Privacy Notice

This privacy notice is effective starting February 6, 2019.

Cylance is committed to protecting the privacy of all individuals who entrust their personal data with us. As a company dedicated to protecting data, our collection and use of personal data is guided by our mission to prevent malware attacks and protect our customers' data.

This privacy notice applies to the personal data collected, processed, or stored by Cylance, and its subsidiaries (“Cylance”, “we”, “our” or “us”), when you visit our websites, register to attend an event, download and install any of our products, including consumer versions of our products, use any application we provide to you, or utilize any of our services.

If you are a resident in the European Economic Area, Cylance Inc. is the data controller of your personal data, except where our products and services have been deployed within an organization, such as your workplace or business.

If you have any questions regarding this notice, see the Contact Us section later in this statement.

Why We Collect and Use Your Data

Cylance will only collect, use, or store your personal data when we have a fair and lawful purpose for such processing. We rely on several legal basis for the purposes described in this privacy notice, including:

• as necessary to provide a service requested by you, such as when you request a whitepaper or register to attend a webinar
• as necessary to fulfill or perform a contract we enter with you, or an organization you work for, such as when our products and services process information about the computer they are installed upon
• where you have given your consent, which you may revoke at any time, to process your personal data for a specific purpose, such as subscribing to receive an email from us about our company’s products and services
• when we have a legal obligation, or the processing is in the public interest or in furtherance of a vital interest
• the processing is necessary to further our legitimate interests, which may include the improvement of our products or services, securing our systems and to protect against fraud

We collect information from you for the following purposes:

Service Delivery and Product Improvement
• Enable the trial, purchase and delivery of our products and services
• Improve the performance and optimize the utilization of our products and services
• Provide customer support, and respond to requests, questions and comments

Marketing, Events and Promotions
• Deliver information about our products, services and promotions, including advertising
• Register you for webinars, events and conferences
• Improve the operation of our websites and effectiveness of marketing campaigns
• Administer contests, promotions, surveys and focus groups

Improve Internal Operations
• Analyze your use of our products and services to drive improvements
• Manage our sales and marketing activities, and measure corporate performance

Fraud Prevention, Security and Compliance
• Protect the security and integrity of our products, services and data
• Prevent fraudulent transactions, protect our intellectual property and other assets
• Meet our corporate reporting, compliance and fiduciary obligations

For more information about the legal bases we use to lawfully process personal data, see our Privacy Notice Frequently Asked Questions.

What We Collect and How We Use Your Data

When Visiting Our Websites

We automatically collect and aggregate information related to your use of our websites. We use technologies, such as cookies, to enable functionality, measure performance, and provide relevant information when you visit or return to our sites. This information helps our websites work correctly, provide information about our products and services, and supports our efforts to understand our customers’ interests.

We collect the following types of information from you when you visit our websites:

• Device and Browser Information: We collect information about the device and browser you use when visiting our websites, including information such as the Internet Protocol (IP) address of the device, your preferred language, the type of device you use, the device operating system and browser type.
• GeoLocation: We derive the approximate geographic location, such as country, based upon the IP address of the device used when visiting our website to analyze traffic and improve our site. 
• Browsing Activity: We collect information about how you browse our website, including the address of referring websites, the pages you visit, and the path you take through our websites.
• Cookie and Related Technologies: We use technologies, such as cookies and related technologies, to collect information about the use of our websites to determine the effectiveness of content or the email messages you’ve subscribed to.
• Social Media Features: Our websites allow you to share information on your social media platform of choice, such as Facebook, Google+, Twitter, and LinkedIn. These features are usually recognizable by their third-party logo and may collect your IP address, the page you are visiting on our site, and set a cookie to enable the feature to work properly when you use this functionality.

For more information on how to manage cookies on your devices, including how to opt-out of cookies, see Managing Your Tracking Technology Preferences.

When Requesting Information or Registering for An Event

You may sign up to receive information about our company, our products and services, cybersecurity news and information, access our partner portal and register to attend an event on our websites. Based on your consent, we may send you electronic communications to keep you informed of changes to our products and services.

Your personal data will be accessed by authorized Cylance personnel to deliver the requested information and market to you in compliance with this privacy notice. We may also provide your personal data to trusted third-party providers to help us deliver the information you requested, support event activities, or provide updates about Cylance products and services. Third-party providers are not permitted to use your information for any other purposes.

