Our Privacy Policy | IRONSCALES

Privacy Notice

This is a notice to inform you of IRONSCALES LTD and its affiliates (“IRONSCALES”) policy regarding all information (as defined below) we record about users and visitors (collectively, “users”) of our website, available at https://ironscales.com/ (the “website”), our platform, available at https://members.ironscales.com/signin/ (the “platform”), and our mobile app, available on the Google Play and Apple app stores (the “app”, and collectively with the website and platform, the “services”). It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal data”) and information that could not (“anonymous data”, and collectively personal data, “information”). In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information, and "we", "our", or "us" refers to IRONSCALES.

Introduction

We take the protection of your privacy and confidentiality seriously. We understand that all users of our services are entitled to know that their personal data will not be used for any purpose unintended by them, and will not accidentally fall into the hands of a third party. We undertake to preserve the confidentiality of all information you provide to us.

The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data.

General Overview

Information Collection, Use, and Sharing
We are the sole owners of the information collected via our services. We only have access to/collect personal data that you:

voluntarily give us, whether via email or via the platform;
personal data collected from tracking technologies such cookies (provided you consented to our use of such tracking technologies), or analytics tools used on our App; or
other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request.

We may contact you via email in the future to tell you about specials, new products or services, provided: (i) you have requested and/or consented to receiving such communications; or (ii) we have an existing relationship with you, and it would be considered our legitimate interest to do so. If you choose not receive any additional communications, you may unsubscribe at any time using the following link in the email you receive from us or just by replying to that email.

Our services also uses technologies of third-party partners to help us recognize you and your device and understand how you use our services so that we can improve our services to reflect your needs. Specifically, these partners collect information about your activity on our site(s) to enable us to:

measure and analyze traffic and browsing activity and other activity within our services;
show advertisements for our services to you on third-party sites; and
measure and analyze the performance of our advertising campaigns.

Your Access to and Control Over your Personal Data
The following rights (which may be subject to certain exemptions or derogations), shall apply to individuals who are protected by the GDPR:

You have a right to access information held about you. Your right of access is normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
You have the right to request that we amend any personal data we hold that it is inaccurate or misleading.
You have the right to request the erasure of the personal data that relates to you. Please note that there may be circumstances in which we are required to retain your data, for example for the establishment, exercise or defense of legal claims;
The right to object to or to request restriction of the processing. However, there may be circumstances in which we are legally entitled to refuse your request;
You have the right to object to profiling;
The right to data portability. This means that you may have the right to receive your personal data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority
The right to withdraw your consent. Please note that there may be circumstances in which we are entitled to continue processing your personal data, in particular if the processing is required to meet our legal and regulatory obligations.
You also have a right to request details of the basis on which your personal data is transferred outside the European Economic Area, but you acknowledge that data transfer agreements may need to be partially redacted for reasons of commercial confidentiality.

We note that several of the above rights are also available to users from territories outside of the EU (which are not subject to the GDPR) under applicable law. If you would like to know more about your rights, you are welcome to contact us at contact@ironscales.com.

When we process personal data about you

1. We have a contractual obligation with you

When you acquire a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between us.

In order to carry out our obligations under that contract, we must process the personal data you give us, including your first and last name, email address, job title, company name, number of employees and phone number. Some of this information may be personal data.

We may use it in order to:

1.1. verify your identity for security purposes
1.2. sell products to you, upon your request 
1.3. provide you with our services 
1.4. provide you with suggestions and advice on products, services and how to obtain the most from using IRONSCALES

We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.

Additionally, we may aggregate this information in a general, anonymous way and use it to provide class information, for example to monitor our performance with respect to a particular service we provide. If we use the anonymous data for this purpose, you as an individual will not be personally identifiable.

We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract, and for a reasonable period thereafter, for us to have an accurate record of your dealings with us in the event of any complaints or challenges.

2. You provide consent

Through certain actions when otherwise there is no contractual relationship between us or any other legal basis available, you may provide your consent to us to process your personal data.

Wherever possible, we aim to obtain your consent to process this information, for example, by asking you to agree to our use of cookies (and other tracking technologies).

Except where you have consented to our use of your personal data for a specific purpose, we do not use your personal data in any way that would identify you personally.

If you have given us explicit permission to do so, we: (i) will use your personal data to help analyse and improve our services; and (ii) may from time to time pass your name and contact information to selected IRONSCALES associates whom we consider may provide information you would find useful.

We continue to process your personal data on this basis until you withdraw your consent.

You may withdraw your consent at any time by instructing us at by clicking on the link in the email you received or by replying to that email.

3. Legitimate interests

We may process personal data on the basis there is a legitimate interest, either to you or to us, of doing so.

