Privacy Policy
These policies play an important role to maintain a positive experience for everyone that uses EdgeWatch.
References to “we”, “our” or “us” in this privacy and cookies policy (“Privacy Policy”) mean Edgewatch – Occentus Network SL. (“EdgeWatch.”, “we”, “us”, or “our”), a private limited liability company incorporated in Spain, with registered offices at Vila de Madrid 44, ES46988 Paterna, under registration and tax number ESB97933022.
For the purposes of data protection laws, we are the “Data Processor” in respect of the personal information collected through our website located at https://edgewatch.com/ (“Site”).
- SCOPE We collect certain information through our Site, including through the products and services provided on the Site. This Privacy Policy lays out our policies and procedures surrounding the collection and handling of any such data that identifies an individual user or that could be used to contact or locate him or her personally (“Personally Identifiable Information” or “PII”). This Privacy Policy applies only to our Site and to the products and services provided through our Site. It does not apply to any third-party site or service linked to our Site or recommended or referred by our Site, through our products or services, or by our staff. And it does not apply to any other website, product, or service operated by us, or to any of our offline activities.
- THE PII AND OTHER SENSITIVE DATA WE COLLECT We automatically collect the following PII from users that visit our Site:
- IP address
- web browser type and version
- operating system
- a list of URLs starting with a referring site, your activity on Our Site, and the site you exit to
- name
- email address
- company name
- title
- Name
- VAT number
- Address
- Zipcode
- City
- Country
- Target URL and settings (including testing credentials if provided)
- Vulnerability details including Requests/Responses for each vulnerability found
- Product logs, including the URLs tested and full requests (temporarily, up to 60 days)
- OUR USE OF PII All personal data is stored securely in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). For more details on security see section 6, below. We use your PII to personalize your experience on our site, to create your account, to communicate with you about products and services we provide, to provide you with news, and for billing. We also use that information to the extent necessary to enforce our Site’s Terms of Use and to prevent imminent harm to persons or property. We are the owners of the anonymous data related to the use of our Site and may use such anonymous data for statistical or commercial purposes. Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following bases applies:
- you have given consent to the processing of your personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which we are subject;
- processing is necessary to protect the vital interests of you or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- THE COOKIES WE COLLECT AND THE USE WE GIVE THEM A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer or mobile phone (referred to here as a “Device”) browser from a website’s computer. It’s stored on your Device’s hard drive. Each website can send its own cookies to your browser if your browser’s preferences allow it, but to protect your privacy your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites. Cookies give us usage data, like how often you visit, where you go on the Site, and what you do. We use cookies so that our Site can remember you and provide you with the information you’re most likely to need, and also to compile statistical anonymous information. Please note we collect certain information from all users, including web visitors who simply peruse our Site. We may also use third-party cookies (for example, Google AdSense and DoubleClick) and Web beacons on our Site to deliver advertising displayed to you on third-party sites. We may also use cookie information to know when you return to our Site after visiting these third-party sites. Additionally, we may also use analytics services (such as Google Analytics, Optimizely, New Relic, and others) to help analyze how users use the Site. It is possible to opt out of the use of cookies for advertising targeting purposes by visiting https://tools.google.com/dlpage/gaoptout/. Similarly, to cookies, we may also use “web beacons”. Web beacons are used as a mechanism to help us track your visits to our site and whether or not you open our emails. The pages of our Site and the emails we send you may contain web beacons. In addition, we may use several third-party services that embed web beacons on our site for similar tracking purposes. These third-party services are used to provide additional features to users, such as the ability to share content on our site with your social network. In the table below, you can find the cookies and web beacons that we currently install on your browser or Device, their purpose and max lifespan:
- _ga Used by Google Analytics to distinguish users (2 yrs)
- _gid Used by Google Analytics to distinguish users (1 day)
- _gat Used by Google Analytics to throttle request rate (1 min)
- _gcl* Used by Google Adsense (3 mo)
- NID; DV; 1P_JAR Used by Google to store preferences (6 mon)
- __stripe_* Used by Stripe to provide fraud prevention
- PROTECTION OF PII AND OTHER SENSITIVE DATA As owners of a security product, we take PII security very seriously. The following list is a non-exhaustive list of security controls we implemented to protect our infrastructure, our product, and your PII:
- We only allow communications to our servers, that host our product and site, through a secure channel (HTTPS) using TLS. HTTPS allows for the authentication of the visited website and protection of the privacy and integrity of the exchanged data.
