Castle Privacy Policy

Last Update: Feb 28th, 2016

Castle Intelligence, Inc. ("Castle", "we" or "us") helps online businesses (our "Clients") detect and address user account compromise and other malicious behavior on their digital properties. In doing so, we collect information about how Internet users ("Users") interact with our Clients’ digital properties such as their websites and mobile applications (their "Applications").

Introduction

This Policy tells you how we use and protect personal information collected through use of the "Services", defined as our website(s) and our products and services, including the Castle Service (as that term is defined in the Service Agreement).

This Policy covers only information that is collected through the Services and no other web sites, product or services that may be linked to or available via or from the Services or used in association therewith; nor does this Policy apply to practices of companies that we do not control or to people we do not employ or manage.

You expressly consent to our collection, storage, use and disclosure of your personal and non-personal information as described in this Policy and to all other terms herein.

It may be possible for you to browse our websites without telling us who you are or revealing any information that enables us to directly identify you as an individual. However, you may lose anonymity once you give us personal information about you, and by doing so, you agree to the transfer and storage of that information to our servers and to the terms of this Policy. Our Services use cookies, and therefore use of the Services by you constitutes your acceptance of our use of cookies in accordance with this Policy.

Automatically Collected Information: Our Clients place JavaScript code onto their Applications that enables the Service to collect information from their Users automatically. Our Clients have control over the JavaScript tag and may remove or disable it at any time. The information collected automatically via the Service includes information about their Users’ computers and other devices, such as: the types and number fonts installed, the types and number of fonts, the types and number of plugins installed, MIME types supported, version strings for Windows Media Player, Flash, PDF, VLC, SVG, Real Player, Shockwave, Silverlight, Java and QuickTime. The Service also automatically collects information about the device’s screen width, height and color depth, the operating system in place on the device, the user agent, the local time zone, and DST time zone.

How we collect and use information

We collect the following types of information:

Information about Clients

Name and identity, email address, physical and virtual and physical contact information (including for example your business address), professional information, log-in data, and financial information, including credit card and/or bank account numbers.

  • Name and identity, email address, physical and virtual and physical contact information (including for example your business address), professional information, log-in data, and financial information, including credit card and/or bank account numbers.
  • Information responsive to surveys or applications for employment, disclosed in resumes, or requested in order to provide brochures or information about our business, employment, products or services.
  • Transactional information based on your activities with or on the Services.
  • Shipping, ordering, billing and other similar information you provide to purchase or ship an item or service.
  • Community discussions, chats, dispute resolution, and correspondence sent to us.
  • Computer sign-on data, statistics on page views and traffic to and from the Site.
  • Other technical information or data collected from traffic, including IP address and standard web log informaton.
  • Supplemental or additional information we may request from you in the event previous information you've provided cannot be verified.
  • Information that you voluntarily provide to us, information that we collect as per the Service Agreement, and information set forth in the Order Form (as that term is defined in the Service Agreement).

User Data

Castle may have access to personally identifiable information about the Users ("User Data") in the course of providing its Services to a Client.

We consider User Data to be confidential and do not use such data for any purpose other than to provide the Services to our Clients.

Our Clients place JavaScript code onto their Applications that enables the Service to collect information from their Users automatically. Our Clients have control over the JavaScript tag and may remove or disable it at any time. The information collected automatically via the Service includes information about their Users’ computers and other devices, such as: the types and number fonts installed, the types and number of fonts, the types and number of plugins installed, MIME types supported, version strings for Windows Media Player, Flash, PDF, VLC, SVG, Real Player, Shockwave, Silverlight, Java and QuickTime. The Service also automatically collects information about the device’s screen width, height and color depth, the operating system in place on the device, the user agent, the local time zone, and DST time zone.

In many instances, Castle receives User Data only from the Client and never interacts with the User directly. In some instances, depending on the level of Services selected by the Client, the Clients may allow Users to interact with Castle directly. Castle has access to User Data only as requested by the Client and only for the purposes of performing Services on the Client’s behalf.

If a User contacts Castle with a question about our Service, we will collect personal information from that User only as necessary to respond to the User’s request and direct the User to contact the User’s Client, and we will then delete or anonymize the personal data of the User after providing our response.

How we use your data

Castle collects and stores the raw data pertaining to Users, including any individual identifiers and personally identifiable information (the "Raw Data"). We then use our proprietary analytics algorithms to analyze and process the Raw Data. Based on this analysis, we provide our Clients with an assessment of the relative risk that a particular User sign-on or other User activity may be unauthorized or fraudulent ("Risk Assessment"). Pursuant to providing the Service, we combine and analyze data related to a User from multiple sources, including the data obtained across all or most of our Clients in order to compute a more comprehensive Risk Assessment.

Except as provided in this Privacy Policy, we do not sell or disclose to third parties any of the Raw Data, or claim ownership of the Raw Data. We may allow our agents and contractors to assist us in storing, analyzing or processing information and ensure that their privacy and security practices are at least as stringent as ours.

We use Raw Data for our internal business purposes in operating, developing, enhancing, maintaining, supporting, and providing the Service and our other products and services, including to other Clients.

How we store and protect your information

Any information collected through the Services is stored and processed in the United States. If you use our Services outside of the United States, you consent to have your data transferred to the United States.

Castle maintains strict administrative, technical and physical procedures to protect information stored in our servers, which are located in the United States. Access to information is limited (through username and password credentials, and multi-factor authentication) to those employees who require it to perform their job functions. We use industry-standard Secure Socket Layer (SSL) encryption technology to safeguard the account registration process and sign-up information. Other security safeguards include but are not limited to data encryption, firewalls, and physical access controls to building and files.

