Last Update: Feb 28th, 2016
Castle Intelligence, Inc. ("Castle", "we" or "us") helps online businesses (our "Clients") detect and address user account compromise and other malicious behavior on their digital properties. In doing so, we collect information about how Internet users ("Users") interact with our Clients’ digital properties such as their websites and mobile applications (their "Applications").
This Policy tells you how we use and protect personal information collected through use of the "Services", defined as our website(s) and our products and services, including the Castle Service (as that term is defined in the Service Agreement).
This Policy covers only information that is collected through the Services and no other web sites, product or services that may be linked to or available via or from the Services or used in association therewith; nor does this Policy apply to practices of companies that we do not control or to people we do not employ or manage.
You expressly consent to our collection, storage, use and disclosure of your personal and non-personal information as described in this Policy and to all other terms herein.
We collect the following types of information:
Name and identity, email address, physical and virtual and physical contact information (including for example your business address), professional information, log-in data, and financial information, including credit card and/or bank account numbers.
Castle may have access to personally identifiable information about the Users ("User Data") in the course of providing its Services to a Client.
We consider User Data to be confidential and do not use such data for any purpose other than to provide the Services to our Clients.
In many instances, Castle receives User Data only from the Client and never interacts with the User directly. In some instances, depending on the level of Services selected by the Client, the Clients may allow Users to interact with Castle directly. Castle has access to User Data only as requested by the Client and only for the purposes of performing Services on the Client’s behalf.
If a User contacts Castle with a question about our Service, we will collect personal information from that User only as necessary to respond to the User’s request and direct the User to contact the User’s Client, and we will then delete or anonymize the personal data of the User after providing our response.
Castle collects and stores the raw data pertaining to Users, including any individual identifiers and personally identifiable information (the "Raw Data"). We then use our proprietary analytics algorithms to analyze and process the Raw Data. Based on this analysis, we provide our Clients with an assessment of the relative risk that a particular User sign-on or other User activity may be unauthorized or fraudulent ("Risk Assessment"). Pursuant to providing the Service, we combine and analyze data related to a User from multiple sources, including the data obtained across all or most of our Clients in order to compute a more comprehensive Risk Assessment.
We use Raw Data for our internal business purposes in operating, developing, enhancing, maintaining, supporting, and providing the Service and our other products and services, including to other Clients.
Any information collected through the Services is stored and processed in the United States. If you use our Services outside of the United States, you consent to have your data transferred to the United States.
Castle maintains strict administrative, technical and physical procedures to protect information stored in our servers, which are located in the United States. Access to information is limited (through username and password credentials, and multi-factor authentication) to those employees who require it to perform their job functions. We use industry-standard Secure Socket Layer (SSL) encryption technology to safeguard the account registration process and sign-up information. Other security safeguards include but are not limited to data encryption, firewalls, and physical access controls to building and files.
To discuss the security programs, procedures and policies that we have selected and utilize to reasonably secure the Services, please contact firstname.lastname@example.org. We will be happy to discuss our security program with you.
We may combine your information with information we collect from other sources to improve or promote the Services. We do not sell or rent your personal information to non-affiliated third parties for their marketing purposes without your prior consent. You agree that we may use your personal information as specified in the Service Agreement, and to:
We may also share your personal information with:
Your user ID may necessarily be displayed throughout the Services and to the public. All of your activities as such will be traceable to your user ID. Please understand that if you link your name with your user ID, others will be able to personally identify your activities.
You may also encounter cookies from third parties. Third party cookies are cookies that are served by third parties other than us.
You are always free to choose whether to accept or reject website cookies, although doing so may interfere with, terminate and/or restrict your use of the Services. If you wish to reject cookies, you can do so by changing the settings of your web browser, and instructions about how to do this can normally be found in the "help" menu of your web browser.
In addition, the Services may incorporate pixel tags, web beacons or other web site usage measurement technologies. Such devices are used to collect other information, such as the identity of the applicable internet service provider, the user's IP address of his or her personal terminal device, the type of browser software and operating system in use, the date and time of site access, the website address, if any, from which the user linked to the Services, and other similar traffic-related information. Such information is used for the purposes described above. We may also aggregate such information with similar data collected from other users or disclose such aggregate information to third parties. However, we do not use such data in any way to create or maintain personal information from you.
We do not engage in the collection of personally identifiable information from users across third party sites or applications, except for log-in information that each user provides in order to access the user's other applications, sites or services via the Castle Service. We do not knowingly enable other parties to collect personally identifiable information about our users' activities over time and across different sites or services.
Your password to access our Services, if any, deserves careful thought and protection. Use unique numbers, letters, and special characters and do not disclose your password to anyone. If you do share your password or your personal information with others, remember that you are responsible for all actions taken in the name of your account. If you lose control of your password, you may lose substantial control over your personal information and may be subject to legally binding actions taken on your behalf. If your password has been compromised for any reason, you should immediately access your profile on the Site to change your password and notify us immediately at email@example.com.
You can see, review and change most of your personal information by logging into our websites. You must promptly update your personal information if it changes or is inaccurate. We retain personal information from closed accounts in order to comply with law, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, enforce our Services-related agreements, and take other actions otherwise permitted by law or as specified elsewhere in this Policy.
If at any time you choose to opt out from allowing us to use your personal information in the future to provide you with special offers or information regarding new products or services, check the "opt-out" box, either at the time you provide your personal information or via any subsequent marketing communication that we send you.
Except as otherwise expressly included in this Policy, this document addresses only the use and disclosure of information we collect from you.
The Services are not directed to those under 13 years of age, and we do not knowingly collect personal information from children. If you are younger than thirteen, please do not provide any personal information to us. If a person 13 years of age or younger has provided personal information to us, a parent or guardian of such person should contact us at firstname.lastname@example.org so that we can remove such personal information from our database. We reserve the right to limit participation in particular programs, offers or promotions to those over 18 years of age.