Privacy Policy

Last Updated: May 24, 2018

Synack, Inc. (“Synack”, “we”, “our”, “us”), a Delaware corporation with offices at 1600 Seaport Blvd. Suite 170, Redwood City, California 94063, United States of America, is committed to protecting and respecting your privacy. The Synack Privacy Policy (our “Privacy Policy”) explains how we collect, use, process and disclose personal information in connection with your use of Synack’s website at www.synack.com and/or one of our applications, platforms, and other online services (collectively, our “Sites”). Please take a moment to read our Privacy Policy carefully. If you have any questions about our Privacy Policy, please contact us at privacy@synack.com.

Please note our Sites can contain links to third-party websites, applications, and services. Information collected by third parties is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.

ACCEPTANCE OF PRIVACY POLICY

By using our Sites you are accepting the terms of our Privacy Policy and our Terms of Use, and acknowledge our collection, use, disclosure, and retention of your personal information as described in our Privacy Policy. If you do not agree with our Privacy Policy or our Terms of Use, you should not access our Sites.

INFORMATION WE COLLECT

Information you provide us. You provide us with information in the following circumstances:

  • When you contact us. You provide personal information when contacting us through our Sites. For example, we will collect your first and last name, user name, company name, job title, email address, postal address, and phone number when you ask to download content (such as white papers), register for a webcast or other event, or subscribe to email lists.
  • When you create a customer account on our platform. When you create a customer account on our platform you will be required to provide us your first and last name and email address. Customer account holders can provide us with additional information in the course of their use of our platform’s messaging system.
  • Recruitment. When you apply for employment or to work as a member of the Synack Red Team through our Sites, our provider of recruiting services will collect your resume and any additional information that you elect to provide to us, including but not limited to employment history and education.
  • Events and Social Media. We also receive information about you if you participate in a focus group, activity or event, interact with our social media accounts or otherwise communicate with us.

Automatically collected information. When you visit our Sites, certain information is automatically collected from your computer, mobile phone or other access device. This information includes your location, computer operating system, Internet Protocol (IP) address, access times, browsing history and web log information, browser type and language, and “click stream” data, such as domain names and page views.

HOW WE USE COOKIES

We use cookies to collect information about your browsing activities of our Sites over time. Cookies allow us to recognize and count the number of users and to see how users move around our Sites. This helps us to improve the services we provide to you and the way our Sites work.

The types of cookies we use includes:

  • Strictly necessary Cookies. These are cookies that are required for the operation of our Sites. They include, for example, cookies that enable users to log into secure areas of our Sites.
  • Analytical/performance Cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our Sites. This helps us to improve the way our Sites work, for example, by ensuring that our users are finding what they are looking for easily.
  • Functionality Cookies. These are used to recognize users when users return to our Sites. This enables us to personalize our content for you, greet users by name, remember a user’s preferences (for example, a user’s choice of language or region) and tailor our marketing outreach to our users based on their employment profile and engagement with our Sites.
  • Targeting Cookies. These cookies record a user’s visit to our Sites, the pages a user has visited and the links a user have followed. We use this information to make the website more relevant to users.

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Sites. You can find more information about cookies and how to manage them at http://www.allaboutcookies.org/.

HOW WE USE INFORMATION WE COLLECT

In order to fulfil our contract with you, we process your personal data to administer your account and provide the services described in our Terms of Use. Additionally, as it is our legitimate interest to be responsive to you and to ensure the proper functioning of our products and services, we will use the information we collect from you to:

  • personalize our Sites to ensure our content from our Sites is presented in the most effective manner for you and your device;
  • monitor and analyze trends, usage and activity in connection with our Sites and services to improve our Sites;
  • measure and understand the effectiveness of the content we service to you and others;
  • communicate with you;
  • keep our Sites safe and secure, which includes enforcing our Terms of Use;
  • if you have opted in to marketing, communicate with you about products, services, promotions, events and other news and information we think will be of interest to you; or
  • provide third parties with statistical information about our users (but those third parties will note be able to identify any individual user from that information).

HOW WE SHARE AND DISCLOSE YOUR INFORMATION

We do not share your information with third parties other than as described above and as follows:

  • We share your personal information with service providers who help with parts of our business operation, such as cloud storage provides, IT service providers, and analytics and search engine providers that assist us in the improvement and optimization of our Sites.
  • We will share your personal information with third parties in order to (a) comply with laws and respond to lawful requests and legal process, (b) enforce our Terms of Use, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of Synack, its users or the public as required or permitted by law.
  • We will disclose or transfer your personal information to a third party if we sell, transfer, divest, or disclose all or a portion of our business or assets to another company in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction, or proceeding.
  • We will otherwise share your information as directed by you or subject to your consent.
  • With respect to those users who have a user name (and personal photo or avatar, if any, associated with your user name), such information will be displayed on our Sites.
  • Information you provide through your participation in research projects, community discussions, chats, and any correspondence through our Sites, will be shared with other users, our customers or otherwise displayed on our Sites.

