SONRAI SECURITY
PRIVACY POLICY

last updated May 15, 2023

Overview

This Privacy Policy describes the privacy practices of Sonrai Security, Inc. (“Sonrai”, “we”, “us”, or “our”) and how we handle personal information that we collect through our website at https://sonraisecurity.com/ (the “Website”) and through our Cloud Security Platform (the “Platform”, collectively with the Website, the “Services”). It also explains you how we use and share your personal information, and you rights and choices regarding our data practices.

Please note that this Privacy Policy does not apply to any personal information we process on behalf of customers in connection with their use of our Platform. That information is subject to the privacy policies of the customer. If you have questions concerning how these customers collect and use your personal information, including how we process personal information on behalf of such customers, please contact the customer directly.

If you have any questions or concerns about our use of your personal information or would like to exercise your rights in relation to your personal information, please contact us using the details provided below.

Personal information we collect

On the Platform

Personal information you provide to us when you use our Platform:

  • Contact and account information, such as your first and last name, username, password, location, and other similar information as we may request at registration.

Information we may obtain from third parties when you connect with our Platform:

  • Third party login information. When you link, connect, or login to the Platform with a third-party service (e.g., Auth0), we may collect information which you have directed the third-party service to send us (such as your registration and profile information) or which you authorize via your privacy settings on the third party platform.

On the Website

Personal information you provide to us when you use our website:

  • Contact information, such as your first and last name, email address, phone number, job title, employer location and other similar information.
  • Feedback or correspondence, such as information you provide when you contact us with questions, feedback, product reviews, or otherwise correspond with us online.
  • Usage information, such as information about how you use the Website and interact with us, including information associated with any content you upload to the Website or otherwise submit to us, and information you provide when you use any interactive features of the website, for example when using the chatbot.
  • Marketing information, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications.
  • Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

Automatic data collection. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our website, our communications and other online services, such as:

  • Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WIFI, LTE, 4G), and general location information such as city, state or geographic area.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them

How we use your personal information

To operate our Services. We will use your personal information to operate and administer our Services in accordance with our contractual terms and conditions or to take steps to enter into a contract with you at your request. This includes to:

  • Provide, operate, maintain, secure and improve our Services
  • Provide information about our Services
  • Communicate with you about our Services, including by sending you announcements, updates, security alerts, and support and administrative messages
  • Understand your needs and interests, and personalize your experience with our Services and our communications
  • Respond to your requests, questions and feedback

For research and development. It is in our legitimate interest to analyze and improve the Services and to develop new products and Services, including by studying use of our Services.

Marketing and advertising. We and our advertising partners may collect and use your personal information collected from our website for marketing and advertising purposes, including:

  • Direct marketing. We or our advertising partners may from time-to-time send you direct marketing communications as permitted by law, including, but not limited to, notifying you of special promotions, offers and events via email and in-app notifications. You may opt out of our marketing communications as described in the “Opt-out of marketing communications” section below.
  • Interest-based advertising. We engage our advertising partners, including third party advertising companies and social media companies, to display ads around the web. These companies may use cookies and similar technologies to collect information about your interaction (including the data described in the “Automatic data collection” section above) over time across our Services, our communications, and other online services, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms. You can learn more about your choices for limiting interest-based advertising in the “Online tracking opt-out” section below.

Where required by law, we will only send users marketing communications with your consent. Otherwise, we will market and advertise our Services on the basis of our legitimate business interests.

To comply with law. As we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention, and safety. It is in our legitimate interest to: (a) protect our, your or others’ rights, privacy, safety, or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern our Services; and (c) protect, investigate, and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

To create anonymous data. It is in our legitimate interest to create anonymous data from your personal information collected by our website and other individuals whose personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve our Services and promote our business

How we share your personal information collected by our website

Affiliates. We share personal information within our affiliates, for purposes consistent with this Privacy Policy.

Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate our Services (such as customer support, hosting, analytics, email delivery, marketing, identity verification, and database management services).

Advertising partners. We may share your personal information with third party advertising companies, including for the interest-based advertising purposes described above.

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.

Business transfers. We may sell, transfer, or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Policy.

Your choices

In certain circumstances providing personal information is optional. However, if you choose not to provide personal information that is needed to use some features of our Service, you may be unable to use those features.

Unsubscribe from direct marketing communications. You may opt out of marketing-related communications by following the opt out or unsubscribe instructions contained in the marketing communication we send you.

Personal information requests. We may offer you choices that affect how we handle the personal information that we control. Where required under the laws that apply in your place of residence, and subject to limitations in those laws, you may request the following in relation to your personal information:

  • Access: If you ask us, we will confirm whether we are processing your personal information and, if so, provide you with a copy of that personal information along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
  • Data Portability: You may request to receive personal information in a structured, commonly used, and machine-readable format and (if certain conditions are satisfied), transmit that personal information to a third party if we have the technical means.
  • Withdraw Consent: In circumstances where you have provided your consent to the collection, processing, and transfer of your personal information for a specific purpose, you have the right to withdraw consent for that specific processing at any time.
  • Objection/Restriction: You may also ask us to restrict or ‘block’ the processing of your personal information in certain circumstances, such as where you contest its accuracy or object to us processing it. If you exercise your rights, we will respect your decision in accordance with our legal obligations.
  • Correction: You may request the correction of personal information that is inaccurate or out of date.
  • Deletion: You may requestion the deletion of personal information that we no longer need to provide the Services or for other lawful purposes.

