Privacy Policy
Last Updated: May 1, 2025
Dragos, Inc. and its current and future parents, affiliates, subsidiaries, and other companies under common control and ownership (“Dragos,” “we,” “us,” or “our”) provide this Dragos Privacy Policy (“Privacy Policy”) to explain how we collect, use, disclose, and process personal data about you in relation to Dragos websites, products, services, applications, events, webinars, whitepapers, and other materials or experiences offered by Dragos or that otherwise link or refer to this Privacy Policy (the “Offerings”).
This Privacy Policy does not apply to the data or content that our customers – which are often corporate entities – upload or provide to us when they use our Offerings. Our customers are obliged to comply with relevant privacy law in your jurisdiction when they collect data about you and disclose that data to us. To learn about how we protect our customers’ personal data, please review our Dragos Customer Data Processing Agreement. This Privacy Policy also does not apply when a responsible third party, such as a Dragos partner, collects and uses your personal data. In such cases, the privacy practices of that third party will apply to your interaction with that third party. We encourage you to carefully review the privacy policy of such third parties.
If you have any questions or concerns about our use of your personal data, please contact us using the contact details provided in the “How to Contact Us” section of this Privacy Policy. If you are a job applicant, please refer to our Dragos Candidate Privacy Policy. Our websites include links to other websites whose privacy practices may differ from those of Dragos. If you submit personal data to any of those sites or services, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the Privacy Policy and, in some cases, we may provide you with additional notice, such as adding a statement to our homepage or sending you a notification. We encourage you to review this Privacy Policy in its entirety to stay informed about our personal data practices and the choices available to you.
What Categories of Personal Data Do We Collect?
When Do We Collect Your Personal Data?
How Do We Use Your Personal Data?
What Sources Provide Us with Personal Data?
Does Dragos Share Your Personal Data?
How Does Dragos Secure Personal Data?
Transfer of Personal Data to the U.S. and Other Countries
Additional Information for Certain Jurisdictions
What Categories of Personal Data Do We Collect?
Dragos may collect the following categories of personal data from you:
- Business Contact Personal Data: First name, last name, job title, employer name, work address, work email, and work telephone number.
- Automatically Collected Technical and Device Data: User information used to create and log into the Offerings, including your business contact personal data as described above and password. Log information, including the type of browser you use, access times, pages viewed, your IP address, and the page you visited before navigating to our Offerings. Activity information, such as which reports you download from our Offerings. Device data, including information about the computer or mobile device you use to access our Offerings, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
- Cookies and Analytics Data: Like most online services, we may use cookies and other technologies, such as web beacons, web storage, and unique advertising identifiers, to collect data about your activity, browser, and device. Cookies are small data files stored on your hard drive or in device memory that help us improve our Offerings, your experience, and to see which areas and features of our Offerings are popular by counting visits. Please refer to the Dragos Cookie Policy for more information. Web beacons are electronic images that may be used on our Offerings or emails and help deliver cookies, count visits and understand usage and campaign effectiveness.
- Feedback Data: Through our Offerings or social media platforms, Dragos makes available various online community forums and blogs. You may choose to participate with these resources by interacting with us, interacting with other users or adding your own posts. Dragos may invite you to participate in studies or otherwise provide feedback about your experience. If you do so, then Dragos considers your participation and your posts to be freely given, and we may collect and use your feedback without compensation or attribution to you. However, we’re under no obligation to publish, maintain or retain any of your posts.
- Audio and Visual Data: If you attend or give a presentation during a Dragos-hosted in-person or virtual event, participate in a webinar or agree to be recorded during a telephone conversation or virtual meeting, or visit a Dragos office, we may record and store your voice and image and collect other personal data you provide to us, like your professional biography. If you choose to personalize your account with a photo or social media profile, then Dragos will collect this information, too. We may also document events in other ways, such as by taking photographs, conducting interviews, and recording participation in a live question-and-answer session.
When Do We Collect Your Personal Data?