WHERE WE STORE YOUR PERSONAL DATA

Our Sites and the servers upon which our Sites are hosted are located in the United States. The personal information that we collect from you will be transferred to the United States. The personal information held by us will be stored in the United States. We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with our Privacy Policy.

In case of transfers of data out of Europe we have committed to comply with the U.S. Department of Commerce’s EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. For more information see the “EU–U.S. Privacy Shield” section of our Privacy Policy.

SECURITY AND RETENTION OF YOUR INFORMATION

We follow generally accepted industry standards to protect personal information submitted to us from unauthorized access, both during transmission and once we receive it. However, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through Sites, we cannot and do not guarantee the security of any information you transmit on or through our Sites, and you do so at your own risk.

We will retain your information while your are active on our Sites and then for a period of 26 months following your last use of our Sites. After this 26 month period of inactivity, we will delete the user’s personal information and usage information though such information will be retained in an aggregated and anonymized format. Information relating to customer accounts on our platform we be retained pursuant to the terms of the relevant customer agreement.

AGE LIMITATIONS

We do not knowingly collect personal information from children under 16. If we learn that we have collected the personal information of a child under 16, we will take steps to delete the information as soon as possible.

YOUR DATA PRIVACY RIGHTS

You have a number of rights under relevant data privacy laws, which include the General Data Protection Regulation (EU) 2016/679. Depending on where you are based, those rights can include the right to (i) request access or copies of your personal information Synack processes, (ii) rectify incorrect personal information, (iii) delete your personal information, (iv) restrict the processing of your personal information, (v) request a commonly structured, machine-readable copy of your personal information and that it is transferred to another data controller, (vi) lodge complaints with competent authorities in your country, and/or (vii) request a list with the names and addresses of any potential recipients of your personal information. To exercise one or more of these rights, or to ask questions or relay concerns, please contact us via email at privacy@synack.com, phone at +1 (855) 796-2251 or by mail at: Synack, Inc., Attn: Legal Department, 1600 Seaport Blvd., Suite 170, Redwood City, California 94063, United States of America.

WITHDRAWAL OF CONSENT

Where you have provided your consent to us processing your personal information, you can withdraw your consent at any time by contacting us at privacy@synack.com.

OBJECTION TO MARKETING

You have the right to opt out of receiving promotional emails from Synack by following the instructions in those emails. If you opt out, we could still send you non promotional emails, such as emails about your Synack account or our ongoing business relations. You can also send requests about your contact preferences or changes to your information, including requests to opt out of sharing your personal information with third parties, to our contact information below.

If you have an account, you can choose to either temporarily set your account offline or permanently delete it. In the event you choose to set your account offline, you will not be able to use our Sites until you decide to reactivate your account and your information will remain with Synack. In the event you delete your account, we will delete all personal information.

EU – U.S. PRIVACY SHIELD

Synack complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Synack has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse Enforcement and Liability. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.

Synack is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission.

Synack is responsible for the processing of personal information it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Synack complies with the Privacy Shield Principles for all onward transfers of personal information from the EU or Switzerland. Synack could be liable for the appropriate transfer of personal information to third parties.

In certain situations, Synack could be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

PRIVACY DISPUTE RESOLUTION

In compliance with the Privacy Shield Principles, Synack commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss citizens with inquiries or complaints regarding our Privacy Policy should first contact Synack via email at privacy@synack.com, by phone at +1 (855) 796-2251 or by mail at: Synack, Inc., Attn: Legal Department, 1600 Seaport Blvd. Suite 170, Redwood City, California 94063, United States of America.

Synack has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Synack, please visit the BBB EU PRIVACY SHIELD website at www.bbb.org/EU-privacy-shield/file-a-complaint for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option could be available before a Privacy Shield Panel.

CHANGES TO THIS PRIVACY POLICY

We update our Privacy Policy from time to time when our privacy practices change. When we update our Privacy Policy, we will revise the “Last updated” date above and post the new Privacy Policy to our Sites.

CONTACTING SYNACK

For questions about accessing, changing, or deleting your personal information, please visit www.synack.com or contact us at +1 (855) 796-2251 or via email at privacy@synack.com.