To make a request, please use the contact details provided in the “Contact Us” section below.

In some instances, your choices and rights may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights.

Please note, if you have a concern about our privacy practices, including the way we handle your personal information, you can report it to your local data protection authority. We hope you will be able to address any concerns with us directly in the first instance, so we are able to respond to them.

Cookies

We use the following cookies and similar technologies (collectively referred to as “cookies”) in connection with our website:

  • Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
  • Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

We use both persistent cookies and session cookies. Persistent cookies stay on your device for a set period or until you delete them, while session cookies are deleted once you close your web browser. We use persistent cookies, for example, to remember any preferences you have or choices you make when you use our website. The cookies placed through your use of our website are either set by us (first-party cookies) or by a third party at our request (third-party cookies). We also allow our advertising partners to collect this information through our website.

On our website, we use the categories of cookies described below.

Category Purpose
Necessary Cookies Necessary cookies help make the services usable by enabling basic functions like page navigation and access to secure areas of the Website. The Website cannot function properly without these cookies. You can set your browser to block or alert you about these cookies, but then some parts of the Website will not work.
Functional Cookies Functional cookies enable the Website to remember information that changes the way the Website behaves or looks, like your preferred language or the region that you are in.
Analytics Cookies
We use “analytics” cookies that allow us to recognize and count the number of visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way our website works, for example by making sure users are finding what they need easily. The collected data provides us only with anonymous traffic statistics (like number of page views, number of visitors, and time spent on each page). For example, we use Google Analytics to help us better understand how people engage with our Site by collecting information and creating reports about how users use our Services. For more information on Google Analytics, click here. For more information about Google’s privacy practices, click here. You can opt out of Google Analytics by downloading and installing the browser plug-in available at:
https://tools.google.com/dlpage/gaoptout.
Advertising Cookies Advertising cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.

Depending on your location, the maximum expiration period for the cookies above is 2 years.

We may also use web beacons in promotional emails and other communications with you, to allow us to count how many people read them and to verify any clicks through to links within an email. We (or our marketing service providers on our behalf) use this to help us understand how an email campaign performed, what types of emails and content our recipients find interesting, and what actions our recipients took, so we can improve our email campaigns in the future and make our emails more relevant to our recipients. If you do not wish for the web beacon to be downloaded onto your device, you should select to receive emails from us in plain text rather than HTML.

Depending on where you access the Website from, you may be presented with a cookie banner or other tool to provide permissions before we or our service providers set non-Necessary cookies. In this case, we only set these non-Necessary cookies with your consent. Where this option is available, you may revoke your consent at any time with future effect by clicking on the cookie settings link in the bottom corner of the Website at any time.

You can also limit online tracking by:

Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org. Use the following links to learn more about how to control cookies and online tracking through your browser:

  • Firefox; Chrome; Microsoft Edge; Safari
  • Blocking advertising ID use in your mobile settings. Your mobile device settings can provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
  • Using privacy plug-ins or browsers. You can block our Website from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers.
  • Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:
  • Platform opt-outs. Some of our advertising partners offer opt-out features that let you opt out of use of your information for interest-based advertising. For example, you can see Google’s opt-out features here.

Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on each browser and device that you use.

Do Not Track. Some Internet browsers can be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Other sites, mobile applications, and services

Our Services may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.

Security practices

We use reasonable organizational, technical, and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information

Data Retention

We keep personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law (e.g., for tax, accounting, or other purposes), whichever is longer.

Job applicants

When you visit the “Careers” portion of our website, or when you otherwise apply for a job with us, we collect the information that you provide to us in connection with your job application. This includes business and personal contact information, professional credentials and skills, educational and work history, and other information of the type that may be included in a resume. This may also include diversity information that you voluntarily provide. Where required, we will only process sensitive information, like diversity information, with your consent. We use this information where it is in our legitimate interest to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics. We may also use this information to take steps to enter into an (employment) contract with you, to provide improved administration of the Website, and as otherwise necessary (a) to comply with relevant laws or to respond to subpoenas or warrants served on us; (b) to protect and defend the rights or property of us or others; (c) in connection with a legal investigation; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or our Terms of Service

Children

Our Services are not intended for use by children under 16 years of age. If we learn that we have collected personal information through the Services from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.

International users

By using our Services, you understand and acknowledge that your personal information will be transferred from your location to Sonrai in the United States.

We may also share your personal information with our affiliates and service providers located in third countries such as the United States and Canada, which may not have laws that provide the same level of protection for your personal information as in your country of residence. When we share your personal information, we endeavor to keep it confidential and secure. For example, where required under UK data protection laws, we will implement appropriate safeguards, such as relying on an adequacy decision, European Commission standard contractual clauses or UK government-approved international data transfer agreements. Please contact us using the details in the “Contact Us” section below if you require further information on our international transfers.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on our Services. We may also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through our Services.

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on our Services (or as otherwise indicated at the time of posting).

How to contact us

VeraSafe has been appointed as Sonrai Security’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Regulation of the European Union.

If you are in the European Economic Area, VeraSafe can be contacted in addition on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact– data-protection-representative or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland