this Information: Our legitimate interest to perform, and carry out, Our contractual obligations to You. For individual consumers and Our Customers (if applicable): this means, billing for Our Services provided, and collecting payment.

      Improve our Services. We collect and analyze Information regarding Your usage of Our Services to improve the usability and effectiveness of Our Services.

      The legal basis for processing this information: Our legitimate interest. This means providing and improving Our Services for You.

      Marketing, Sales and Advertising. We Collect Personal Information and use Tracking Technologies (which may contain Personal Information) to provide You with personalized advertisement and marketing messages.

      The legal basis for processing this information: Your consent (when required) and Our legitimate interest. Regarding Our legitimate interest, this means, providing You with:

      (i) tailored services;

      (ii) content; and

      (iii) advertisements that better correspond with Your interests, Our activities or Services, generally.

      Procurement of Goods and Services. We store and process Personal Information to communicate with You and manage our relationship with You, for the purposes of:

      (i) payments for products (if applicable);

      (ii) services that are supplied to Us; and

      (iii) evaluating new services and products.

      The legal basis for processing this information: Our legitimate interest. This means improving and expanding Our business and resources for You.

      Compliance with applicable laws. We may be required to:

      (i) collect;

      (ii) retain for reporting;

      (iii) retain for recordkeeping, or accounting; and/or

      (iv) disclose Your Personal Information under applicable laws to meet our other legal obligations.

      The legal basis for processing this information: to meet Our legal obligations to You under all and applicable law.

    2. Certain disclosures are required under the California Consumer Privacy Act of 2018 (Cal. Civ. §§ 1798.100–1798.199) and the California Consumer Privacy Act Regulations by the Attorney General (including the California Privacy Rights Act (“CPRA”), collectively the “CCPA”). The following are categories of Personal Information that Deep Instinct has collected and/or disclosed for a business purpose either directly from You or indirectly from You (i.e., from Advertising Networks, third-party platforms, and service providers, such as Okta) in the preceding 12 months:

      1. Identifiers (i.e., name, email address, username, IP address, and UDID);
      2. Personal Information and Individual Records as listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e) (i.e., phone numbers);
      3. Commercial Information (i.e., records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies);
      4. Internet or other electronic network activity information (i.e., interaction with Our Website, application, or advertisement);
      5. Geolocation data (i.e., IP address for identifying general location such as city or country);
      6. Professional or employment-related information (i.e., name, title, business email, business phone numbers, business address, business interests, employment; and
      7. (to the extent applicable) “Sensitive” personal information (i.e., account credentials, e-mail addresses, and geo-location).

      The business purpose for why We have collected and/or disclosed this Personal Information as outlined above was for short-term, transient use. In relation to Your interaction with our Website, Our business purpose was to perform services on Our behalf, including: (i) maintaining or servicing accounts; (ii) providing customer service; (iii) processing transactions; (iv) verifying customer information; (v) processing payments; and (vi) providing analytics, storage, or similar services for advertising and marketing services. Additionally, the business purpose included: undertaking internal research for technological development and demonstration and undertaking activities to verify or maintain the quality or safety of, and to improve, upgrade, or enhance services or devices.

  5. Disclosure of Personal Information to Third Parties.

    We do not rent or “sell” Your Personal Information to third parties, as most people would typically understand that term. To provide our Services and manage Our business, however, We do need to provide Personal Information to third parties, including the below listed. Personal Information will be disclosed or "shared" to these parties only to the extent required for the intended purpose. We may disclose Personal Information to the following parties:

    1. Our affiliated companies;

    2. Any (sub)contractors and service providers that We engage with to operate and support the Services, including, but not limited to: (1) cloud computing companies; (2) providers of other IT or maintenance related services; (3) marketing affiliates; (4) providers of analytics and measurement services; (5) online advertising and direct marketing providers; (6) payment service providers and payment processors; and/or (6) auditors, contractors or legal/financial/other advisers of any of our business processes;

    3. Any third parties who investigate, detect, or prevent fraudulent or illegal activity or enable Us to enforce our policies (i.e., governmental authorities, law enforcement bodies, and other investigatory bodies), in accordance with applicable laws and regulations; and

    4. Potential purchasers, successors, or investors in the Company, or in the event of a corporate transaction (i.e., sale of a substantial part of our business, merger, reorganization, bankruptcy, consolidation or asset sale of an asset or transfer in the operation thereof) in relation to the Company (in such event, the acquiring company or transferee will assume the rights and obligations as described in this Policy).

    5. FOR CALIFORNIA RESIDENTS (or if You are a resident of a U.S. State that requires similar or same disclosures): We have disclosed and/or shared the following categories of Personal Information in the past 12 months: Internet or other electronic network activity information (information regarding visitors to our Company website and potential customers that We use for business development purposes).

  6. Third-Party Collection of Information.

    This Policy does not apply to the practices of third parties that We do not own or control. The Website and Services may enable You to interact (whether directly or through link) with third-party Websites, mobile software applications and services that are not owned or controlled by Us (“Third-Party Services”). We are not responsible for the privacy practices or the content of any Third-Party Services. Please be aware that the Third-Party Services may collect Personal Information from You. You are knowingly and voluntarily assuming all risks of Using any Third-Party Services. You agree that We shall have no liability whatsoever with respect to such Third-Party Services and Your Usage of them.

  7. Data Regions and Transfers.

    For Visitors and/or Customers with accounts located in Europe, all processing of Personal Information is performed in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Information and on the free movement of such data (“GDPR”) (for the European Economic Area which includes the EU member states including Iceland, Liechtenstein and Norway) or the equivalent legislation in the United Kingdom or Switzerland, as applicable.

    We may transfer or disclose Personal Information to our subsidiaries, affiliated companies, Partners or other trusted third-party service providers or contractors, located in different Data Regions across the world (i.e., Israel, Japan, and the United States) for the purpose(s) described in this Policy. Information collected by the Company may be stored and processed in any Data Region where the Company or its subsidiaries, affiliated companies or Partners are located or maintain facilities.

    If We provide any Personal Information about You to any such entities, We will take appropriate measures to ensure such companies protect Your Personal Information adequately in accordance with this Policy and applicable law. These may include standard contractual clauses for international data transfers as approved by the European Commission or other supervisory authorities. A copy of these safeguards may be made available if We receive a valid request.

  8. Data Subject Rights.
    1. IF YOU ARE IN THE EEA, THE UK, OR SWITZERLAND (or in another jurisdiction that affords You the below rights), You may request to:

      1. receive confirmation as to whether Personal Information concerning You is being processed, and access Your stored Personal Information, together with certain supplementary information;
      2. receive Personal Information You directly volunteer to Us in a structured, commonly Used, and machine-readable format;
      3. request rectification of Your Personal Information that is in Our control;
      4. request erasure of Your Personal Information;
      5. object to the processing of Personal Information by Us; or
      6. request to restrict processing of Your Personal Information by Us.
    2. IF YOU ARE CALIFORNIA RESIDENT (or a resident of a State that affords You the same rights below) then You may have the following rights in accordance with U.S. Privacy Laws:

      1. Access to Personal Information: You may request, up to twice every twelve (12) months, that We disclose to You the categories of Personal Information that We: (i) have collected about You; (ii) the categories of sources from which Your Personal Information is collected; (iii) the business or commercial purpose for collecting Your Personal Information; (iv) the categories of Personal Information that have We disclosed for a business purpose; (v) any categories of Personal Information about You that We sold or shared; (vi) the categories of third-parties with whom We have shared Your Personal Information and; (vii) the business or commercial purpose for selling or sharing Your Personal Information, if applicable. Please see Section 4: Exercising Your Rights, below on how to submit a request.
      2. Deletion Requests: You have the right to request that We delete any Personal Information collected and retained from You unless an exception applies. Once We receive and confirm Your verifiable request, We will delete (and direct our service providers, contractors, and consultants to delete) Your Personal Information, unless an exception applies.
      3. Correction of Inaccurate Personal Information: If We hold inaccurate Personal Information relating to You, You have the right to request that We correct such inaccurate Personal Information, taking into the account the nature of the Personal Information and the purposes of its processing.
      4. Right to Opt-Out of the Sale or Sharing of Personal Information: If We sell or share Your Personal Information, You have the right to submit a request to opt-out of the sale or sharing of Your Personal Information. After You opt-out, We may continue to disclose some Personal Information to Our service providers and/or contractors to help Us perform business-related functions such as, but not limited to, providing the Services, ensuring that the Services are working correctly and securely, providing aggregate statistics and analytics and/or preventing fraud.
      5. Right to Limit Use and Disclosure of Sensitive Personal Information: Where We process sensitive personal information (if applicable) relating to You, You have the right to request that We restrict Our use of that information (i.e., use that is necessary to provide goods or services requested, to certain business purposes, or other legally permitted purposes). In the normal course of providing Our Services, the only category of Sensitive Personal Information that We would process would be Your credentials for logging into Your customer account, if applicable.
      6. Right to non-discrimination: You have the right to be free from any discrimination for exercising Your rights. Should You exercise any of these rights, We will not discriminate against You by offering You different pricing or products, or by providing You with a different level or quality of service, based solely upon Your request. However, in some circumstances We may not be able to provide Our Services if You choose to delete Your Personal Information.
    3. However, please note that these rights are not absolute, and We may not, in all cases, be able to fulfill requests (i.e., if Our own legitimate interest and regulatory requirements require Us to retain certain Personal Information). If You are dissatisfied with our handling of Your request, You also have a right to lodge a complaint with a supervisory authority.