Data collected when requesting information from us
The personal data we collect to deliver the information you requested, or register you for an event, may include your name, title, company name, email address, country, phone number and recent web activity.

You can update your information, review your communication preferences, or stop receiving further communications from us by following the instructions contained within each communication we send you.

When Using Our Products and Services

Our products analyze software and activity on a computer to determine if malware is present, provide information about the security of the computer and respond to potential security threats. You may configure the software to upload potentially malicious computer code to our servers for further analysis. The software collects limited personal data to perform these functions. The uploaded potentially malicious computer code is de-identified and maintained separately from information that may identify an individual. Some personal data may be transferred to Cylance to enable us to provide support and billing.

When providing professional services to our clients, Cylance may collect personal data from our clients, users of our clients' networks and systems, and individuals that connect to our clients' networks and systems. The collection and use of this personal data are limited to providing the professional service to the client. Authorized Cylance personnel will access personal data and we may transfer personal data to trusted third-party providers to help us provide professional services to our clients.

Data collected by our products and services
As part of using our products and services we collect information that is necessary to perform an analysis of potentially malicious software or activity detected by our products, manage licenses, and communicate with customers. Your personal data is stored on Cylance’s cloud-based infrastructure.

Analysis of potentially malicious software and activity
When the product is configured by the user or customer, potentially malicious executable files and forensically relevant computer activity data may be collected for analysis. Data contained within the potentially malicious executable files is non-personal, and any attribution data is deleted or anonymized prior to analysis.

To find out more about the personal data collected by our products and services, see the Privacy Notice Frequently Asked Questions.

When Purchasing Consumer Products from Us

When purchasing consumer products from us and related offerings, we use PCI/DSS-compliant services provided by trusted third-parties to process payments for your subscription. Cylance does not store or have access to your payment card information.

Our payment card providers
We use the PCI/DSS-compliant payment services of Bright Market, LLC d/b/a FastSpring, and Digital River, which are based in the United States, to process your subscriptions to our consumer products.

Information from Third-Parties

As part of our marketing activities, we may receive additional information about you from third-party service providers to supplement the information you provided directly to us, so we can provide more relevant information about our company, products and services to you. The information we receive is public information related to the organization or business you work for, such the size of your company, industry, and business mailing address.

Who We Share Your Data With

We do not sell, lease, or trade the personal data we collect from you. We may transfer your personal data to other Cylance entities located in the United States and worldwide for the purposes outlined in this privacy notice. We may provide access or transfer your personal data to authorized Cylance personnel, business partners and trusted third-party providers, including those who help us market, provide support, maintain or service our products and services.

The personal data shared with Cylance entities may include: name, e-mail address and telephone number, company, title, work address, your recent interactions with our business applications, and event attendance.

Cylance requires our partners and third-party providers to take commercially reasonable steps to safeguard your personal data, comply with applicable laws and regulations, and not using your personal data for other purposes unless you have provided consent.

We may disclose your personal data to government agencies and law enforcement officials when we believe it is necessary to respond to subpoenas, court orders, other legal process or as required by law and to prevent or take action regarding illegal activities, suspected fraud or software piracy, and situations involving potential threats to the physical safety of any person, or in cases where we believe our intellectual property rights may be violated.

We may also provide access to, assign, or disclose your personal data, in connection with a corporate transaction, such as a merger, acquisition, or purchase all or a portion of our company assets.

How We Protect Your Data

We are committed to ensuring that your personal data is secure. We take commercially reasonable measures, including physical, administrative and technical safeguards, to protect your personal data from unauthorized access, use, alteration, destruction and disclosure.

To find out more about our security practices, see our Privacy Notice Frequently Asked Questions.

How Long We Store Your Data

We retain your personal data for the period necessary to fulfill the purposes for which it was collected, or for a reasonable period thereafter to comply with our legal obligations, and contractual and business operations requirements. With relation to personal data collected by our products and services, we retain information during the term of the agreement, based upon instructions provided by our customers, or for shorter periods of time as described in the applicable product or service documentation. Non-personal data, such as samples of potentially malicious software or anonymized data, may be retained indefinitely for the purpose of improving the performance of our products and services.

Our Use of Cookies and Other Tracking Technologies

How We Use Cookies and Other Tracking Technologies

We use cookies, web beacons, pixel tags and other tracking technologies on our websites or emails to, to:

• present information to you based on your expressed preference, such as desired language
• collect statistics regarding your website usage, such as time spent, pages viewed, and actions taken on our websites
• allow us to measure and improve the effectiveness of our marketing activities
• provide you with messages that is more relevant to your interests, demographics or industry
• in some cases, to deliver advertising about our products and services to you when you visit websites owned by other third-parties

Please bear in mind that disabling cookies may reduce the functionality of our website.

