Mondoo Privacy Policy
Last updated: November 5th, 2024
This privacy policy ("Policy") describes the manner in which We collect, use, maintain, protect and disclose information We may obtain from You or that You may provide to Us when visiting Our website or use Our platform. It is Our commitment to protecting the privacy of Our customers by following the practices outlined in this Policy. Your use of the Site is subject to Our Terms of Service or, if applicable, other written agreement between You and Us.
This Policy applies to information We collect: on or through the Site; in e-mail or other electronic messages between You and Us through the Site; and through mobile and computer applications You access, enable or integrate with the Site. This Privacy Policy does not apply to information collected offline or through any other means, including on other parties' websites or through their applications or content.
By accessing or using the Site, You agree to the policies and practices described in this Policy. If You do not agree with Our policies and practices as described in this Privacy Policy, You may not use the Site.
- Definitions. For the purposes of this Policy:
- Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
- Data Protection Law means the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), as and to the extent applicable to You or Us.
- Personal Data means the information about You, as such term is defined and used in the applicable Data Protection Law.
- Site means Our website at https://mondoo.com and the on-line accessible parts of Our platform.
- We/Us/Our means Mondoo, Inc. a Delaware corporation operating in San Francisco, California and Berlin, Germany.
- You/Your means, as applicable, either the individual accessing or using the Site or the organization on behalf of which the Site is accessed or used. When multiple users of the same organization use the Site, the term "You" refers to the users collectively except where context requires reference only to an individual.
- Our Information Collection
- Types of Data. We collect various types of information from and about You as a user of the Site, including:
- Personal Information by which You can be personally identified, such as Your name, e-mail address and other of Your contact details that You provide to Us; and
- Other Information related to You but doesn't identify You individually, such as details about Your internet connection, equipment You use to access the Site and other usage data related to You.
- Types of Collection. We collect information directly from You when You provide it to Us (for example: when You establish Your account on the Site), automatically as You navigate through the Site (including information collected from Cookies and other tracking technology used by Us or Our third party providers), and from third parties You authorize to share information with Us (for example: from the technologies with which You integrate or in which You use Our platform).
- Types of Data. We collect various types of information from and about You as a user of the Site, including:
- Cookies & Tracking Technologies. We use session and persistent Cookies and similar tracking technologies to track activity on the Site and We store certain of this Cookie information. Tracking technologies We use are beacons, tags, and scripts to collect and track information and to improve and analyze Our Site. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of the Site. Our Site does not operate Do Not Sell or Do Not Contact functions.
- Use of Your Personal Data. We may use Your Personal Data for the following purposes:
- to present the Site and its contents to You;
- to provide You with information, products, or services that You request from us
- to fulfill any other purpose for which You provide it;
- to provide You with notices about Your account or about changes to the Site;
- to meet Our obligations and enforce Our rights under contracts entered into between You or Your organization and us;
- to allow You to participate in interactive features on the Site;
- in any other way We may describe when You provide the information; and
- for any other purpose with Your specific consent.
- We may also use Your information to contact You about Our own products and services that may be of interest to You. If You do not want Us to use Your information in this way, You can elect not to be contacted for this purpose by e-mailing Us.
- Disclosure of Your Personal Data. We may disclose and/or transfer Your Personal Data to others in the following situations:
- With Our Providers: with certain third parties that assist Us in operating the Site and otherwise conducting Our business. These third parties need Personal Data to monitor and analyze the use of Our Site, to show advertisements to You to help support and maintain Our Site, to contact You, to advertise on third party websites to You after You visited Our Site, or to process Your payments for Our paid offerings. Further details about these third parties are included in this Policy below
- For Business Transfers: in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
- With Our Affiliates: including Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us for purposes of fulfillment of Our obligations to You under the Terms of Service or other agreement between You and Us.
- With Other Users: when You share personal information or otherwise interact in the public areas of Our Site with other users, such information (including Your Personal Data, where applicable) may be viewed by all users and may be publicly distributed within or outside Our Site.
- With Consent: for any other purpose not listed here if We have obtained Your consent;
- Compliance: to comply with any court order, law, or legal process, or to enforce or apply Our terms of use or other agreements between You (or Your organization) and Us; or
- For Security Purposes: if We believe disclosure is necessary or appropriate to protect the rights, property, or safety of Our company or Our personnel, customers, or others, We may share or transfer Your Personal Data.
