Privacy Policy

Notice of Privacy Practices

Updated: October 3, 2023

IOActive, Inc (IOActive) helps to safeguard the most important assets and improve the overall security posture of the Global 500 and other progressive enterprises. Protecting and respecting information, whether it is proprietary or personal, is our core competency. Below, we disclose our data protection and information privacy practices for the IOActive website, as well as its offline support services.

How Can You Contact Us?
IOActive, Inc.
Attention: Privacy
1426 Elliott Avenue W
Seattle, WA 98119

If you are located in North or South America, please contact us at: privacy@nullioactive.com

Other locations, please contact us at: privacy@nullioactive.co.uk

We Collect Limited Information

On our website, or during other interactions with IOActive, we may collect your personal information directly from you, such as your e-mail address, name, home or work address or telephone number.
You may provide this information when you:

  • Register as a licensed user
  • Participate in a survey, blog or forum
  • Place an order
  • Authenticate an order
  • Send e-mail to us
  • Request information from us

We may collect information indirectly and automatically, including the pages you view, the links you click and other actions you take in connection with IOActive’s website and services. Also, your browser sends information to every website you visit, such as your IP address, browser type and language, access times, and referring website addresses. These may also include data about your browser, cookie, web beacon or other information.

Our sites are not intentionally designed for or directed at children under 13 years old. Our policy is to NOT knowingly collect or maintain information about anyone under that age.

We Use Cookies

A cookie is a small data file sent to your web browser by a website’s server to process information more efficiently. A cookie file can contain information such as a user ID that the website uses to track the pages you have visited. However, the only personal information a cookie can contain is information you supply yourself. Cookies cannot read data off your hard drive, destroy files, or send viruses. Cookies basically avoid duplication of information. For example, by setting a cookie on the website, you do not have to enter a password more than once. This saves you time when visiting the website.

Cookies also enable us to track and target the interests of our users to enhance their experience on our website. You can set your browser to reject a cookie. If you do so, you will still be able to use the website, but you may be limited in some areas of the website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our website. For more information about cookies and how to turn them off, please visit the Interactive Advertising Bureau’s website at https://www.allaboutcookies.org/.

We Use Your Information in Limited Ways

IOActive will use your personal information to communicate with you, at your request. We may also send certain mandatory service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements. We may also occasionally send you product surveys or promotional mailings to inform you of other products or services available from IOActive and its affiliates.

We use your information to deliver requested services or to carry out transactions. For instance, if you apply for a position with IOActive with a resume or curriculum vitae, we will use that information to match you with available opportunities.

IOActive may also use information you provide to more effectively operate and improve its website. These uses may include:

  • Providing you with more effective customer service
  • Making the website or services easier to access
  • Performing research and analysis aimed at improving our products, services and technologies
  • Displaying content that is customized to your interests and preferences

Personal information collected on IOActive sites and services may be stored and processed in the United States or any other country in which IOActive or its subsidiaries or agents maintain facilities. By using an IOActive site or service, you consent to any such transfer of information outside of your country.

Do We Share Your Information?

Except as described in this statement, we will not disclose your personal information outside of IOActive and its controlled subsidiaries and agents without your consent.

We occasionally hire other companies to provide limited services on our behalf, such as:

  • Handling the processing and delivery of mailings
  • Providing customer support
  • Hosting websites
  • Processing transactions
  • Performing statistical analysis of our services

We minimize the information shared with those companies to only that needed to deliver the requested service. They are required to maintain the confidentiality of the information and are prohibited from using it for any other purpose.

You should be aware that we may access and/or disclose your personal information if we believe such action is necessary to:

  1. Comply with the law or legal process served on IOActive.
  2. Protect and defend the rights or property of IOActive (including the enforcement of our agreements).
  3. Act in urgent circumstances to protect the personal safety of users of IOActive services or members of the public.

How Can You Access Your Information?

If you wish to change or view the information kept by IOActive about you or your organization, please contact your IOActive sales representative or contact us at the above mailing address or e-mail address.

You Can Choose How We Use Your Information

If you do not want IOActive to contact you or your company for marketing purposes by e-mail, postal mail, fax and/or phone, you may opt out by using the unsubscribe options on all marketing email, by contacting our customer service representatives via e-mail, or by writing to us at the above addresses.

Security of Your Personal Information

IOActive is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. For example, we store the personal information you provide on computer systems with limited access that are in controlled facilities. Our personnel who have access to the data are trained to maintain the confidentiality of such information. When we transmit highly confidential information over the Internet, we protect it through the use of encryption.

Changes to This Privacy Statement

We will occasionally update this privacy statement to reflect changes in our services and customer feedback. When we post changes to this Statement, we will revise the “last updated” date at the top of this statement. If there are material changes to this statement or our information practices, we will notify you either by prominently posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how IOActive is protecting your information.

Self-Certification of EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework

For IOActive employees and contractors, we comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. IOActive has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. IOActive has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.