Business Contact Personal Data: Dragos collects your business contact personal data when you:
- Sign up to attend or participate in an in-person event or webinar
- Sign up for a contest or promotion
- Sign up for SMS or email alerts or notifications related to our Offerings
- Download a white paper or other materials
- Agree to be recorded during a telephone conversation or virtual meeting
- Log in to an Offering feature or portal
- Visit a Dragos office
Automatically Collected Technical and Device Data: Dragos automatically collects your technical and device data when you:
- Visit our Offerings and social media platforms
- Log in to an Offering feature or portal
- Sign up for and use a free product trial
Cookies and Analytics Technologies: Dragos uses cookies and analytics technologies when you:
- Visit our Offerings and social media platforms
- Log in to an Offering feature or portal
- Sign up for and use a free product trial
If you would prefer not to be tracked, most browsers will allow you to (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies — however, doing so may affect how our Offerings work. For further information regarding Dragos’s use of cookies and how to set your cookie preferences, please refer to the Dragos Cookie Policy.
Audio and Visual Data: Dragos collects your audio and visual data when you:
- Visit a Dragos office
- Attend a Dragos-hosted in-person or virtual event
- Attend a partner-hosted in-person or virtual event
- Participate in a recorded telephone or conference call conversation
- Choose to personalize your account with additional information, such as a photo or social media profile
Feedback Data: Dragos will collect your feedback when you:
- Participate in our online community forums and blogs
- Respond to Dragos polls and questionnaires
If you interact with Dragos, interact with other users or add your own posts, then Dragos considers your participation and your posts to be freely given, and we may use your feedback without compensation or attribution to you. Dragos is under no obligation to publish, maintain or retain any of your posts.
How Do We Use Your Personal Data?
Dragos may use your personal data to:
- Provide, maintain, and improve our Offerings, such as to administer your use of our Offerings and to enable you to enjoy and easily navigate the Offerings.
- Send you technical notices, updates, security alerts, support, and administrative messages, and to respond to your comments, questions and customer service requests;
- Communicate with you about products, services, offers, and events offered by us and others, and provide newsletters, marketing or promotional materials, and information we think will be of interest to you;
- Monitor and analyze trends, usage and activities in connection with our Offerings;
- Detect, investigate and prevent fraudulent transactions and other illegal activities and protect the rights and property of Dragos, our customers, and others;
- Personalize and improve the Offerings and provide advertisements, content or features that match your interests;
- Facilitate contests, sweepstakes, and promotions and process and deliver entries and rewards;
- Manage our contractual relationships with vendors, suppliers, business partners, consultants and other service providers with whom we do business;
- Carry out internal functions including training; and
- Administer and manage your investment in Dragos.
What Sources Provide Us with Personal Data?
As described above, Dragos collects personal data from you when you interact with us online or in person. We also collect your personal data from other sources when we reasonably believe that they have your consent or another lawful basis for providing your personal data to Dragos.
Other sources of personal data include:
- Partners and resellers that market and sell our Offerings
- Dragos-related companies
- Service providers that perform services on our behalf, such as survey and marketing providers
- Publicly available sources, such as social media platforms
- Data brokers
- Providers that make user-generated content available to others, such as local business reviews or public social media posts
- Communication services, including email providers and social networks, when you give us permission to seek personal data from these sources
- Referrers, who may share a contact’s name and email address with us using a referral option
Does Dragos Share Your Personal Data?
When we collect and use your personal data as described in this Privacy Policy, Dragos may share it with those listed below:
- Dragos-related companies, including our current and future parents, affiliates, subsidiaries and other companies under common control and ownership
- Service providers as necessary to provide our Offerings
- Service providers as necessary to fulfill a request made by you
- Dragos professional advisors, such as auditors, insurance providers, financial service providers and attorneys
- Public authorities, as required by law to comply with a subpoena or similar legal process or to protect Dragos or its customers
- Customers as necessary to prevent or investigate alleged fraud or other unlawful criminal activity
- Online content technology providers
- Advertisers. For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices. For residents of the European Economic Area, please visit http://www.youronlinechoices.eu/. For residents of Australia, please visit https://www.oaic.gov.au/privacy/your-privacy-rights/advertising-and-marketing/targeted-advertising/ and http://www.youronlinechoices.com.au/.
- Event sponsors. In addition to this Privacy Policy, your personal data is subject to sponsors’ privacy practices
- Contest and promotion sponsors
- Partners and resellers that sell our Offerings
- Your employer/organization
How Does Dragos Secure Personal Data?
