This privacy notice is effective starting May 23, 2018.
Cylance is committed to protecting the privacy of all individuals who entrust their personal data with us. As a company dedicated to protecting data, our collection and use of personal data is guided by our mission to prevent malware attacks and protect our customers' data.
This privacy notice applies to the personal data collected, processed, or stored by Cylance when you visit our websites, attend our events, download and install any of our products, including consumer versions of our products, use any application we provide to you, or utilize any of our services.
If you are a resident in the European Economic Area, Cylance Inc. is the data controller of your personal data, except where our products and services have been deployed within an organization, such as your workplace or business.
If you have any questions regarding this notice, see the Contact Us section later in this statement.
Cylance will only collect, use, or store your personal data when we have a fair and lawful purpose for such processing. We rely on several legal basis for the purposes described in this privacy notice, including:
We collect information from you for the following purposes:
For more information about the legal bases we use to lawfully process personal data, see our Privacy Notice Frequently Asked Questions.
We automatically collect and aggregate information related to your use of our websites. We use technologies, such as cookies, to enable functionality, measure performance, and provide relevant information when you visit or return to our sites. This information helps our websites work correctly, provide information about our products and services, and supports our efforts to understand our customers’ interests.
We collect the following types of information from you when you visit our websites:
For more information on how to manage cookies on your devices, including how to opt-out of cookies, see Managing Your Tracking Technology Preferences.
You may sign up to receive information about our company, our products and services, cybersecurity news and information, access our partner portal and register to attend an event on our websites. Based on your consent, we may send you electronic communications to keep you informed of changes to our products and services.
Your personal data will be accessed by authorized Cylance personnel to deliver the requested information and market to you in compliance with this privacy notice. We may also provide your personal data to trusted third-party providers to help us deliver the information you requested, support event activities, or provide updates about Cylance products and services. Third-party providers are not permitted to use your information for any other purposes.
Data collected when requesting information from us
The personal data we collect to deliver the information you requested, or register you for an event, may include your name, title, company name, email address, country, phone number and recent web activity.
You can update your information, review your communication preferences, or stop receiving further communications from us by following the instructions contained within each communication we send you.
Our products analyze software and activity on a computer to determine if malware is present, provide information about the security of the computer and respond to potential security threats. You may configure the software to upload potentially malicious computer code to our servers for further analysis. The software collects limited personal data to perform these functions. The uploaded potentially malicious computer code is de-identified and maintained separately from information that may identify an individual. Some personal data may be transferred to Cylance to enable us to provide support and billing.
When providing professional services to our clients, Cylance may collect personal data from our clients, users of our clients' networks and systems, and individuals that connect to our clients' networks and systems. The collection and use of this personal data is limited to providing the professional service to the client. Authorized Cylance personnel will access personal data and we may transfer personal data to trusted third-party providers to help us provide professional services to our clients.
Data collected by our products and services
As part of using our products and services we collect information that is necessary to perform an analysis of potentially malicious software or activity detected by our products, manage licenses, and communicate with customers. Your personal data is stored on Cylance’s cloud-based infrastructure.
Analysis of potentially malicious software and activity
When the product is configured by the user or customer, potentially malicious executable files and forensically relevant computer activity data may be collected for analysis. Data contained within the potentially malicious executable files is non-personal, and any attribution data is deleted or anonymized prior to analysis.
To find out more about the personal data collected by our products and services, see the Privacy Notice Frequently Asked Questions.
When purchasing consumer products from us and related offerings, we use PCI/DSS-compliant services provided by trusted third-parties to process payments for your subscription. Cylance does not store or have access to your payment card information.
Our payment card providers
We use the PCI/DSS-compliant payment services of Bright Market, LLC d/b/a FastSpring, and Digital River, which are based in the United States, to process your subscriptions to our consumer products.
As part of our marketing activities, we may receive additional information about you from third-party service providers to supplement the information you provided directly to us, so we can provide more relevant information about our company, products and services to you. The information we receive is public information related to the organization or business you work for, such the size of your company, industry, and business mailing address.
We do not sell, lease, or trade the personal data we collect from you. We may provide access or transfer your personal data to authorized Cylance personnel, business partners and trusted third-party providers, including those who help us market, provide support, maintain or service our products and services.
Cylance requires our partners and third-party providers to take commercially reasonable steps to safeguard your personal data and not use your personal data for other purposes unless you have provided your consent.