For more information on cookies and other tracking technologies, see our Privacy Notice Frequently Asked Questions.

Use of Analytics Services

Cylance uses services from trusted third-parties to collect and analyze data from users about their use of our websites, products and services. We use this information to improve the quality and functionality of the services we provide, and to develop features that serve you and other users.

The types of information that we collect include the date and time a user accesses our website, products or services, the IP address the request came from, the features they use, and their frequency of use.

For more information on our use of Analytic Services, see our Privacy Notice Frequently Asked Questions.

Use of Third-Party Cookies

Cylance and its partners, including ad networks, use cookies and other tracking technologies to manage our advertising delivered on other sites. We may display targeted advertisements to you while you are visiting our website, and other websites, based on information we obtain from you, or from third-parties.

Managing Your Tracking Technologies Preferences

You can manage how your device handles cookies by adjusting its privacy and security settings, but it may limit your use of certain features on our website.

If you do not want to have this information used to serve targeted advertising, you may opt-out by visiting:

• http://preferences-mgr.truste.com/
• http://www.networkadvertising.org/managing/opt_out.asp
• http://www.youronlinechoices.eu/ (European Union visitors)

Please note that although you may opt out of targeted advertising, you will continue to see advertisements, however, these advertisements may not be as relevant to you as targeted advertisements.

For more information on ways to manage your tracking technology preferences, see our Privacy Notice Frequently Asked Questions.

Do Not Track

Currently, we do not alter our data collection and use practices in response to Do Not Track (DNT) signals.

International Transfers of your Data

Cylance may transfer your personal data to the United States, to a subsidiary located outside of the United States, or to a third-party or business partner located outside of the United States to operate our business and fulfill the purposes described in this notice. In situations where you are located outside the United States and choose to provide information to us, we may transfer your personal data to the United States and process it there. By using our websites or providing any personal data to us, where applicable law permits, you consent to the transfer, processing, and storage of such information outside of your country of residence where data protection standards may be different.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

Cylance has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List.

Cylance is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third-party acting as an agent on its behalf. Cylance complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Cylance is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Cylance may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the Privacy Shield Principles, Cylance commits to resolve complaints about our collection or use of your personal data. European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Cylance at privacy@cylance.com.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (https://feedback-form.truste.com/watchdog/request) (free of charge).

Under certain conditions, it may be possible for you to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information, see the Privacy Shield Website.

Children’s Privacy

We do not knowingly collect any information from anyone under 13 years of age. If you become aware that your child has provided us with personal data, please contact us.

If we become aware that a child under 13 has provided us with personal data, we will remove such information from our active systems and will terminate the child’s account.

Your California Privacy Rights

If you are a California resident, California Civil Code Section 1798.83 permits you to request and obtain from us once a year, free of charge, information regarding the disclosure of your personal information by the Cylance to third-parties for the third-parties’ direct marketing purposes. To make such a request, please contact us by submitting our request form.

Your Rights and Contacting Us

To the extent allowed by applicable law, you have the right to request details of the personal data we have about you, update inaccurate information, request your personal data be deleted, right to restrict processing of your personal data, right to data portability, and object to the collection or use of personal data we process based on our legitimate interests as a company. In some cases, you may be directed to make your request to the organization who licensed our software or services. If you wish to exercise these rights, please contact us by submitting our request form.

For more information about your right of choice on how to control your personal information, see our Privacy Notice Frequently Asked Questions.

If you live in the European Economic Area and are dissatisfied with our use of your personal data, you have the right to lodge a complaint with your local supervisory authority. You may find contact details on ec.europa.eu.

Contact Us

We value your feedback. If there are any questions regarding this notice, or our collection and use of your data, you may submit our request form, contact us by email, or write to us at:

Each time you use Cylance website, products or services, the current version of this notice will apply. We reserve the right to change this notice at any time to reflect changes in the law, the Cylance products and services we provide, our business and technology, and our data collection and use practices.

If we make any material changes, we will notify you using your email address on record or by placing a notice on the site prior to the change becoming effective.

Your continued use of the Cylance products, services or website following the posting of changes to this notice will be deemed your acceptance those changes.