We store your personal data in different ways, including in paper and in electronic form, both at our own premises and with the assistance of our service providers.
We maintain reasonable technical and organizational measures to protect the security and the confidentiality of your personal data and require the same of any service providers who may process your data on our behalf. Please keep in mind, however, that no data transmission over the Internet or from a website can be guaranteed to be secure from intrusion. Therefore, while we use reasonable efforts to protect your personal data, we cannot guarantee its absolute security. Any unauthorized access to or use of the Offerings or the information stored by us should be reported to us immediately by sending an email to: privacy@dragos.com.
Transfer of Personal Data to the U.S. and Other Countries
Dragos is based in the United States and we process and store personal data in the U.S. We also have entities, personnel, and service providers in other countries. Therefore, we and our service providers may transfer your data to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. By providing us with your personal data, you consent to this transfer, storage or access in these jurisdictions.
If you are in the European Economic Area, we provide adequate protection for the transfer of personal data to countries outside of the E.E.A. by way of intercompany agreements in accordance with the terms of this Privacy Policy and applicable data protection laws.
Access and Choice
You may request to access, review, update, correct, or delete the personal data provided in your registration or that you otherwise provided to us by contacting us at privacy@dragos.com. Please note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time.
Personal Data of Children
Dragos Offerings are not directed at children, and Dragos does not knowingly collect or sell personal data from individuals under the age of 16.
Third Party Websites
Through the Offerings, we provide links to websites outside of our website, as well as to third party websites. These linked sites are not under our control, and we do not accept any responsibility or liability for third party websites’ policies or processing, collection, use, disclosure or management of your personal data. Before disclosing your personal data on any other website, we advise you to examine the terms and conditions of using that website and its privacy statement or policy. If you provide us with personal data about any third party who is an individual, you must obtain that person’s permission to give us the data and inform them that you have given the data to us.
Promotional Communications
You may opt-out of receiving promotional emails from us by following the instructions at the bottom of those emails or by contacting us with your request at mktg-feedback@dragos.com. If you opt-out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
How to Contact Us
If you have any questions about this Privacy Policy, please contact us at privacy@dragos.com.
Additional Information for Certain Jurisdictions
Australia
Residents of Australia who wish to access, or seek correction of, their personal data, or lodge a complaint about our handling of their personal data may contact us at privacy@dragos.com.
Canada
Your Rights.
Subject to applicable law, you have the right to:
- Ask whether we hold personal data about you and request copies of such personal data and information about how it is processed;
- Request that inaccurate personal data is corrected;
- Request deletion of personal data that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements; and
- Lodge a complaint with us regarding our practices related to your personal data.
If you wish exercise any of these rights, you may contact us at privacy@dragos.com.
When you consent to our processing your personal data for a specified purpose, you may withdraw your consent at any time, and we will stop any further processing of your data for that purpose.
European Economic Area, United Kingdom, and Switzerland
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have certain rights and protections under the law regarding the processing of your personal data.
Legal Basis for Processing
When we process your personal data, we will only do so in the following situations:
- We need to use your personal data to perform our responsibilities under our contract with you (e.g., processing payments for and providing the Offerings).
- We have a legitimate interest in processing your personal data as described in this Privacy Policy (see “How Do We Use Your Personal Data?” above).
- We find such processing is necessary to comply with our legal obligations.
- We have your consent to do so. When consent is the legal basis for our processing, you may withdraw such consent at any time.
Your Rights
Subject to applicable law, you have the right to:
- Ask whether we hold personal data about you and request copies of such personal data and information about how it is processed;
- Request that inaccurate personal data is corrected;
- Request deletion of personal data that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements;
- Request us to restrict the processing of personal data where the processing is inappropriate;
- object to the processing of personal data; and
- request portability of personal data that you have provided to us (which does not include information derived from the collected information), where the processing of such personal data is based on consent or a contract with you and is carried out by automated means.
If you wish to exercise any of these rights, you may contact us at privacy@dragos.com and please specify in the subject line of any email “Data Subject Request.”
Data Retention
We store the information we collect about you for as long as is necessary for the purpose(s) for which we originally collected it, or for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations. We may retain aggregated or de-identified data indefinitely or to the extent allowed by applicable law. We may retain personal data in computer backup or archival copies generated in the ordinary course of our business.
