Privacy Policy

Notice of Privacy Practices

Updated: September 2025

IOActive, Inc (IOActive) helps to safeguard the most important assets and improve the overall security posture of the Global 500 and other progressive enterprises. Protecting and respecting information, whether it is proprietary or personal, is our core competency. Below, we disclose our data protection and information privacy practices for the IOActive website, as well as its offline support services.

How Can You Contact Us?
IOActive, Inc.
Attention: Privacy
1426 Elliott Avenue W
Seattle, WA 98119

If you are located in North or South America, please contact us at: privacy@ioactive.com

Other locations, please contact us at: privacy@ioactive.co.uk

We Collect Limited Information

On our website, or during other interactions with IOActive, we may collect your personal information directly from you, such as your e-mail address, name, home or work address or telephone number.
You may provide this information when you:

  • Register as a licensed user
  • Participate in a survey, blog or forum
  • Place an order
  • Authenticate an order
  • Send e-mail to us
  • Request information from us

We may collect information indirectly and automatically, including the pages you view, the links you click and other actions you take in connection with IOActive’s website and services. Also, your browser sends information to every website you visit, such as your IP address, browser type and language, access times, and referring website addresses. We also collect information through various tracking technologies including cookies, pixels, software development kits (SDKs), JavaScript tags, local storage, and similar technologies as described in more detail below. Our sites are not intentionally designed for or directed at children under 13 years old. Our policy is to NOT knowingly collect or maintain information about anyone under that age.

How We Store Your Information

We use customer relationship management (CRM) tools to store your contact information:

You can visit our CRMs’ websites by clicking on the website links above and you can see how IOActive stores your data on this webpage.

Tracking Technologies and Data Collection

Types of Tracking Technologies We Use

We use various tracking technologies to collect information about your use of our website and services, including:

Cookies: Small data files stored on your device that help us recognize you and remember your preferences.

Pixels/Web Beacons: Small graphics embedded in web pages or emails that help us track user interactions and measure the effectiveness of our communications.

Software Development Kits (SDKs): Third-party code integrated into our website that enables advanced tracking and analytics capabilities, including the LinkedIn Insight Tag, Google Analytics, and Meta/Facebook Pixel.

JavaScript Tags: Code that executes in your browser to collect behavioral data and enable website functionality.

Local Storage: Technology that stores data locally on your device, similar to cookies but with greater storage capacity.

Session Replay Tools: Technologies that may record your interactions with our website to help us improve user experience.

Information Collected Through Tracking Technologies

Through these technologies, we may collect:

  • IP addresses and approximate geographic location
  • Device identifiers and characteristics (browser type, operating system, screen resolution)
  • Website usage patterns (pages visited, time spent, click paths)
  • Referral sources and campaign attribution data
  • Cross-site browsing behavior
  • Device fingerprinting data
  • Social media platform interactions and profile matching data

Data Retention for Tracking

Most tracking data is retained for up to 24 months, though some anonymized analytics data may be kept longer for trend analysis. Profiling data used for advertising purposes is typically refreshed every 7-30 days depending on the platform.

We Use Cookies and Similar technologies

A cookie is a small data file sent to your web browser by a website’s server to process information more efficiently. We also use similar technologies like pixels, SDKs, and local storage that serve comparable functions. A cookie file can contain information such as a user ID that the website uses to track the pages you have visited. However, the only personal information a cookie can contain is information you supply yourself. Cookies cannot read data off your hard drive, destroy files, or send viruses. However, other tracking technologies like SDKs may collect additional device and behavioral information as described in our Tracking Technologies section above. Cookies basically avoid duplication of information. For example, by setting a cookie on the website, you do not have to enter a password more than once. This saves you time when visiting the website.

These technologies also enable us to:

  • Provide personalized content and advertising.
  • Measure website performance and user engagement.
  • Enable social media integrations.
  • Conduct security monitoring and fraud prevention.
  • Facilitate cross-platform user recognition for advertising purposes.

Cookies also enable us to track and target the interests of our users to enhance their experience on our website. You can set your browser to reject cookies, use our cookie banner to adjust your choices, or use the Global Privacy Control signal to indicate your privacy preferences for tracking technologies.. If you reject cookies, you will still be able to use the website, but you may be limited in some areas of the website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies and deploy other tracking technologies when you log on to our website. You can find more information on what cookies IOActive uses on our website on our cookie policy page.

For more information about cookies and how to turn them off, please visit the Interactive Advertising Bureau’s website at https://www.allaboutcookies.org/. For information about opting out of interest-based advertising, visit https://optout.aboutads.info/ or https://optout.networkadvertising.org/.

We Use Your Information in Limited Ways

IOActive will use your personal information to communicate with you, at your request. We may also send certain mandatory service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements. We may also occasionally send you product surveys or promotional mailings to inform you of other products or services available from IOActive and its affiliates.

We use your information to deliver requested services or to carry out transactions. For instance, if you apply for a position with IOActive with a resume or curriculum vitae, we will use that information to match you with available opportunities.

IOActive may also use information you provide to more effectively operate and improve its website. These uses may include:

  • Providing you with more effective customer service
  • Making the website or services easier to access
  • Performing research and analysis aimed at improving our products, services and technologies
  • Displaying content that is customized to your interests and preferences

Personal information collected on IOActive sites and services may be stored and processed in the United States or any other country in which IOActive or its subsidiaries or agents maintain facilities. By using an IOActive site or service, you consent to any such transfer of information outside of your country.