Where we process your personal data on this basis, we do after having given careful consideration to:

whether the same objective could be achieved through other means
whether processing (or not processing) might cause you harm
whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so

For example, we may process your personal data on this basis for the purposes of:

record-keeping for the proper and necessary administration of our business (invoices, contracts, etc.);
protecting and asserting the legal rights of any party;
insuring against or obtaining professional advice that is required to manage risk; or
protecting your interests where we reasonably believe we have a duty to do so

4. Legal obligation

We are subject to the law like everyone else. Sometimes, we must process your personal data in order to comply with a statutory obligation.

For example, we may be required to give information (including personal data) to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. This may include your personal data.

5. Job applications

If you send us information in connection with a job application, we may keep it for up to three years, in case we decide to contact you at a later date.

6. Sending a message to our support team

When you contact us, whether by telephone, through our website or by e-mail or any other means of communication, we collect the personal data you have given to us in order to reply with the information you need.

We keep personal data associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high quality service.

Use of information we collect through automated systems when you use our services

7. Cookies

Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, providing us with statistics about how you use the website so that it can be improved.

Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.

Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.

Our website uses cookies. They are placed by software that operates on our servers, and by software operated by third parties whose services we use.

When you first visit our website, we ask you whether you wish us to use cookies. If you choose not to accept them, we shall not use them for your visit except to record that you have not consented to their use for any other purpose. You can read more about Google’s use of cookies here: www.google.com/policies/privacy/partners/.

We use cookies in the following ways:

7.1. to track how you use our website
7.2. to record whether you have seen specific messages we display on our website
7.3. to record your answers to forms on our site while you complete them 
7.4. to provide you with future messages about phishing mitigation and our products

8. Personal identifiers from your browsing activity

Requests by your web browser to our servers for web pages and other content on our website are recorded.

We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.

We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.

If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website.

9. Analytic Tools

We use certain analytic tools to analyse and improve our services, such as:

Google Analytics. Our website uses a tool called “Google Analytics” to collect information about use of the website. Google Analytics collects information such as how often users visit this website, what pages they visit when they do so, and what other websites they used prior to coming to this website. We use the information we get from Google Analytics to maintain and improve the Website and our products. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to this website is restricted by the Google Analytics Terms of Service, available at http://www.google.com/analytics/terms/us.html/, and the Google Privacy Policy, available at http://www.google.com/policies/privacy/. You may learn more about how Google collects and processes data specifically in connection with Google Analytics at http://www.google.com/policies/privacy/partners/. You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.
Firebase Analytics. We also use a similar tool called “Google Analytics for Firebase”. By enabling this tool, we enable the collection of data about app Users, including via identifiers for mobile devices (including Android Advertising ID and Advertising Identifier for iOS), cookies and similar technologies. We use the information we get from Google Analytics for Firebase to maintain and improve our app(s). We do not facilitate the merging of personal data with non-personally identifiable information unless we have robust notice of, and your prior affirmative (i.e., opt-in) consent to, that merger. Finally, please note that Google Analytics for Firebase’s terms (available at https://firebase.google.com/terms/) shall also apply.
Cross-Device. We may share data, such as hashed email derived from emails or other online identifiers collected on our website with our advertising partners (such as NextRoll). This allows our partners to recognize and deliver you ads across devices and browsers. To read more about the technologies used by NextRoll and their cross device capabilities please refer to NextRoll’s Privacy Notice, available at: nextroll.com/privacy.

10. Our use of re-marketing

Re-marketing involves placing a cookie on your computer when you browse our website in order to be able to serve to you an advert for our products or services when you visit some other website.

We may use a third party to provide us with re-marketing services from time to time. Accordingly, if you have consented to our use of cookies, you may see advertisements for our products and services on other websites. 

Our partners (such as NextRoll) may use non-cookie technologies that may not be impacted by browser settings that block cookies. Your browser may not permit you to block such technologies. For this reason you can use the following third party tools to decline the collection and use of information for the purpose of serving you interest based advertising:

The NAI’s opt-out platform: http://www.networkadvertising.org/choices;
The EDAA’s opt-out platform http://www.youronlinechoices.com/; and
The DAA’s opt-out platform: http://optout.aboutads.info/?c=2&lang=EN.

How we protect your information

11. Security

We have implemented appropriate technical, organizational and security measures designed to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to such information appropriate to the nature of the information concerned. However, please note that we cannot guarantee that the information will not be exposed as a result of unauthorized penetration to our servers. Nevertheless, we make commercially reasonable efforts to make the collection and security of such information consistent with this privacy policy and all applicable laws and regulations. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.

12. Encryption of data sent between us

We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us. Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.

Disclosure and sharing of your information

13. Access to your personal data

13.1. To obtain a copy of any personal data that we hold about you, you may send us a request at contact@ironscales.com.
13.2. After receiving the request, we will tell you when we expect to provide you with the information.