Transfers Outside of the E.E.A., U.K., or Switzerland
When we transfer your personal data outside of the E.E.A., U.K., or Switzerland, we do so in accordance with the terms of this Privacy Policy and applicable data protection laws.
Questions or Complaints
If you have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside.
For contact details of your Data Protection Authority, please see:
http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm, or for Swiss residents, see https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
EU or UK Representative
For residents of the United Kingdon (UK) or European Economic Area (“EEA”), our representatives for data protection matters are as follows:
EU:
EU-REP.Global GmbH,
Attn: Dragos, Hopfenstr. 1d,
24114 Kiel, Germany
UK:
DP Data Protection Services UK Ltd.,
Attn: Dragos, 16 Great Queen Street,
Covent Garden, London, WC2B 5AH, United Kingdom
dragos@eu-rep.global
www.eu-rep.global
Cookies
Please refer to the Dragos Cookie Policy.
United States
These additional disclosures are required by certain state privacy laws to the extent they apply to your use of the Offerings, and serve as a Notice at Collection under the California Privacy Rights Act.
Categories of Personal Data Collected
The personal data that we may collect, or may have collected from consumers in the preceding twelve months, fall into the following categories established by the California Privacy Rights Act and other state privacy laws, depending on how you engage with the Offerings:
- Business contact information, including identifiers such as name, email address, address and phone number.
- Commercial information, such as records of Offerings purchased and other transactional data.
- Internet or other network or device activity details, such as technical data about your use of our Offerings or social media platforms.
- Geolocation data, such as your approximate location based on IP address.
- Audio, electronic or visual data, such as part of a photo or recording for a Dragos in-person or virtual event.
For more information about the personal data we collect, visit the “What Categories of Personal Data Do We Collect?” section above. We collect this data for the business and commercial purposes described in the “How Do We Use Your Personal Data?” section above.
Categories of Personal Data Disclosed for a Business Purpose
The personal data that we may have disclosed about consumers for a business purpose in the preceding twelve months fall into the following categories established by the California Privacy Rights Act and other state privacy laws, depending on how you engage with the Offerings:
- Business contact information, including identifiers such as name, email address, address and phone number.
- Commercial information, such as records of Offerings purchased and other transactional data.
- Internet or other network or device activity details, such as technical data about your use of our Offerings or social media platforms.
- Geolocation data, such as your approximate location based on IP address.
- Audio, electronic or visual data, such as part of a photo or recording for a Dragos in-person or virtual event.
For more information about the personal data we collect, visit the “What Categories of Personal Data Do We Collect?” section above.
Your Data Rights
You may have certain data rights under state privacy laws, including to request information about the collection of your personal data by us, to access your personal data in a portable format, and to correct or delete your personal data. You may also have the right to limit the use or disclosure of your sensitive personal data. Dragos does not collect, share or sell sensitive personal data. If you wish to exercise any of these rights, or appeal a decision with regard to a request made previously, you may contact us at privacy@dragos.com. Depending on your data choices, certain Offerings may be limited or unavailable.
Depending on the nature of your request to exercise your rights above, to ensure the security of your data, we will generally ask you to verify your request using the contact information you have already provided. If you are an authorized agent making a request on behalf of a consumer pursuant to applicable state law, we may ask you to provide information verifying you have proper authority to make the request on behalf of the consumer or we may ask the consumer to verify their identity with us directly.
No Sale or Sharing of Personal Data
We do not sell or share any personal information of consumers, as those terms are defined under the California Privacy Rights Act.
De-identified Data Disclosure
Dragos may use de-identified data in some instances. Dragos either maintains such data without attempting to re-identify it or treats such data as personal data subject to applicable law.
Retention Disclosure
To enable your continued use of the Offerings, we keep your personal data for as long as it is required in order to fulfill the relevant purposes described in this Privacy Policy, as permitted or as may be required by law, or as otherwise communicated to you.
Colorado Privacy Act and Oregon Privacy Act Profiling Disclosure
We do not engage in profiling of consumers in furtherance of automated decisions that produce legal or similarly significant effects, as those terms are defined under the Colorado Privacy Act or the Oregon Privacy Act.