<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=113894&amp;fmt=gif">

Privacy Matters

AT Contrast Security

Statement of Responsibility

Contrast Security has a deep commitment to ensuring maximum Privacy and Information Security standards as evidenced by our product offerings and our internal compliance environment. We do not collect Personally Identifiable Information (“PII”) on our website other than voluntarily. If you are ever asked to provide PII or other confidential information to someone claiming to represent Contrast Security, please notify privacy@contrastsecurity.com. If you believe you have discovered a security vulnerability at Contrast or with one of our products or services, please contact us immediately at privacy@contrastsecurity.com and provide us with your contact information; please do not include any particulars in written format.

We are committed to safeguarding the information in our custody and under our control. Our compliance program is dynamic and proactive allowing us to stay abreast of the latest changes and enhancements to the ever evolving global compliance landscape. We have implemented practical and sound administrative, technical and physical safeguards in an effort to protect against unauthorized access, use, modification and disclosure of this information.  This is a responsibility that we take seriously and we have strong internal controls around change management and employee accountability.

A co-founder of Contrast Security was also the founder of The Open Web Application Security Project (“OWASP”). OWASP is a global not-for-profit charitable organization focused on improving the security of software. They provide impartial, practical information about AppSec to individuals, corporations, and other organizations worldwide. To further demonstrate the priority that Contrast gives to our compliance environment, we have a dedicated Data Privacy and Compliance Officer with over 25 years’ experience whose sole function is oversight of our operational risk environment. Our hosted product environment resides with Amazon and they adhere to the strictest of standards with regard to information security, data privacy and compliance. They are SOC2-compliant and were the first Cloud Service Provider to adopt the new PCI DSS 3.2 assessment in advance of the mandatory February 1, 2018, deadline. While we do not accept any online payments or otherwise collect payment information, we believe this proactive compliance indicates the strength of our hosting provider’s information security framework. For a full list of their Information Security Certifications, please click here. We welcome any questions you may have about the steps we take to ensure the most robust and best-in-class standards and practices at Contrast.

As of 30 August 2016, Contrast is actively engaged in a SOC2 Audit.



Contrast Security – Privacy Statement

Effective as of 1 September 2016

Contrast Security (“Contrast,” “we,” “us,” or “our””) is committed to protecting your applications from vulnerabilities. We have prepared this Statement to describe our protocol around the collection, use, and disclosure of data related to Contrast Security Products and Offerings (the “Service”) or related products and offerings. This Statement is incorporated into and an inherent component of our Terms of Service which can be found at: Terms. The use of the collected information will be limited to the purpose of providing the Service for which you have engaged Contrast Security.

Our Privacy Statement is subject to change due to modifications with regulatory agencies, best practices, or enhancements to the compliance and control environment. If we should ever make a substantial change to the way we use your Application Data or Personal Data, we will notify you by sending you an e-mail to the last e-mail address you provided to us and/or by prominently posting notice of the changes on our website. Any material changes to this Privacy Statement will be effective as of the date and time they are updated on our Website. These changes will be effective immediately for new users of our Website or Service. Continued use of our Website, Service, or related products, following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

Information About Our Website

When you visit our website at www.contrastsecurity.com (the “Website”), we collect your IP (Internet Protocol) address as well as other related information such as page requests, browser type, operating system and average time spent on our Website. We use this information to help us understand our Website activity, and to monitor and improve our Website.

Our Website uses a technology called "cookies". For more information about cookies, please click here: Cookies. Cookies are small, often encrypted text files, located in browser directories. They are used by web developers to help users navigate their websites efficiently and perform certain functions. You may set your browser to notify you when you receive a cookie or to not accept certain cookies. However, if you decide not to accept cookies from our Website, certain features may not function as designed. You may also remove cookies. To learn how to do so, please click here: Clear Cookies

Our Website may contain links to other websites that we do not own or operate.  We provide these links as a convenience to you, for informational purposes only. These links are not intended as an endorsement of or referral to the linked websites.  The linked websites have separate and independent privacy statements, notices and terms of use.  We do not have any control over these websites, and therefore we have no responsibility or liability for the manner in which they operate their sites nor what they may collect, use, disclose, secure or otherwise do with personal information. If you choose to click on these links, you will leave our site and be redirected to another site. During this process, a third party may collect Personal or Anonymous Data from you and Contrast is not responsible for their use of your data.

Links to our Website may be featured or referenced on other websites that are not under our control and therefore we have no responsibility or liability for the manner in which they operate their sites. Be sure to understand the privacy policies and terms of service of any site you visit. If you believe another entity has posted a link to Contrast Security that is misleading or that compromises the integrity of Contrast Security, please contact privacy@contrastsecurity.com. Such notifications will be kept in strict confident.