- Retention of Your Personal Data. We will retain and use Your Personal Data (i) for as long as is reasonably required for the purposes set out in this Policy; and (ii) for so long as, and to the extent necessary, to comply with Our legal obligations (for example, if We are required to retain Your Personal Data to comply with Data Protection Law), resolve disputes, and enforce Our legal agreements and policies. We may also retain Usage Data related to You for analysis purposes and to improve the functionality of Our Site. Your personal information that We use for marketing purposes will be kept until You notify Us that You no longer wish to receive marketing communications from Us.
- Security of Your Personal Data. The security of Your Personal Data is important to Us. The Site is hosted on secure servers provided by Our hosting services provider in the United States and We have implemented other reasonable and appropriate measures to secure Your Personal Data from accidental loss and from unlawful or unauthorized access, use, alteration, and disclosure. While We strive to protect Your Personal Data, We cannot guarantee its absolute security. The safety and security of Your information also depends on You and the ways and manners in which You use the Site (for example: You are responsible for keeping Your account password confidential). For additional details about Our security measures, please contact Us.
- Analytics. We may use third-party service providers to monitor and analyze the use of Our Site, including as follows:
- Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of Our Site. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt-out of having made Your activity on the Site available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en.
- Sentry is a crash analytics service used by Us. You can view their privacy policy at https://sentry.io/legal/privacy/.
- Hubspot is a CRM and marketing service used by Us. You can view their privacy policy at https://legal.hubspot.com/privacy-policy
- E-mail Marketing. We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any e-mail We send or by contacting Us.
- Payments. We use Stripe for payment processing related to Our paid services. We do not store or collect Your payment card details; You will provide Your payment information directly to Stripe, whose payment compliance standards and privacy policy can be viewed on their website at https://stripe.com/privacy.
- Links to Other Websites. Our Site does not respond to Do Not Track signals. Some features of Our Site, which may include links to other websites or services, are controlled by third parties. These third parties may use cookies or other tracking technologies to collect information about You when You use Our Site. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party websites or services. We have disclosed Our primary providers in this Policy, please visit the provider's website or contact the responsible provider directly for more information related to their tracking practices. Note that You can set Your preferences in Your web browser to inform websites that You do not want to be tracked and You can enable or disable DNT by visiting the preferences or settings page of Your web browser.
- Legal Compliance. While We provide Our services to customers throughout the world, We handle certain data in the US. We recognize that the European Union and the State of California, USA have established protections regarding the handling of Personal Data. We are committed to processing personal data in accordance with Our obligations under the Data Protection Laws.
- If You are based in the EU or are otherwise directly or indirectly subject to EU data protection laws, including the General Data Protection Regulation 2016/679 ("GDPR"), upon request by You, We will execute and comply with the applicable standard contractual clauses approved by the European Commission. Our committed requirements to GDPR compliance include: operating as a data "process" (or "subprocessor", as applicable); processing customer personal data only in compliance with customer instructions, and promptly informing customers if We cannot comply; promptly notifying customers if We have any reason to believe that law applicable to Us would prevent Us from complying with customer processing instructions; implementing and maintaining specific and appropriate technical and organizational security measures to protect personal data; promptly notifying Our customers about any legally binding request for disclosure of personal data by law enforcement, any accidental or unauthorized access to personal data, or any request received by Us from an EU-based individual whose personal data We may be processing pursuant to the customers' instructions; submitting Our data processing facilities to audit; obtaining consent from Our customers for Our use of any service providers who will be processing any personal data; and ensuring that Our service providers agree in writing to comply with these requirements.
- If You are based in California or are otherwise subject to the California Consumer Privacy Act ("CCPA"), please note that We do not intend to sell Your data to any parties. As such, We endeavor to complete contracts with Our service providers in compliance with the legal requirements, inclusive of such providers instituting Do Not Sell mechanism where applicable to their exchange of personal information about You.
- Children's Privacy. Our Site is not intended for use by anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If We discover that We have collected or received personal information from or about a child under 13 without verification of parental consent, We will delete that information. If You believe We might have any information about a child under 13, please reach out via the method(s) listed in the "Contact Us" section below.
- Changes to this Policy. We may update this Policy from time to time and when doing so will revise the Last Updated Date listed at the top of this page. We suggest you review this Policy periodically for any changes, Your continued use of the Site reflects your understanding and acceptance of the statements in this Policy. You are responsible for ensuring We have an active, deliverable e-mail address on file for You and for periodically visiting Our Site and this Privacy Policy to be sufficiently apprised of any changes We make. As required by law or where We deem relevant, We may deliver notice of updates to this Policy to Your e-mail address on file.
- Contact Us. If You have any questions about this Policy or Our practices related to Your information in connection with the Site, You can contact Us via e-mail at hello@mondoo.com.