Privacy Policy

Thank you for visiting https://www.prophetsecurity.ai ("Site") owned and operated by Prophet Security, Inc. ("Prophet Security," "we" and "us"). At Prophet Security, we take your privacy seriously, whether you are visiting the Site as an investor, founder, or member of the general public, you are entitled to the protection of your personal data. Please read this Privacy Policy to learn how we treat your Personal Data (as defined below).

By using or accessing our Site or using any of our “Services” in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use and disclose your information as described in this Privacy Policy. While this Privacy Policy may reference aspects of our other terms and agreements, use of the Services is subject to our Terms of Service (located at: https://www.prophetsecurity.ai/bd-msa-3e29f) and referred to collectively as "Terms." Capitalized terms used but not defined in this Privacy Policy have their meaning set forth in the Terms.

As we continually work to improve our Site and Services, we may need to change this Privacy Policy from time to time. We will alert you of material changes by placing a notice on the Prophet Security Site or within the Services, and/or by sending you an email. Please note that if you've opted not to receive notice via email from us (or you haven't provided us with your email address), those legal notices will still govern your use of the Site and Services, and you are still responsible for reading and understanding them. If you use the Site or Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.

What this Privacy Policy Covers

This Privacy Policy covers how we treat your information and Personal Data that we gather when you access or use our Site and Services. "Personal Data" means any information that identifies or relates to a particular individual and also includes information referred to as "personally identifiable information" or "personal information" or "sensitive personal information" under applicable data privacy laws, rules or regulations. This Privacy Policy does not cover the practices of companies we don't own or control or people we don't manage.

Personal Data & Information

Categories of Personal Data and Information We Collect

Below are the categories of information and Personal Data that we collect:

Category of Personal Data (and Examples)

• Profile or contact information such as first and last name, email, phone number, and employment info.
• Device/IP data such as type of device/ operating system/ browser used to access the Services.
• Web analytics such as web page interactions, and referring webpage/source through which you accessed the Site and Services.

Business or Commercial Purpose(s) for Collection

• Providing, developing and improving the Site and Services
• Marketing the Services
• Corresponding with you

Categories of Third Parties with Whom We Disclose this Personal Data

• Service providers

Our Commercial or Business Purposes for Collecting Personal Data

• Providing, developing and improving the Services
  
  • Creating and managing your account or other user profiles.
  • Processing legal agreements, orders or other transactions; billing.
  • Providing you with the products, services or information you request.
  • Meeting or fulfilling the reason you provided the information to us.
  • Providing support and assistance for the Services.
  • Improving the Services, including testing, research, internal analytics including Usage Data, and product development. "Usage Data" is data collected by Prophet Security pertaining to your interaction with, and use of, the Service which includes, but is not limited to, performance of the Service, metrics, and other measures of your use.
  • Personalizing the Services, Site content and communications based on your preferences.
  • Doing fraud protection, security and debugging.
• Marketing the Services
  
  • Marketing and selling the Services.
  • Showing you advertisements, including interest-based, online behavioral or targeted advertising.
• Corresponding with You
  
  • Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about you, your organization, the Site or the Services.
  • Sending emails and other communications according to your preferences.

Other Permitted Purposes for Processing Personal Data

In addition, each of the above referenced categories of Personal Data may be collected, used, and disclosed with the government, including law enforcement, or other parties to meet certain legal requirements and enforcing legal terms including: fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities; protecting the rights, property or safety of you, Prophet Security or another party; enforcing any agreements with you; responding to claims that any posting or other content violates third-party rights; and resolving disputes.

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated or incompatible purposes without providing you notice or obtaining your consent.

Categories of Sources of Personal Data

We collect Personal Data about you from the following categories of sources:

• You
  
  • When you provide such information directly to us.
    
    • When you create an account or use our interactive tools and Services.
    • When you voluntarily provide information in free-form text boxes through the Site or Services or through responses to surveys or questionnaires.
    • When you send us an email or otherwise contact us.
  • When you use the Site and Services and such information is collected automatically.
    
    • Through Cookies. For information about how we use cookies and similar tracking technologies, and how you can manage your preferences, please see our Cookie Policy (located at: https://www.prophetsecurity.ai/cookie-policy).
• Third Parties
  
  • Vendors
    
    • We may use analytics providers to analyze how you interact and engage with the Site and Services, or third parties may help us provide you with customer support.
    • We may use vendors to obtain information to generate leads and create user profiles.

How We Disclose Your Personal Data

We disclose your Personal Data to the categories of service providers and other parties listed in this section.

• Service Providers. These parties help us provide the Site and Services or perform business functions on our behalf. They include:
  
  • Hosting, technology and communication providers.
  • Analytics providers regarding Site web traffic or usage of the Site and Services.
  • Advertising and marketing partners who help us deliver targeted advertising and measure campaign effectiveness.
• To third parties involved in the process of fulfilling orders and providing or performing functions on our behalf including with respect to aspects of the Site and Services (e.g., such as third-party service providers (e.g., HubSpot, WordPress etc.), contractors, banks, and collection agencies); and
• During your use of the Services, we may send certain Customer Data including Personal Data to Third Party AI Generative Services (e.g., a third party generative artificial intelligence service such as Microsoft Azure OpenAI Service, Google Gemini or any other similar application or service) to generate AI output for your organization as specified in and in accordance with our Terms of Service.