To discuss the security programs, procedures and policies that we have selected and utilize to reasonably secure the Services, please contact security@castle.io. We will be happy to discuss our security program with you.

Our Use of Information

We may combine your information with information we collect from other sources to improve or promote the Services. We do not sell or rent your personal information to non-affiliated third parties for their marketing purposes without your prior consent. You agree that we may use your personal information as specified in the Service Agreement, and to:

  • Fulfill the purposes disclosed when you provided your information to us.
  • Provide, deliver, and collect payment for the services, products, and customer support you request.
  • Resolve disputes, collect fees, and troubleshoot problems.
  • Prevent potentially prohibited or illegal activities, and enforce our Services-related agreements.
  • Customize, measure, and improve our Services and their functionality, content and layout.
  • Provide you with personalized content or recommendations.
  • Tell you about targeted marketing, service updates, and promotional offers based on your communication preferences.
  • Compare information for accuracy, and verify it with third parties.

Sharing Information

We may also share your personal information with:

  • Members of our corporate family to help detect and prevent potentially illegal acts and provide joint services to requesting users.
  • Service providers, consultants or similar contractors to support or enhance the Services or our business operations, or to whom we contract in order to carry out transactions initiated by you, such as credit card processing organizations or hosting service providers.
  • Other third parties to whom you explicitly ask us to send your information (or about whom you are otherwise explicitly notified and solicited consent when using a specific service).
  • Law enforcement or other governmental officials, in response to a verified request relating to a criminal investigation or alleged illegal activity.
  • Persons as we in our sole discretion believe necessary or appropriate in connection with an investigation of fraud, intellectual property infringement, piracy, or other unlawful activity.
  • Other business entities, should we plan to merge with, receive financing from, or be acquired by that business entity.

Your Use of the Site

Your user ID may necessarily be displayed throughout the Services and to the public. All of your activities as such will be traceable to your user ID. Please understand that if you link your name with your user ID, others will be able to personally identify your activities.

Web Site Features (including cookies)

The Site may utilize "cookies", which are small text files placed on your computer or device. They are commonly used to make websites work, or to work more efficiently. We use cookies to help the site function, analyze our web page flow, customize our services, gather analytic and other data, measure promotional effectiveness, and promote trust, security and safety. The Site and certain features are only available through the use of cookies, and generally we need to use cookies to help identify you and maintain your signed-in status.

You may also encounter cookies from third parties. Third party cookies are cookies that are served by third parties other than us.

You are always free to choose whether to accept or reject website cookies, although doing so may interfere with, terminate and/or restrict your use of the Services. If you wish to reject cookies, you can do so by changing the settings of your web browser, and instructions about how to do this can normally be found in the "help" menu of your web browser.

In addition, the Services may incorporate pixel tags, web beacons or other web site usage measurement technologies. Such devices are used to collect other information, such as the identity of the applicable internet service provider, the user's IP address of his or her personal terminal device, the type of browser software and operating system in use, the date and time of site access, the website address, if any, from which the user linked to the Services, and other similar traffic-related information. Such information is used for the purposes described above. We may also aggregate such information with similar data collected from other users or disclose such aggregate information to third parties. However, we do not use such data in any way to create or maintain personal information from you.

We do not engage in the collection of personally identifiable information from users across third party sites or applications, except for log-in information that each user provides in order to access the user's other applications, sites or services via the Castle Service. We do not knowingly enable other parties to collect personally identifiable information about our users' activities over time and across different sites or services.

Password

Your password to access our Services, if any, deserves careful thought and protection. Use unique numbers, letters, and special characters and do not disclose your password to anyone. If you do share your password or your personal information with others, remember that you are responsible for all actions taken in the name of your account. If you lose control of your password, you may lose substantial control over your personal information and may be subject to legally binding actions taken on your behalf. If your password has been compromised for any reason, you should immediately access your profile on the Site to change your password and notify us immediately at privacy@castle.io.

Your rights

You can see, review and change most of your personal information by logging into our websites. You must promptly update your personal information if it changes or is inaccurate. We retain personal information from closed accounts in order to comply with law, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, enforce our Services-related agreements, and take other actions otherwise permitted by law or as specified elsewhere in this Policy.

If at any time you choose to opt out from allowing us to use your personal information in the future to provide you with special offers or information regarding new products or services, check the "opt-out" box, either at the time you provide your personal information or via any subsequent marketing communication that we send you.

Applicability

Except as otherwise expressly included in this Policy, this document addresses only the use and disclosure of information we collect from you.

Children

The Services are not directed to those under 13 years of age, and we do not knowingly collect personal information from children. If you are younger than thirteen, please do not provide any personal information to us. If a person 13 years of age or younger has provided personal information to us, a parent or guardian of such person should contact us at privacy@castle.io so that we can remove such personal information from our database. We reserve the right to limit participation in particular programs, offers or promotions to those over 18 years of age.

Changes to our Privacy Policy

Castle may modify or update this Privacy Policy from time to time so you should review this page periodically. Click here to see all changes to this Privacy Policy. If we change the policy in a material manner, for example if we seek to use personal information in a materially different way than we had previously, we will provide at least 30 days notice to the Clients so that you have sufficient time to evaluate the change in practice. Of course, you can always opt-out by deleting your account before the changes take effect.