- All of our infrastructure is hosted in a top-tier cloud provider, where security has been scrutinized. We use managed services supplied by the cloud provider to the highest possible extent. We also use their security features and controls, to segregate and monitor our service networks, for audit logs, and for security event management. The frontend, backend, and database servers use private and segregated networks controlled by security groups.
- We also follow the best security practices, including (but not limited to):
- Principle of the least privilege (to access our systems and data),
- Encryption of sensitive data at rest,
- Server hardening and security updates,
- Requiring 2-factor authentication to access our systems,
- Central logging
- Secure Software Development Life cycle, including periodic security assessments (manual and using Edgewatch)
- THIRD-PARTY ACCESS TO YOUR PII We give or may give in the future certain independent contractors access to PII (“Data Processors”). No Data Processor will be retained without first entering into contracts in which they agree to protect PII using procedures reasonably similar to ours and will only process PII in accordance with our instructions. We may also disclose PII to attorneys and investors bound to confidentiality restrictions and to law enforcement authorities, courts, and public regulators, whenever such is required by applicable legislation. Finally, we may share PII in connection with a transaction of all or substantially all of our assets. To provide the services, we rely on different data subprocessors, which process different categories of data. Processors never store data outside of the scope of their specific purpose. These subprocessors are listed below, with a description of the service and the location where data is hosted. This list may be updated by Edgewatch from time to time:
- Stripe, Inc.
- Payment processing
- USA
- Google
- Analytics, Tag Manager, Workspace
- USA
- Stripe, Inc.
- YOUR RIGHTS Before your account can be activated, you will be required to confirm that you have read and agreed to the Site’s Terms of Use and taken knowledge of this Privacy Policy. You can access and change any PII we store by contacting us directly at the following e-mail address: [email protected]. The access and correction of your PII are free of charge. You acknowledge, however, that all PII you provide must be accurate and updated. You may also oppose, at any time and free of charge, the use of your PII for direct marketing or any other form of commercial use. Should you wish to do so after receiving an e-mail or SMS from us, we will provide you with a simple option to opt-out or remove yourself from our marketing directory. You may also withdraw your consent to our processing of your PII whenever such processing is dependent on consent. This may be done simply by sending us an email to [email protected]. Furthermore, you may at any time request that we delete or limit the PII we hold related to you. You may also request the portability of your PII in accordance and within the limits of applicable law. It is your right to also request that we notify third parties with whom we may have shared your PII and also request that they comply with your instructions.
- WHERE WE STORE YOUR PII AND FOR HOW LONG Unless expressly agreed or contracted otherwise, all the PII regarding our users is stored on secure servers located within the European Union. We will inform our users should we eventually change our policy. Our objective is that our users have a long-lasting relationship with our Site, even if visits are not very frequent. We will store your PII and your account will continue to be active for three years following your last interaction with our Site. Prior to closing your account, we will notify you asking whether you wish to maintain your account active. After a deletion request, your PII will be retained for up to 3 months as part of backup procedures.
- AMENDMENT OF THIS PRIVACY POLICY We reserve the right to revise this Privacy Policy from time to time. We will date and post the most current version of this Privacy Policy on the Edgewatch website – https://edgewatch.com (the “Site”). Any changes will be effective on the date indicated at the top of the revised Privacy Policy. If in our sole discretion we deem a revision to this Privacy Policy to be material, we will notify you via the Service and/or by email to the email address associated with your account. Your continued access or use of any portion of the Service constitutes your acceptance of such changes. If you object to such changes, you must cancel and stop using the Service by the effective date of such changes. For any clarification regarding our Privacy Policy, please feel free to contact us at [email protected].
Report Abuse
If you believe that someone is violating the policies, please report abuse immediately. To report copyright infringement or other pressing legal issues, please use our abuse report form.
Report Cybercrime
If you fall victim to cybercrime, notify your local authorities immediately to file a complaint. Preserve and document all evidence related to the incident and any potential sources. Avoid attack, responding or retaliating on your own or using Edgewatch.
The tools and services of the Edgewatch platform are designed to be complementary and defensive; while they are used by law enforcement agencies, they are not intended to replace or supplant the investigative and enforcement efforts of the authorities in response to a criminal offense.
Report Trademark Infringement
If you suspect that someone is misusing our trademark, please alert us promptly. To address trademark infringement or other pertinent legal concerns, kindly utilize our abuse report form.