Contrast Security has a deep commitment to ensuring maximum Privacy and Information Security standards as evidenced by our product offerings and our internal compliance environment. We do not collect Personally Identifiable Information (“PII”) on our website other than voluntarily. If you are ever asked to provide PII or other confidential information to someone claiming to represent Contrast Security, please notify email@example.com. If you believe you have discovered a security vulnerability at Contrast or with one of our products or services, please contact us immediately at firstname.lastname@example.org and provide us with your contact information; please do not include any particulars in written format.
We are committed to safeguarding the information in our custody and under our control. Our compliance program is dynamic and proactive allowing us to stay abreast of the latest changes and enhancements to the ever evolving global compliance landscape. We have implemented practical and sound administrative, technical and physical safeguards in an effort to protect against unauthorized access, use, modification and disclosure of this information. This is a responsibility that we take seriously and we have strong internal controls around change management and employee accountability.
A co-founder of Contrast Security was also the founder of The Open Web Application Security Project (“OWASP”). OWASP is a global not-for-profit charitable organization focused on improving the security of software. They provide impartial, practical information about AppSec to individuals, corporations, and other organizations worldwide. To further demonstrate the priority that Contrast gives to our compliance environment, we have a dedicated Data Privacy and Compliance Officer with over 25 years’ experience whose sole function is oversight of our operational risk environment. Our hosted product environment resides with Amazon and they adhere to the strictest of standards with regard to information security, data privacy and compliance. They are SOC2-compliant and were the first Cloud Service Provider to adopt the new PCI DSS 3.2 assessment in advance of the mandatory February 1, 2018, deadline. While we do not accept any online payments or otherwise collect payment information, we believe this proactive compliance indicates the strength of our hosting provider’s information security framework. For a full list of their Information Security Certifications, please click here. We welcome any questions you may have about the steps we take to ensure the most robust and best-in-class standards and practices at Contrast.
As of 30 August 2016, Contrast is actively engaged in a SOC2 Audit.
Effective as of 1 September 2016
Contrast Security (“Contrast,” “we,” “us,” or “our””) is committed to protecting your applications from vulnerabilities. We have prepared this Statement to describe our protocol around the collection, use, and disclosure of data related to Contrast Security Products and Offerings (the “Service”) or related products and offerings. This Statement is incorporated into and an inherent component of our Terms of Service which can be found at: Terms. The use of the collected information will be limited to the purpose of providing the Service for which you have engaged Contrast Security.
Our Privacy Statement is subject to change due to modifications with regulatory agencies, best practices, or enhancements to the compliance and control environment. If we should ever make a substantial change to the way we use your Application Data or Personal Data, we will notify you by sending you an e-mail to the last e-mail address you provided to us and/or by prominently posting notice of the changes on our website. Any material changes to this Privacy Statement will be effective as of the date and time they are updated on our Website. These changes will be effective immediately for new users of our Website or Service. Continued use of our Website, Service, or related products, following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.
When you visit our website at www.contrastsecurity.com (the “Website”), we collect your IP (Internet Protocol) address as well as other related information such as page requests, browser type, operating system and average time spent on our Website. We use this information to help us understand our Website activity, and to monitor and improve our Website.
Our Website uses a technology called "cookies". For more information about cookies, please click here: Cookies. Cookies are small, often encrypted text files, located in browser directories. They are used by web developers to help users navigate their websites efficiently and perform certain functions. You may set your browser to notify you when you receive a cookie or to not accept certain cookies. However, if you decide not to accept cookies from our Website, certain features may not function as designed. You may also remove cookies. To learn how to do so, please click here: Clear Cookies
Links to our Website may be featured or referenced on other websites that are not under our control and therefore we have no responsibility or liability for the manner in which they operate their sites. Be sure to understand the privacy policies and terms of service of any site you visit. If you believe another entity has posted a link to Contrast Security that is misleading or that compromises the integrity of Contrast Security, please contact email@example.com. Such notifications will be kept in strict confident.
We encourage you to carefully read the privacy statement of any website you visit whether visiting www.contrastsecurity.com or another.
By submitting Application, Personal or other data or information (the “Data”), or making it available to Contrast Security, you agree to the terms of this Privacy Statement and you expressly consent to the processing of your Data in accordance with it.