Legal Obligations

We may disclose any Personal Data that we collect with third parties in conjunction with any of the activities set forth under "Other Permitted Purposes for Processing Personal Data" section above.

Business Transfers

We may may transfer your Personal Data to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).

Data that is Not Personal Data

We may create aggregated, de-identified or anonymized data from the Personal Data we collect (e.g., Usage Data), including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and disclose it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not disclose such data in a manner that could identify you.

Data Security

We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.

Data Retention

We retain Personal Data about you for as long as necessary to provide you with our Services or to perform our business or commercial purposes for collecting your Personal Data. When establishing a retention period for specific categories of data, we consider who we collected the data from, our need for the Personal Data, why we collected the Personal Data, and the sensitivity of the Personal Data. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

For example:

• We retain your profile information for as long as you have an account with us.

Personal Data of Children

We do not knowingly collect or solicit Personal Data from children under 13 years of age, and no parts of our Site or Services are directed to children; if you are a child under the age of 13, please do not attempt to register for or otherwise use the Site or Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 13 years of age, we will delete that information as quickly as possible. If you believe that a child under 13 years of age may have provided Personal Data to us, please contact us at legal@prophetsecurity.ai.

State Law Privacy Rights

California Resident Rights

If you are a resident of California and interact with us as a consumer, you have certain rights under the California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.), including to request access to and deletion of your Personal Data (also referred to as Personal Information as defined in the CCPA). You may exercise these rights by contacting us at legal@prophetsecurity.ai. We do not sell your Personal Information, but we may allow our advertising partners to collect certain device identifiers and electronic network activity that allows them to show ads within their systems that are targeted to your interests. To opt out of having your Personal Information used for targeted advertising purposes, please visit www.aboutads.info/choices.

Some browsers may offer you a "Do Not Track" option, which allows you to signal to operators of websites and web applications and services that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services do not support Do Not Track requests at this time. However, we do support the Global Privacy Control (GPC) signal, which allows you to communicate your privacy preferences through your browser settings. To find out more about "Do Not Track," you can visit www.allaboutdnt.com.

Submitting a Privacy Request and Authorized Representatives

In most cases, we process personal data on behalf of our customers. If your personal data has been provided to us by or on behalf of one of our customers, please contact that organization directly to exercise your privacy rights. Where we receive a request directly, we may redirect the request to the relevant customer or assist them in responding, as required by applicable law. Where permitted, requests may be submitted by an authorized representative. We may require verification of identity and authorization before processing any request.

Nevada Resident Rights

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Data to third parties. Please note that we do not currently sell your Personal Data as sales are defined in Nevada Revised Statutes Chapter 603A.

International Users

Prophet Security is located in the United States. When you access the Site and Services, your information may be stored on servers in the United States and may also be stored or processed in other countries by our service providers, if and to the extent compliant with law. If you are accessing the Site or Services from outside the United States, by providing your information to the Site or Services, you are consenting to and authorizing the transfer of your information to the United States for storage, use, processing, maintenance and onward transfer of such information to other entities, regardless of their location, in accordance with this Privacy Policy and the Terms. For clarity, and as outlined in the Terms, you are also consenting to the application of United States law in all matters concerning the Site and Services.

Personal Data collected from the European Union, United Kingdom and Switzerland will, for example, be transferred to and processed by us in the United States or another country outside of the European Union, United Kingdom and Switzerland. In such instances, we shall ensure that the transfer of your Personal Data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organisational measures are in place such as the Standard Contractual Clauses approved by the EU Commission or such other mechanism approved by applicable authority.

Personal Data Use and Lawful Basis

The "Our Commercial or Business Purposes for Collecting Personal Data" section above explains how we use your Personal Data.

We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our "legitimate interests" or the legitimate interest of others, as further described below.

• Contractual Necessity: We process the following categories of Personal Data as a matter of "contractual necessity", meaning that we need to process the data to perform under our Terms , which enables us to provide you with the Services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services that require such data.
  
  • First and last name
  • Email
  • Phone number
• Legitimate Interest: We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties:
  
  • First and last name
  • Email
  • Phone number
  • Employment info
  • Device type/ operating system/ browser used to access the Services
  • Web interactions
  • Social media profiles such as email address or user name
  • We may also de-identify or anonymize Personal Data to further our legitimate interests.

Examples of these legitimate interests include (as described in more detail above):

• Providing, customizing and improving the Services.
• Marketing the Services.
• Corresponding with you.
• Meeting legal requirements and enforcing legal terms.
• Completing corporate transactions.
• Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
• Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.

Disclosing Personal Data

The "How We Disclose Your Personal Data" section above details how we disclose your Personal Data with third parties.

Contact Information

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us at:

• legal@prophetsecurity.ai
• 349 Selby Lane, Atherton, CA