Our web site includes social media features, such as Twitter, LinkedIn, Google Circles, etc. If you access these sites, they may collect your IP address, the page on which you are visiting our site, and they may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy of the company providing it and not by Contrast Security.

We encourage you to carefully read the privacy statement of any website you visit whether visiting www.contrastsecurity.com or another.

Collection and Use of Information

By submitting Application, Personal or other data or information (the “Data”), or making it available to Contrast Security, you agree to the terms of this Privacy Statement and you expressly consent to the processing of your Data in accordance with it.

When you provide us with Data, it is primarily used to respond to requests or to allow us to provide better service to you. Once you become a customer of Contrast, we may send you a welcome e-mail, administrative e-mail notifications, such as security or support and maintenance advisories; send promotional communications, request participation in a survey, send upgrades and special offers related to our Service and for other Contrast-specific marketing purposes. We may contact you by telephone for the purpose of verifying information, reviewing potential vulnerabilities or to solicit feedback.

As we provide web application security services and products, our software is embedded into our clients’ web applications to monitor for vulnerabilities and prevent attacks.  For the purposes of performing the web application security services on behalf of our clients, we may collect and use Data through our clients’ web applications. We do not collect or use personal information through your web applications for any purpose other than to provide the Service to which you have subscribed; this includes providing support and answering questions that you may have about the Service.

“Application Data” means data about the performance of your application, system data (such as version data, names of plug-ins, etc.) about the environment in which your application is operating, data about transactions in your application (“Transaction Data”), stack traces and extracts of source code for certain classes of errors, and other similar data related to your application.

Any Application Data we collect is used to notify you of vulnerabilities and attacks and to share application performance information with you. We may also aggregate Application Data across multiple accounts and use this data to create and publish industry benchmarks or comparative application performance metrics. By default, we obfuscate any Individual Transaction Data that we collect. You have the option of changing the configuration of our products so that individual Transaction Data is not obfuscated. You can also disable certain vulnerability rules and/ or the collection of certain types of Application Data collected through our Service. Information as to how to do so can be found here.  

You expressly consent to the sharing of your Application Data as described in this Statement.

Choices Regarding Your information

We offer you choices regarding the collection, use, and sharing of your information. We may, from time to time, send e-mails regarding scheduled maintenance, or that promote the purchase of our Products or Service, etc. You may “opt out” of further communications by following the unsubscribe instructions embedded in the email or by contacting privacy@contrastsecurity.com. Should you decide to opt-out of receiving future communications, we will advise third-parties with whom we may be associated related to the servicing of your account to ensure you do not receive further communications from them. Regardless of whether you “opt out” or not, we may, but are not obligated to, send you emails and/ or notices related to updates to our Privacy Statement or Terms of Service.

When we delete account information, it will be deleted from the active database, but may remain in our archives. We will otherwise retain your information for as long as your account is active or as needed to provide you with the Service to which you have subscribed. It will also be retained as is necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

We will not disclose, sell or otherwise transfer personal information without your prior consent except as otherwise set out herein or, if applicable, in your Agreement or Contract for Service with us.  

We may transfer or disclose personal information as follows:

  • In connection with our Website or the Service, we may transfer (or otherwise make available) personal information to third parties who provide services on our behalf but the information is limited to what they need to perform their designated functions, and they are not authorized to use or disclose personal information for their own marketing or other purposes. That condition is, and will continue to be, included in all Agreements that we have with any service provider or third party.
  • If Contrast is involved in a merger, sale or acquisition, we may transfer personal information in connection with the transaction. We will make every effort to notify you in advance of any such merger, sale or acquisition as well as any significant corporate reorganization or change in control.
  • Contrast may be required to provide personal information responsive to a subpoena or to an investigative body or Federal, state or other regulatory agency. Where a disclosure of your information is required under such circumstances, we will promptly notify you, whenever possible, prior to complying with such requirements (to the extent we are not prohibited from doing so). To this end, it is important that you maintain current information with us at all times.

