Privacy Policy

This privacy notice is effective starting January 1, 2023.

Fortify 24×7 is committed to protecting the privacy of all individuals who entrust their personal data with us. As a company dedicated to protecting data, our collection and use of personal data is guided by our mission to prevent malware attacks and protect our customers’ data.

This privacy notice applies to the personal data collected, processed, or stored by Fortify 24×7, and its subsidiaries (“Fortify”, “we”, “our” or “us”), when you visit our websites, register to attend an event, download and install any of our products, including consumer versions of our products, use any application we provide to you, or utilize any of our services.

If you have any questions regarding this notice, see the Contact Us section later in this statement.

Why We Collect and Use Your Data

Fortify will only collect, use, or store your personal data when we have a fair and lawful purpose for such processing. We rely on several legal basis for the purposes described in this privacy notice, including:

  • as necessary to provide a service requested by you, such as when you request a whitepaper or register to attend a webinar
  • as necessary to fulfill or perform a contract we enter with you, or an organization you work for, such as when our products and services process information about the computer they are installed upon
  • where you have given your consent, which you may revoke at any time, to process your personal data for a specific purpose, such as subscribing to receive an email from us about our company’s products and services
  • when we have a legal obligation, or the processing is in the public interest or in furtherance of a vital interest
  • the processing is necessary to further our legitimate interests, which may include the improvement of our products or services, securing our systems and to protect against fraud

We collect information from you for the following purposes:

Service Delivery and Product Improvement

  • Enable the trial, purchase and delivery of our products and services
  • Improve the performance and optimize the utilization of our products and services
  • Provide customer support, and respond to requests, questions and comments

Marketing, Events and Promotions

  • Deliver information about our products, services and promotions, including advertising
  • Register you for webinars, events and conferences
  • Improve the operation of our websites and effectiveness of marketing campaigns
  • Administer contests, promotions, surveys and focus groups

Improve Internal Operations

  • Analyze your use of our products and services to drive improvements
  • Manage our sales and marketing activities, and measure corporate performance

Fraud Prevention, Security and Compliance

  • Protect the security and integrity of our products, services and data
  • Prevent fraudulent transactions, protect our intellectual property and other assets
  • Meet our corporate reporting, compliance and fiduciary obligations

What We Collect and How We Use Your Data

When Visiting Our Websites
We automatically collect and aggregate information related to your use of our websites. We use technologies, such as cookies, to enable functionality, measure performance, and provide relevant information when you visit or return to our sites. This information helps our websites work correctly, provide information about our products and services, and supports our efforts to understand our customers’ interests.

We collect the following types of information from you when you visit our websites:

  • Device and Browser Information: We collect information about the device and browser you use when visiting our websites, including information such as the Internet Protocol (IP) address of the device, your preferred language, the type of device you use, the device operating system and browser type.
  • GeoLocation: We derive the approximate geographic location, such as country, based upon the IP address of the device used when visiting our website to analyze traffic and improve our site.
  • Browsing Activity: We collect information about how you browse our website, including the address of referring websites, the pages you visit, and the path you take through our websites.
  • Cookie and Related Technologies: We use technologies, such as cookies and related technologies, to collect information about the use of our websites to determine the effectiveness of content or the email messages you’ve subscribed to.
  • Social Media Features: Our websites allow you to share information on your social media platform of choice, such as Facebook, Google+, Twitter, and LinkedIn. These features are usually recognizable by their third-party logo and may collect your IP address, the page you are visiting on our site, and set a cookie to enable the feature to work properly when you use this functionality.

When Requesting Information or Registering for An Event
You may sign up to receive information about our company, our products and services, cybersecurity news and information, access our partner portal and register to attend an event on our websites. Based on your consent, we may send you electronic communications to keep you informed of changes to our products and services.

Your personal data will be accessed by authorized Fortify personnel to deliver the requested information and market to you in compliance with this privacy notice. We may also provide your personal data to trusted third-party providers to help us deliver the information you requested, support event activities, or provide updates about Fortify products and services. Third-party providers are not permitted to use your information for any other purposes.