We Use Advanced Tracking and Advertising Technologies To Share Information of Interest to You

IOActive utilizes various tracking technologies and third-party advertising platforms to provide personalized content and advertising. These include:

LinkedIn Marketing Solutions: We use the LinkedIn Insight Tag and related SDKs to:

  • Match website visitors to LinkedIn member profiles.
  • Track conversions from LinkedIn advertising campaigns.
  • Build custom audiences for advertising purposes.
  • Measure the effectiveness of our LinkedIn presence.
  • Enable retargeting of website visitors on LinkedIn.

Google Marketing Platform: We use Google Analytics, Google Ads tracking, and related technologies to:

  • Analyze website traffic and user behavior.
  • Create remarketing audiences across Google’s advertising network.
  • Track conversions and measure advertising effectiveness.
  • Enable personalized advertising based on interests and demographics.

Meta/Facebook Technologies: We use Meta Pixel and related tools to:

  • Track website visitors for advertising on Facebook and Instagram.
  • Measure the effectiveness of our social media advertising.
  • Create lookalike audiences based on website visitors.
  • Enable retargeting across Meta’s platforms.

How Cross-Platform Tracking Works

These platforms use sophisticated matching techniques that may include:

  • Device fingerprinting: Combining multiple device characteristics to create unique identifiers
  • Probabilistic matching: Using statistical models to link devices and accounts.
  • Deterministic matching: Using login information or email addresses to directly link accounts.
  • Cross-device tracking: Following users across multiple devices and browsers.

These technologies track your browsing behavior, page visits, content engagement, and interactions with our website to build detailed profiles of your interests and preferences. While we don’t receive your direct contact information from these tracking technologies without your explicit consent (such as filling out a contact form), the platforms can:

  • Create detailed behavioral profiles based on your website activity.
  • Match your devices and browsers to your social media accounts.
  • Track your activity across multiple websites and apps.
  • Enable us to show you targeted advertising based on your profile.
  • Provide us with aggregate reporting about audience characteristics and behaviors.

The profiling and tracking data is typically retained by these platforms for extended periods (often 12-24 months) and may be combined with data from other websites and sources to create comprehensive advertising profiles. We receive reports about how many website visitors can be matched to platform accounts, which enables targeted advertising campaigns.

Please visit the relevant resource centers for more information on how to disable tracking technologies for retargeting:

Google’s Privacy Policy and Ads Settings

LinkedIn’s Privacy Policy and Ad Preferences

Meta/Facebook Privacy Policy and Ad Preferences

  • Use browser settings to block cookies and similar technologies.
  • Use privacy-focused browsers or browser extensions.
  • Adjust your social media platform privacy and advertising settings.
  • Use our cookie consent banner to adjust your preferences.

Note that opting out of tracking technologies may limit website functionality and your ability to receive relevant content.

Do We Share Your Information?

Except as described in this statement, we will not disclose your personal information outside of IOActive and its controlled subsidiaries and agents without your consent.

We occasionally hire other companies to provide limited services on our behalf, such as:

  • Handling the processing and delivery of mailings
  • Providing customer support
  • Hosting websites
  • Processing transactions
  • Performing statistical analysis of our services
  • Operating tracking technologies and advertising platforms
  • Providing analytics and user behavior analysis

We minimize the information shared with those companies to only that needed to deliver the requested service. They are required to maintain the confidentiality of the information and are prohibited from using it for any other purpose. However, third-party advertising platforms (such as LinkedIn, Google, and Meta) operate under their own privacy policies and may use data collected through our website in accordance with those policies and your settings on their platforms.

You should be aware that we may access and/or disclose your personal information if we believe such action is necessary to:

  1. Comply with the law or legal process served on IOActive.
  2. Protect and defend the rights or property of IOActive (including the enforcement of our agreements).
  3. Act in urgent circumstances to protect the personal safety of users of IOActive services or members of the public.

IOActive does not engage in the sale of personal data for monetary compensation. However, our use of third-party tracking technologies and advertising platforms may constitute the “sale” or “sharing” of personal information under some privacy laws. This includes allowing advertising platforms to collect information about your website visits for their own advertising and analytics purposes. You can opt out of this sharing through the platform controls mentioned above. You can opt-out of correspondence at any time (outside of operational communication) by emailing marketing@ioactive.com with your request to opt-out.

How Can You Access Your Information?

If you wish to change or view the information kept by IOActive about you or your organization, please contact your IOActive sales representative or contact us at the above mailing address or e-mail address. If you have not opted out of information collection by third-party platforms through our website, you will need to contact those platforms directly or use their provided opt-out mechanisms.

You Can Choose How We Use Your Information

If you do not want IOActive to contact you or your company for marketing purposes by e-mail, postal mail, fax and/or phone, you may opt out by using the unsubscribe options on all marketing email, by contacting our customer service representatives via e-mail, or by writing to us at the above addresses. To opt out of tracking technologies and targeted advertising, please use the platform-specific controls mentioned in the “Advanced Tracking and Advertising Technologies” section above.

If you have questions, concerns, or need assistance with website tracking or privacy controls, please contact us at marketing@ioactive.com. Our team will work with you to address your concerns and ensure you receive the website experience you prefer. Transparency is a core value at IOActive, and we’re committed to helping you understand and control how your information is used.

Security of Your Personal Information

We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. For example, we store the personal information you provide on computer systems with limited access that are in controlled facilities. Our personnel who have access to the data are trained to maintain the confidentiality of such information. When we transmit highly confidential information over the Internet, we protect it through the use of encryption. Changes to This Privacy Statement

We will occasionally update this privacy statement to reflect changes in our services and customer feedback. When we post changes to this Statement, we will revise the “last updated” date at the top of this statement. If there are material changes to this statement or our information practices, we will notify you either by prominently posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how IOActive is protecting your information.

Self-Certification of EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework

For IOActive employees and contractors, we comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce for Human Resources personal data. IOActive has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Human Resources personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. IOActive has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Human Resources personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.