Please note:

  • You do not have to register in order to browse our Website.  However, in order to subscribe to a Free Trial, you will need to provide a name, company email address and a phone number. We use this information to communicate with you and otherwise administer your use of our Service for the trial period.
  • Contrast does not collect any Personally Identifiable Information (“PII”) unless you provide it voluntarily. We do not collect any financial information online. All Orders are placed and managed directly with a Client Manager.  
  • Our Website includes a “Careers” link.  If you apply for a job with us, you may provide certain personal information about yourself (cover letter, resume, references, or other employment-related information).  We use this information for the purpose of processing and responding to your application for current and future career opportunities.
  • Our Website includes a “Contact Us” page. If you use this form, you may provide certain personal information about yourself (name, email, phone number, company name, the number of employees at your company, your industry, your job function and the state in which your company is located) plus the content of any message you choose to send. We use this information to contact you.
  • If you subscribe to our Blog notifications we collect your name, email address and company name. If you post comments on our blog, the information contained in your posting will be stored on our servers and other users will be able to see it. To request removal of your personal information from our blog or community forum, please contact us via privacy@contrastsecurity.com.
  • From time to time, Contrast may conduct surveys the results of which drive improved customer service and/ or products. If you choose to participate in one of our surveys, we may collect information such as your name, company email, company phone number, company name, etc.
  • If you contact us otherwise to ask a question, provide feedback, file a complaint, etc. you may be asked for information that identifies you (such as your name, company affiliation, email address and/ or a telephone number) along with additional information we may need to promptly and accurately respond.  We may retain this information to assist you in the future and to improve our customer service, service offerings, and our Website.
  • We also collect other types of Data such as operating system and version, information about your application and operating environment, and other requested information if you contact us via e-mail regarding support for the Service.
  • Contrast will never intentionally collect data from children 13 or younger. If a parent, guardian or other individual suspects that a child 13 or younger has provided data to Contrast, said individual should immediately report such information to privacy@contrastsecurity.com. Contrast will only retain the data for as long as it is necessary to delete the information using every reasonable measure to protect against its unauthorized access or use.

Testimonials

We may post client endorsements on our web site which may contain personal information. All client endorsements require the voluntary consent of the client to provide the endorsement and for us to publicly post it. Should you provide an endorsement and wish for it to be removed at a later date, please contact marketing@contrastsecurity.com.

Your California Privacy Rights

Pursuant to California Civil Code Section 1798.83, residents of the State of California have the right to request certain information relating to third parties to which the company has disclosed certain categories of personal information during the preceding year for the third parties’ direct marketing purposes. Alternatively, the law provides that a company that has a privacy policy that provides consumers choice regarding sharing personal information with third parties for those third parties’ direct marketing purposes, as Contrast does, may instead provide information on how to exercise that choice. If you would like to opt-out from this type of sharing with third parties, please email us at privacy@contrastsecurity.com with “Opt Out” as your subject line.

Contact

Please contact privacy@contrastsecurity.com with any questions or comments you may have or to file a complaint. We will use the same email address to update, and/ or correct any information that we may have on file for you.

You may also write to us at:

Contrast Security, Inc.
Attn: Privacy
291 Lambert Ave, 
Palo Alto, CA 94306



Digital Millennium Copyright Act

Contrast Security, Inc. (“Contrast”) respects the intellectual property rights of others and expects its users to do the same. In accordance with the Digital Millennium Copyright Act of 1998 (the “DMCA”), the text of which may be found on the U.S. Copyright Office website at http://www.copyright.gov/legislation/dmca.pdf, Contrast will promptly respond to claims of copyright infringement using our Service or Website. Such claims must be reported to Contrast’s Designated Copyright Agent identified below.

If you are a copyright owner, authorized to act on behalf of a copyright owner, or are authorized to act under any exclusive right under copyright, please report alleged copyright infringements by completing the DMCA Notice of Alleged Infringement and delivering it to Contrast’s Designated Copyright Agent. Upon receipt of Notice as described below, Contrast will take whatever action it deems appropriate, including removal of the challenged content from the Website.

DMCA Notice of Alleged Infringement (“Notice”)

  1. Identify the copyrighted work that you claim has been infringed or, if multiple copyrighted works are covered by this Notice, you may provide a representative list of the copyrighted works that you claim have been infringed.
  2. Identify the material or link you claim is infringing (or the subject of infringing activity) and to which access is to be disabled. If applicable, include the URL of the link shown on our Website or the exact location where such material may be found.
  3. Include both of the following statements in the body of the Notice
    • “I hereby state that I have a good faith belief that the disputed use of the copyrighted material is not authorized by the copyright owner, its agent, or the law (e.g., as a fair use).”
    • “I hereby state that the information in this Notice is accurate and, under penalty of perjury, that I am the owner, or authorized to act on behalf of, the owner, of the copyright or of an exclusive right under the copyright that is allegedly infringed.”
    • You are required to provide your full legal name and your electronic or physical signature. It is helpful, but not required, to also provide your company affiliation (if applicable), mailing address, telephone number, and email address.

Deliver your Notice to Contrast’s Designated Copyright Agent:

Contrast Security
Attn: Copyright Agent
291 Lambert Ave
Palo Alto, CA 94306