Data collected when requesting information from us
The personal data we collect to deliver the information you requested, or register you for an event, may include your name, title, company name, email address, country, phone number and recent web activity.

You can update your information, review your communication preferences, or stop receiving further communications from us by following the instructions contained within each communication we send you.

When Using Our Products and Services
Our products analyze software and activity on a computer to determine if malware is present, provide information about the security of the computer and respond to potential security threats. You may configure the software to upload potentially malicious computer code to our servers for further analysis. The software collects limited personal data to perform these functions. The uploaded potentially malicious computer code is de-identified and maintained separately from information that may identify an individual. Some personal data may be transferred to Fortify to enable us to provide support and billing.

When providing professional services to our clients, Fortify may collect personal data from our clients, users of our clients’ networks and systems, and individuals that connect to our clients’ networks and systems. The collection and use of this personal data are limited to providing the professional service to the client. Authorized Fortify personnel will access personal data and we may transfer personal data to trusted third-party providers to help us provide professional services to our clients.

Data collected by our products and services
As part of using our products and services we collect information that is necessary to perform an analysis of potentially malicious software or activity detected by our products, manage licenses, and communicate with customers. Your personal data is stored on Fortify’s cloud-based infrastructure.

Analysis of potentially malicious software and activity
When the product is configured by the user or customer, potentially malicious executable files and forensically relevant computer activity data may be collected for analysis. Data contained within the potentially malicious executable files is non-personal, and any attribution data is deleted or anonymized prior to analysis.

When Purchasing Consumer Products from Us
When purchasing consumer products from us and related offerings, we use PCI/DSS-compliant services provided by trusted third-parties to process payments for your subscription. Fortify does not store or have access to your payment card information.

Information from Third-Parties
As part of our marketing activities, we may receive additional information about you from third-party service providers to supplement the information you provided directly to us, so we can provide more relevant information about our company, products and services to you. The information we receive is public information related to the organization or business you work for, such the size of your company, industry, and business mailing address.

Who We Share Your Data With
We do not sell, lease, or trade the personal data we collect from you. We may transfer your personal data to other Fortify entities located in the United States and worldwide for the purposes outlined in this privacy notice. We may provide access or transfer your personal data to authorized Fortify personnel, business partners and trusted third-party providers, including those who help us market, provide support, maintain or service our products and services.

The personal data shared with Fortify entities may include: name, e-mail address and telephone number, company, title, work address, your recent interactions with our business applications, and event attendance.

Fortify requires our partners and third-party providers to take commercially reasonable steps to safeguard your personal data, comply with applicable laws and regulations, and not using your personal data for other purposes unless you have provided consent.

We may disclose your personal data to government agencies and law enforcement officials when we believe it is necessary to respond to subpoenas, court orders, other legal process or as required by law and to prevent or take action regarding illegal activities, suspected fraud or software piracy, and situations involving potential threats to the physical safety of any person, or in cases where we believe our intellectual property rights may be violated.

We may also provide access to, assign, or disclose your personal data, in connection with a corporate transaction, such as a merger, acquisition, or purchase all or a portion of our company assets.

How We Protect Your Data
We are committed to ensuring that your personal data is secure. We take commercially reasonable measures, including physical, administrative and technical safeguards, to protect your personal data from unauthorized access, use, alteration, destruction and disclosure.

Fortify 24×7’s Security and Privacy teams establish policies and controls, monitor compliance with those controls, and prove our security and compliance to third-party auditors.

Our policies are based on the following foundational principles:

1. Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.
2. Security controls should be implemented and layered according to the principle of defense-in-depth.
3. Security controls should be applied consistently across all areas of the enterprise.
4. The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.
5. All datastores with customer data are encrypted at rest. Sensitive collections and tables also use row-level encryption. This means the data is encrypted even before it hits the database so that neither physical access, nor logical access to the database, is enough to read the most sensitive information.
6. Fortify 24×7 uses TLS 1.2 or higher everywhere data is transmitted over any network.

