Privacy Policy

This privacy policy (this “Policy”) explains how personal information is collected, used, and disclosed by Synack, Inc. (“Synack” or “we”). This Policy applies to users (individually referred to as “you”) of Synack’s websites, applications, platforms, and other online services (collectively, our “Sites”).

The Sites may contain links to third-party websites, applications, and services. Information collected by third parties is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.

By using our Sites you are accepting the terms of this Policy and our Terms of Use, and consenting to our collection, use, disclosure and retention of your personal information as described in this Privacy Notice.

INFORMATION WE COLLECT

We collect information about you in various ways when you use our Sites. We use this information to, among other things, provide the functionality and improve the quality of our Sites and personalize your experience. For example, we may collect your first and last name, user name, company name, email address, postal address, and phone number (including your mobile phone number). You may also provide us other information through your participation in research projects, community discussions, chats, dispute resolution, correspondence through our Sites, or correspondence sent to us.

When you visit our Sites, some information is automatically collected. For example, when you visit our Sites, we may automatically collect your location, computer operating system, Internet Protocol (IP) address, access times, browsing history and web log information, browser type and language, and “click stream” data, such as domain names and page views. We also collect information about your usage and activity on our Sites using certain technologies, such as cookies, web beacons and similar technologies to provide and improve our Sites and to provide safer experience and personalized experience on our Sites.

We do not knowingly collect personal information from children under 13. If we learn that we have collected the personal information of a child under 13, we will take steps to delete the information as soon as possible.

HOW WE USE INFORMATION WE COLLECT

We do not share your personal information with third parties other than as follows:
We may share personal information with affiliates, third-party vendors, consultants, and other service providers who work for us. Such third party vendors may include vendors who provide fraud detection services to us and other third parties.

With respect to those users who have a user name (and personal photo or avatar, if any, associated with your user name), such information may be displayed on the Sites.

We may share aggregate statistical data for the improvement of services offered by our Sites.
We share personal information with Google Analytics to analyze data and generate reports about aggregate user behavior on our Sites. Google Analytics may view, edit, or set its own cookies and is subject to their own privacy policies and is not covered by this Policy. To learn more about these services visit: http://www.google.com/intl/en/analytics/.

We may disclose your personal information to (a) comply with laws and respond to lawful requests and legal process, (b) enforce our Terms of Use, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of Synack, its users or the public as required or permitted by law.
We may disclose or transfer your personal information to a third party if we sell, transfer, divest, or disclose all or a portion of our business or assets to another company in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction, or proceeding.
Please note that we may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

YOUR INFORMATION ACCESS, CHOICES AND CHANGES

We acknowledge the individual’s right to access their personal information. Individuals wishing to review their data and edit or delete it, may do so contacting Synack via email at privacy@synack.com or by mail at: Synack, Inc., Attn: Legal Department, 1600 Seaport Blvd., Suite 170, Redwood City, CA 94063.
You may opt out of receiving promotional emails from Synack by following the instructions in those emails. If you opt out, we may still send you non promotional emails, such as emails about your Synack account or our ongoing business relations. You may also send requests about your contact preferences or changes to your information, including requests to opt out of sharing your personal information with third parties, to our contact information below.

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Sites.

If you have an account, you may choose to either temporarily set your account offline or permanently delete it. In the event you choose to set your account offline, you will not be able to use the Sites until you decide to reactivate your account and your information will remain with Synack. In the event you delete your account, we will delete all personal information.

SECURITY OF YOUR INFORMATION

We follow generally accepted industry standards to protect personal information submitted to us from unauthorized access, both during transmission and once we receive it. However, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through Sites, we cannot and do not guarantee the security of any information you transmit on or through the Sites, and you do so at your own risk.

CONTACTING SYNACK

For questions about accessing, changing, or deleting your personal information, please visit http://www.synack.com/ or contact us at 1-855-796-2251 or via email at privacy@synack.com.

SITE VISITORS FROM OUTSIDE OF THE UNITED STATES

The Sites and the servers upon which the Sites are hosted are located in the United States. Any personal data that users outside of the United States provide via the Sites will be transferred to the United States, and by visiting the Sites or and submitting personal data, you authorize this transfer.

E.U. – U.S. PRIVACY SHIELD

Synack complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Synack has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse Enforcement and Liability. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.

Synack is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission.
Synack is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Synack complies with the Privacy Shield Principles for all onward transfers of personal data from the EU Synack may be liable for the appropriate transfer of personal information to third parties.

In certain situations, Synack may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

U.S. – SWISS SAFE HARBOR FRAMEWORK

Synack complies with the U.S. – Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data Switzerland. Synack has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Synack’s certification, please visit https://safeharbor.export.gov/swisslist.aspx.

PRIVACY DISPUTE RESOLUTION

In compliance with the E.U. – U.S.- Privacy Shield Principles, Synack commits to resolve complaints about your privacy and our collection or use of your personal information. European Union citizens with inquiries or complaints regarding this Policy should first contact Synack via email at privacy@synack.com or by mail at: Synack, Inc., Attn: Legal Department, 1600 Seaport Blvd., Suite 170, Redwood City, CA 94063.

Synack has further committed to refer unresolved privacy complaints under the E.U. – U.S.-Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Synack, please visit the BBB EU PRIVACY SHIELD website at http://www.bbb.org/EU-privacy-shield/file-a-complaint/ for more information and to file a complaint.

Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/ EU individuals may invoke binding arbitration when other dispute resolution procedures have been exhausted.

In compliance with U.S.-Swiss Safe Harbor Privacy Principles, Synack commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this Policy should first contact Synack via email at privacy@synack.com or by mail at: Synack, Inc., Attn: Legal Department, 1600 Seaport Blvd., Suite 170, Redwood City, CA 94063.

Synack has further committed to refer unresolved privacy complaints under the U.S.-Swiss Safe Harbor Privacy Principles to an independent dispute resolution mechanism, the BBB US SWISS SAFE HARBOR, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Synack, please visit the BBB US SWISS SAFE HARBOR website at www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

CHANGES TO THIS POLICY

We may update or revise this Policy from time to time. You agree that you will review this Policy periodically. If we make any changes to this Policy, we will change the “Last Updated” date below. You are free to decide whether or not to accept a modified version of this Policy, but accepting this Policy, as modified, is required for you to continue using our Sites.

September 30, 2016