14. Removal of your information

If you wish us to remove your personal data from our records, you may contact us at contact@ironscales.com.

15. Verification of your information

When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your personal data.

16. Third parties we share information with

A list of the third parties with whom we share information with (including in certain cases, personal data) in accordance with the purposes described in this privacy policy, are available upon request sent to us at contact@ironscales.com.

17. Merger, sale or bankruptcy

If, in the future, we sell or transfer some or all of our business or assets to a third party, we will (to the minimum extent required) disclose information to a potential or actual third-party purchaser of our business or assets, or in the event of bankruptcy or a comparable event, we reserve the right to transfer or assign personal data in connection with the foregoing events.

18. Intercompany transfers of data

We ensure transfers within the IRONSCALES group will be covered by an agreement entered into by members of the IRONSCALES group (an intra-group agreement) which contractually obliges each member to ensure that Personal Data receives an adequate and consistent level of protection wherever it is transferred to.

19. Transfers from the EU to overseas

Where we transfer your Personal Data outside of Illusive, for example to third parties who help provide our products and services, we will obtain contractual commitments from them to protect your Personal Data.

Other matters

20. Use of site by children

20.1. We do not sell products or provide services for purchase by children, nor do we market to children.
20.2. If you are under 16, you may use our services only with consent from a parent or guardian

21. How you can complain

21.1. If you are not happy with our services or if have any complaint then you should tell us by email. Our address is contact@ironscales.com.
21.2. If a dispute is not settled then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration. 21.3. If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with a supervisory authority, which varies by jurisdiction.

22. Retention period for personal data

Except as otherwise mentioned in this privacy policy, we keep your personal information only for as long as required by us:

22.1. to provide you with the services you have requested;
22.2. to comply with other law, including for the period demanded by our tax authorities; 
22.3. to support a claim or defence in court

23. California Privacy Rights

23.1. Right to access. California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to contact@ironscales.com. Please note that we are only required to respond to one request per customer each year.

23.2. Do not track notice. We collect personal data our about user’s online activities over time and across different web sites when a user uses our site. If you choose to operate your web browser “do not track” signals or any other mechanism that provides consumers the ability to exercise choice regarding the collection of such information, we will abide by your request and stop collecting such information. We also allow third parties such as such as companies that provide us with analytics tools, and those mentioned above to collect limited portions of personal data (e.g., IP address, Device ID) about your online activities over time and across different web sites you use the site. If you choose not to allow third parties to collect your personal data, you can disable those services using the pop up banner available to user.

23.3. Deletion of Content from California Residents. If you are a California resident under the age of 18 and a registered user, California Business and Professions Code Section 22581 permits you to remove content or Personal Information you have publicly posted. If you wish to remove such content or Personal Information and you specify which content or Personal Information you wish to be removed, we will do so in accordance with applicable law. Please be aware that after removal you will not be able to restore removed content. In addition, such removal does not ensure complete or comprehensive removal of the content or Personal Information you have posted and that there may be circumstances in which the law does not require us to enable removal of content.

24. Review of this privacy policy

We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted here on our services on the day you use our services. We advise you to print a copy for your records.

If you have any additional questions regarding our privacy policy, please contact us.

Last updated: September 2024

For Enterprises

For MSPs & MSSPs

Protect Better

Simplify Operations

Empower Your Org

15,000+ Customers and Counting

Case Studies

Reviews

Osterman Research: AI Trends in Cybersecurity

Case Study: Concentrix

Our Awards

HOW IRONSCALES WORKS

Platform Overview

API Integration

Artificial Intelligence

Human Element

TAKE A TOUR

Product Tours

Platform Overview Tour

GenAI Copilot for Outlook

GPT-Powered Spear Phishing Campaigns

Discover the Reality of Deepfake Threats: Stay Ahead With the Latest Insights

BY USE CASE

Business Email Compromise

Advanced Malware & URL Attacks

Credential Harvesting

Account Takeover Attacks

DMARC Management

Generative AI Attacks

Phishing Simulation Testing

Security Awareness Training

BY PLATFORM

BY PROJECT

BY ROLE

LEARN

Blog

Deepfake Insights

Cybersecurity Glossary

Resource Library

Guides

Platform Tours

CONNECT

Events

Newsletter

LinkedIn

The Hidden Gaps in SEG Protection

New Gartner® Email Security Magic Quadrant™

Are Deepfake Emails Phishing 3.0?

Phishing Prevention

Spear Phishing

Voice Phishing

BY TYPE

MSPs and MSSPs

Resellers

Technology Partners

ENGAGE

Become Partner

Partner Portal

Partner with IRONSCALES

Privacy Policy