 

How Long We Store Your Data
We retain your personal data for the period necessary to fulfill the purposes for which it was collected, or for a reasonable period thereafter to comply with our legal obligations, and contractual and business operations requirements. With relation to personal data collected by our products and services, we retain information during the term of the agreement, based upon instructions provided by our customers, or for shorter periods of time as described in the applicable product or service documentation. Non-personal data, such as samples of potentially malicious software or anonymized data, may be retained indefinitely for the purpose of improving the performance of our products and services.

Our Use of Cookies and Other Tracking Technologies

How We Use Cookies and Other Tracking Technologies
We use cookies, web beacons, pixel tags and other tracking technologies on our websites or emails to, to:

  • present information to you based on your expressed preference, such as desired language
  • collect statistics regarding your website usage, such as time spent, pages viewed, and actions taken on our websites
  • allow us to measure and improve the effectiveness of our marketing activities
  • provide you with messages that is more relevant to your interests, demographics or industry
  • in some cases, to deliver advertising about our products and services to you when you visit websites owned by other third-parties

Please bear in mind that disabling cookies may reduce the functionality of our website.

Use of Analytics Services
Fortify uses services from trusted third-parties to collect and analyze data from users about their use of our websites, products and services. We use this information to improve the quality and functionality of the services we provide, and to develop features that serve you and other users.

The types of information that we collect include the date and time a user accesses our website, products or services, the IP address the request came from, the features they use, and their frequency of use.

Use of Third-Party Cookies
Fortify and its partners, including ad networks, use cookies and other tracking technologies to manage our advertising delivered on other sites. We may display targeted advertisements to you while you are visiting our website, and other websites, based on information we obtain from you, or from third-parties.

Do Not Track
Currently, we do not alter our data collection and use practices in response to Do Not Track (DNT) signals.

International Transfers of your Data
Fortify may transfer your personal data to the United States, to a subsidiary located outside of the United States, or to a third-party or business partner located outside of the United States to operate our business and fulfill the purposes described in this notice. In situations where you are located outside the United States and choose to provide information to us, we may transfer your personal data to the United States and process it there. By using our websites or providing any personal data to us, where applicable law permits, you consent to the transfer, processing, and storage of such information outside of your country of residence where data protection standards may be different.

Children’s Privacy
We do not knowingly collect any information from anyone under 13 years of age. If you become aware that your child has provided us with personal data, please contact us.

If we become aware that a child under 13 has provided us with personal data, we will remove such information from our active systems and will terminate the child’s account.

Your California Privacy Rights
If you are a California resident, California Civil Code Section 1798.83 permits you to request and obtain from us once a year, free of charge, information regarding the disclosure of your personal information by the Fortify to third-parties for the third-parties’ direct marketing purposes.

Your Rights and Contacting Us
To the extent allowed by applicable law, you have the right to request details of the personal data we have about you, update inaccurate information, request your personal data be deleted, right to restrict processing of your personal data, right to data portability, and object to the collection or use of personal data we process based on our legitimate interests as a company. In some cases, you may be directed to make your request to the organization who licensed our software or services.

If you live in the European Economic Area and are dissatisfied with our use of your personal data, you have the right to lodge a complaint with your local supervisory authority. You may find contact details on ec.europa.eu.

Contact Us

We value your feedback. If there are any questions regarding this notice, or our collection and use of your data, you may contact us by email, or write to us at:

Global
Fortify 24×7
Attn: Chief Privacy Officer
2067 Apa Road
Point Roberts, WA 98281
[email protected]

Updates to our Privacy Notice
Each time you use Fortify website, products or services, the current version of this notice will apply. We reserve the right to change this notice at any time to reflect changes in the law, the Fortify products and services we provide, our business and technology, and our data collection and use practices.

If we make any material changes, we will notify you using your email address on record or by placing a notice on the site prior to the change becoming effective.

Your continued use of the Fortify products, services or website following the posting of changes to this notice will be deemed your acceptance those changes.