  9. How We Keep Your Information Secured.

    The Company has adopted appropriate physical, technical and organizational safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of Your data and/or other Personal Information in its possession. Please note however that, although We take reasonable steps to safeguard information, We cannot be responsible for the acts of those who gain unauthorized access or abuse the Services, and We make no warranty, express, implied or otherwise, that We will prevent any and all such access attempts.

  10. Retention and Deletion.

    The Company will not retain Personal Information longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. For Customer information, and/or Customers with an active account: You shall be responsible for deleting information when required. When a Customer’s account is terminated: all Personal Information collected through the Services will be deleted, as required by applicable law, and subject to Customer’s request (as provided), unless required for Our legitimate interest(s) or compliance with our obligations.

  11. Children’s Information.

    The Website and the Services are not directed or intended for children under 16 years of age. We do not knowingly collect or solicit information from individuals under 16 years of age. If We later obtain actual knowledge that an individual is under 16 years of age, We will take steps to remove that Information from Our systems.

  12. Data Processing.

    Deep Instinct is a provider of Services that apply end-to-end deep learning to cybersecurity, using neural networks and similar technologies for the benefit of our Customers to predict and prevent cybersecurity threats such as malware, zero-days, ransomware and APT attacks. The use of Our Services may also form part of Our Customers’ data protection compliance programs, with the objective of preventing data breaches and security incidents and creating records of relevant events. In this context, the Company may act as a data "processor", "service provider" or “contractor” (as these terms are defined under applicable data protection laws). If You have any additional questions regarding our data processing activities as a "processor", “service provider”, or “contractor”, please see our GDPR Compliance page. However, in relation to that activity, the primary responsibility for permitting exercise of end users’ rights or answering questions about this processing of end user data lies with each of Our Customers as the relevant data controller or business.

  13. Additional Information and Company Contact Details.
    1. To exercise certain Rights (and to the extent applicable) pursuant to Section 8 of this Privacy Policy, only You, a person authorized to act on Your behalf, or an Authorized Agent as defined under the CCPA, may make a verifiable request related to Your Personal Information. The request must:

      1. provide sufficient information to allow Us to reasonably verify whether You are the person about whom We collected Personal Information or an authorized representative; and

      2. describe Your request with sufficient details to allow Us to properly understand, evaluate, and respond to it.

    2. We cannot respond to Your request or provide You with Personal Information if We cannot verify Your identity or authority to make the request and confirm that the Personal Information relates to You. Making a verifiable request does not require You to create an account with Us. We will only use Personal Information provided in a request to verify the requestor's identity or authority to make the request.

      If You have any further questions regarding the data and/or Personal Information collected, or how We use it, please contact Us at info@deepinstinct.com.

      Deep Instinct, Inc.
      888 Seventh Avenue, 5th floor.
      New York, NY, 10106, USA

      Deep Instinct, Ltd.
      Tou-Towers
      4 Yitzhak Sadeh St. Israel

      In addition, the Company has a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at the following address: DPO@deepinstinct.com.