When you provide us with Data, it is primarily used to respond to requests or to allow us to provide better service to you. Once you become a customer of Contrast, we may send you a welcome e-mail, administrative e-mail notifications, such as security or support and maintenance advisories; send promotional communications, request participation in a survey, send upgrades and special offers related to our Service and for other Contrast-specific marketing purposes. We may contact you by telephone for the purpose of verifying information, reviewing potential vulnerabilities or to solicit feedback.
As we provide web application security services and products, our software is embedded into our clients’ web applications to monitor for vulnerabilities and prevent attacks. For the purposes of performing the web application security services on behalf of our clients, we may collect and use Data through our clients’ web applications. We do not collect or use personal information through your web applications for any purpose other than to provide the Service to which you have subscribed; this includes providing support and answering questions that you may have about the Service.
“Application Data” means data about the performance of your application, system data (such as version data, names of plug-ins, etc.) about the environment in which your application is operating, data about transactions in your application (“Transaction Data”), stack traces and extracts of source code for certain classes of errors, and other similar data related to your application.
Any Application Data we collect is used to notify you of vulnerabilities and attacks and to share application performance information with you. We may also aggregate Application Data across multiple accounts and use this data to create and publish industry benchmarks or comparative application performance metrics. By default, we obfuscate any Individual Transaction Data that we collect. You have the option of changing the configuration of our products so that individual Transaction Data is not obfuscated. You can also disable certain vulnerability rules and/ or the collection of certain types of Application Data collected through our Service. Information as to how to do so can be found here.
You expressly consent to the sharing of your Application Data as described in this Statement.
We offer you choices regarding the collection, use, and sharing of your information. We may, from time to time, send e-mails regarding scheduled maintenance, or that promote the purchase of our Products or Service, etc. You may “opt out” of further communications by following the unsubscribe instructions embedded in the email or by contacting firstname.lastname@example.org. Should you decide to opt-out of receiving future communications, we will advise third-parties with whom we may be associated related to the servicing of your account to ensure you do not receive further communications from them. Regardless of whether you “opt out” or not, we may, but are not obligated to, send you emails and/ or notices related to updates to our Privacy Statement or Terms of Service.
When we delete account information, it will be deleted from the active database, but may remain in our archives. We will otherwise retain your information for as long as your account is active or as needed to provide you with the Service to which you have subscribed. It will also be retained as is necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We will not disclose, sell or otherwise transfer personal information without your prior consent except as otherwise set out herein or, if applicable, in your Agreement or Contract for Service with us.
We may transfer or disclose personal information as follows:
We may post client endorsements on our web site which may contain personal information. All client endorsements require the voluntary consent of the client to provide the endorsement and for us to publicly post it. Should you provide an endorsement and wish for it to be removed at a later date, please contact email@example.com.
Please contact firstname.lastname@example.org with any questions or comments you may have or to file a complaint. We will use the same email address to update, and/ or correct any information that we may have on file for you.
You may also write to us at:
Contrast Security, Inc.
291 Lambert Ave,
Palo Alto, CA 94306
Contrast Security, Inc. (“Contrast”) respects the intellectual property rights of others and expects its users to do the same. In accordance with the Digital Millennium Copyright Act of 1998 (the “DMCA”), the text of which may be found on the U.S. Copyright Office website at http://www.copyright.gov/legislation/dmca.pdf, Contrast will promptly respond to claims of copyright infringement using our Service or Website. Such claims must be reported to Contrast’s Designated Copyright Agent identified below.
If you are a copyright owner, authorized to act on behalf of a copyright owner, or are authorized to act under any exclusive right under copyright, please report alleged copyright infringements by completing the DMCA Notice of Alleged Infringement and delivering it to Contrast’s Designated Copyright Agent. Upon receipt of Notice as described below, Contrast will take whatever action it deems appropriate, including removal of the challenged content from the Website.
DMCA Notice of Alleged Infringement (“Notice”)
Deliver your Notice to Contrast’s Designated Copyright Agent:
Attn: Copyright Agent
291 Lambert Ave
Palo Alto, CA 94306