We may disclose your personal data to government agencies and law enforcement officials when we believe it is necessary to respond to subpoenas, court orders, other legal process or as required by law and to prevent or take action regarding illegal activities, suspected fraud or software piracy, and situations involving potential threats to the physical safety of any person, or in cases where we believe our intellectual property rights may be violated.
We may also provide access to, assign, or disclose your personal data, in connection with a corporate transaction, such as a merger, acquisition, or purchase all or a portion of our company assets.
We are committed to ensuring that your personal data is secure. We take commercially reasonable measures, including physical, administrative and technical safeguards, to protect your personal data from unauthorized access, use, alteration, destruction and disclosure.
To find out more about our security practices, see our Privacy Notice Frequently Asked Questions.
We retain your personal data for the period necessary to fulfill the purposes for which it was collected, or for a reasonable period thereafter to comply with our legal obligations, and contractual and business operations requirements. With relation to personal data collected by our products and services, we retain information during the term of the agreement, based upon instructions provided by our customers, or for shorter periods of time as described in the applicable product or service documentation. Non-personal data, such as samples of potentially malicious software or anonymized data, may be retained indefinitely for the purpose of improving the performance of our products and services.
Please bear in mind that disabling cookies may reduce the functionality of our website.
For more information on cookies and other tracking technologies, see our Privacy Notice Frequently Asked Questions.
Cylance uses services from trusted third-parties to collect and analyze data from users about their use of our websites, products and services. We use this information to improve the quality and functionality of the services we provide, and to develop features that serve you and other users.
The types of information that we collect include the date and time a user accesses our website, products or services, the IP address the request came from, the features they use, and their frequency of use.
For more information on our use of Analytic Services, see our Privacy Notice Frequently Asked Questions.
You can manage how your device handles cookies by adjusting its privacy and security settings, but it may limit your use of certain features on our website.
If you do not want to have this information used to serve targeted advertising, you may opt-out by visiting:
Please note that although you may opt out of targeted advertising, you will continue to see advertisements, however, these advertisements may not be as relevant to you as targeted advertisements.
For more information on ways to manage your tracking technology preferences, see our Privacy Notice Frequently Asked Questions.
Currently, we do not alter our data collection and use practices in response to Do Not Track (DNT) signals.
Your personal data is stored on Cylance’s servers and on the servers of our cloud-based service providers, which are primarily located within the United States. In situations where you are located outside the United States and choose to provide information to us, we may transfer your personal data to the United States and process it there.
Cylance has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List.
Cylance is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third-party acting as an agent on its behalf. Cylance complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Cylance is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Cylance may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, Cylance commits to resolve complaints about our collection or use of your personal data. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us by using our “Contacting Us” information provided below.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge).
Under certain conditions, it may be possible for you to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information, see the Privacy Shield Website.
We do not knowingly collect any information from anyone under 13 years of age. If you become aware that your child has provided us with personal data, please contact us.
If we become aware that a child under 13 has provided us with personal data, we will remove such information from our active systems and will terminate the child’s account.
If you are a California resident, California Civil Code Section 1798.83 permits you to request and obtain from us once a year, free of charge, information regarding the disclosure of your personal information by the Cylance to third-parties for the third-parties’ direct marketing purposes. To make such a request, please contact us at email@example.com.
You have the right to request details of the personal data we have about you, update inaccurate information, request your personal data be deleted, right to restrict processing of your personal data, right to data portability, and object to the collection or use of personal data we process based on our legitimate interests as a company. In some cases, you may be directed to make your request to the organization who licensed our software or services. If you wish to exercise these rights, please contact firstname.lastname@example.org.
If you live in the European Economic Area and are dissatisfied with our use of your personal data, you have the right to lodge a complaint with your local supervisory authority. You may find contact details on ec.europa.eu.
We value your feedback. If there are any questions regarding this notice, or our collection and use of your data, you may contact us by email, or write to us at:
Attn: Chief Privacy Officer
400 Spectrum Center Drive
Irvine, CA 92618
European Economic Area
Cylance Ireland Limited
Attn: Data Protection Officer
89/90 South Mall
Cork City, Ireland
Each time you use Cylance website, products or services, the current version of this notice will apply. We reserve the right to change this notice at any time to reflect changes in the law, the Cylance products and services we provide, our business and technology, and our data collection and use practices.
If we make any material changes, we will notify you using your email address on record or by placing a notice on the site prior to the change becoming effective.
Your continued use of the Cylance products, services or website following the posting of changes to this notice will be deemed your acceptance those changes.