Last Updated: January 14, 2020
We may change this Policy from time to time. If we make changes, we will notify you by revising the date at the top of the Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you.
Information You Provide to Us
You may provide us with certain information about you in the course of using our Services such as: when you create an account; use our Community Tools or otherwise participate in any interactive features of the Services; fill out a form; subscribe to an email list or newsletter; request customer support; request a whitepaper; register for a training course, demonstration, free trial, or webinar; participate in a contest or promotion; or otherwise communicate with us. The types of information that we may collect include, but are not limited to, your name, username, email address, job title, phone number, address, payment information, and company name. We may also collect information you supply to us concerning your preferences and interests expressed in the course of use of our Services.
Automatically Collected Information
When you access or use our Services, we automatically collect information about you, including:
- Log Information: We collect log information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address, and the page you visited before navigating to our Services.
- Device Information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
Information We Collect from Other Sources
We obtain information from other sources and combine that with information we collect through our Services. For example, we may collect information about you from third parties and publicly available sources, such as LinkedIn.
Through a partnership with CrowdStrike, Inc. (“CrowdStrike”), we offer a Service called ICS/OT Threat Detection. This integration analyzes device, network, and event data collected as part of your CrowdStrike Falcon deployment to look for indicators of known adversary activity on your IT network. These indicators could reveal that your IT network has been targeted by OT focused actors. As a part of the ICS/OT Threat Detection integration, and with your consent when you download our application from CrowdStrike’s app store, we receive information in the form of event data about your users from CrowdStrike. Such event data largely consists of non-personal information but does contain certain online identifiers such as IP addresses of your users as well as your users’ device IDs that are capable of identifying an individual or their device.
Use of Information
Information we collect about you is used to provide, maintain, and improve our Services, such as to administer your use of our Services and to enable you to enjoy and easily navigate the Sites.
We also use the information we collect to:
- Send you technical notices, updates, security alerts, support, and administrative messages, and to respond to your comments, questions and customer service requests;
- Communicate with you about products, services, offers, and events offered by us and others, and provide newsletters, marketing or promotional materials, and information we think will be of interest to you;
- Monitor and analyze trends, usage and activities in connection with our Services;
- Detect, investigate and prevent fraudulent transactions and other illegal activities and protect the rights and property of Dragos and others;
- Personalize and improve the Services and provide advertisements, content or features that match your interests; and
- Facilitate contests, sweepstakes, and promotions and process and deliver entries and rewards.
We share information about you as follows or as otherwise describes in this Policy:
- With vendors, business partners, consultants and other service providers who need access to such information to carry out work on our behalf including to facilitate operation, access and use of our Services, provide Services on our behalf, perform Site-related services (including, but not limited to, data storage, maintenance services, database management, web analytics, customer relationship management vendors, and improvement of the Sites’ features) or assist us in analyzing how our Services are used;
- In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements;
- If we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of Dragos or others;
- In connection with, or during negotiations of, any merger, sale of our assets, financing or acquisition of all or a portion of our business by another company;
- Between and among Dragos and our current and future parents, affiliates, subsidiaries and other companies under common control and ownership; and
- With your consent or at your direction.
We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
Advertising and Analytics Services Provided by Others
Transfer of Information to the U.S. and Other Countries
Dragos is based in the United States and we process and store information in the U.S. Therefore, we and our service providers may transfer your information to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction.
If you are in the European Economic Area, we provide adequate protection for the transfer of personal data to countries outside of the EEA through a series of intercompany agreements based on the Standard Contractual Clauses authorized under EU law. You are entitled to obtain a copy of these agreements by contacting us using the contact information below.
You may request to review, update, correct, or delete the information provided in your registration or that you otherwise provided to us by contacting us at info@Dragos.com. Please note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.
You may opt-out of receiving promotional emails from us by following the instructions at the bottom of those emails or by contacting us with your request at info@Dragos.com. If you opt-out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
Additional Disclosure for Individuals in Europe
If you are located in the European Economic Area or Switzerland, you have certain rights and protections under the law regarding the processing of your personal data.
Legal Basis for Processing
When we process your personal data, we will only do so in the following situations:
- We need to use your personal data to perform our responsibilities under our contract with you (e.g., processing payments for and providing the Services).
- We have a legitimate interest in processing your personal data. For example, we may process your personal data to send you marketing communications, to communicate with you about changes to our Services, and to provide, secure, and improve our Services.
- We find such processing is necessary to comply with our legal obligations.
- We have your consent to do so. When consent is the legal basis for our processing, you may withdraw such consent at any time.
Data Subject Requests
You have the right to access personal data we hold about you and to ask that your personal data be corrected, erased, or transferred. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may contact us as indicated below and please specify in the subject line of any email “Data Subject Rights Request.”
We store the information we collect about you for as long as is necessary for the purpose(s) for which we originally collected it, or for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.
Questions or Complaints
If you have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your Data Protection Authority, please see:
If you have any questions about this Policy, please contact us at info@Dragos.com.
For residents of the European Economic Area (“EEA”), our EEA Representative for data protection matters within the European Union, pursuant to Art. 27 of Regulation (EU) 2016/679 (the General Data Protection Regulation, or GDPR), is:
Attn: Dragos, Inc.