Castle Intelligence, Inc. [and our affiliates and subsidiaries] (“Castle”, “we” or “us”) helps online businesses (our “Clients”) detect and address user account compromise and other malicious behavior in web, mobile and API applications (“Applications”). To do so, we collect information about how Internet users (“Users”) interact with our Clients’ Applications.
This Policy is incorporated by reference into the Castle Terms of Service (the “Terms”). All terms not defined in this Policy will have the meanings set forth in the Terms.
This Policy tells you how we use and protect personal information collected through use of the “Services”, defined as our website(s) and our products and services, including the Castle Service (as that term is defined in the Service Agreement).
This Policy covers only information that is collected by us in the course of our business, including through the Services and with respect to the people we employ and manage. It does not apply to other web sites, products or services that may be linked to or available via or from the Services or used in association therewith; nor does this Policy apply to practices of companies that we do not control or to people we do not employ or manage. Except as otherwise expressly included in this Policy, this document addresses only the use and disclosure of information we collect from you.
All individuals whose responsibilities include the Processing of Personal Information on behalf of Castle are expected to protect that data by adherence to this Policy. This Policy is intended to meet requirements globally, including those in North America, Europe, APAC, and other jurisdictions.
You expressly consent to our collection, storage, use and disclosure of your personal and non-personal information as described in this Policy and to all other terms herein.
The types of Personal Information we may collect (directly from you or from Third-Party sources) and our privacy practices depend on the nature of the relationship you have with Castle and the requirements of applicable law. Some of the ways that Castle may collect Personal Information include:
We endeavor to collect only that information which is relevant for the purposes of Processing. Below are the ways we collect Personal Information and how we use it:
Castle collects Personal Information regarding its current, prospective, and former Employees, clients, customers, Users, visitors, and guests (collectively “Individuals”).
When you use the Services or engage in certain activities, such as registering for an Account with Castle, responding to surveys, requesting Services or information, or contacting us directly, we may ask you to provide some or all of the following types of information:
Automatic Data Collection. We may collect certain information automatically through our Services or other methods of web analysis, such as your Internet protocol (IP) address, cookie identifiers, mobile carrier, mobile advertising identifiers, MAC address, IMEI, Advertiser ID, Game Center ID, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type and language, geo-location information, hardware type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Services, and other actions taken through use of the Services such as preferences.
Information Submitted Via Services. You agree that Castle is free to use the content of any communications submitted by you via the Services, including any ideas, inventions, concepts, techniques, or know-how disclosed therein, for any purpose including developing, manufacturing, and/or marketing goods or Services. Castle will not release your name or otherwise publicize the fact that you submitted materials or other information to us unless: (a) you grant us permission to do so; (b) we first send notice to you that the materials or other information you submit to a particular part of a Service will be published or otherwise used with your name on it; or © we are required to do so by law.
Information from Other Sources. We may receive information about you from other sources, including through Third-Party services and organizations to supplement information provided by you. For example, if you access our Services through a Third-Party application, such as an App Store or Social Network Service (“SNS”), we may collect information about you from that Third-Party application that you have made public via your privacy settings. Information we collect through App Stores or SNS accounts may include your name, your SNS user identification number, your SNS user name, location, sex, birth date, email, profile picture, and your contacts on the SNS. This supplemental information allows us to verify information that you have provided to Castle and to enhance our ability to provide you with information about our business, products, and Services.
3.1.1 Information about Clients
3.1.2 Information about Users
Castle may have access to Personal Information about Users (“User Data”) in the course of providing its Services to a Client.
We consider User Data to be confidential and do not use such data for any purpose other than to provide the Services to our Clients.
In many instances, Castle receives User Data only from the Client and never interacts with the User directly. In some instances, depending on the level of Services selected by the Client, the Clients may allow Users to interact with Castle directly, for example when Castle sends a security alert directly to the User. Castle has access to User Data only as requested by the Client and only for the purposes of performing Services on the Client’s behalf.
If a User contacts Castle with a question about our Service, we will collect Personal Information from that User only as necessary to respond to the User’s request and direct the User to contact the User’s Client, and we will then delete or anonymize the personal data about the User after providing our response.
3.1.3 Information about prospective, current, and former Employees
We acquire, hold, use, and Process Personal Information about Individuals for a variety of business purposes, including:
Castle may use information about you to fulfill requests for Services or information, including information about potential or future Services. With respect to Users, we combine and analyze data related to a User from multiple sources, including the data obtained across all or most of our Clients in order to provide the Services. Other ways we may use Personal Information to provide the Services or information requested include:
Allow you to register for events.
We may use and combine Personal Information with information we collect from other sources for administrative purposes, including to:
Enforce our Terms.
Marketing Castle Products and Services.
Castle may use Personal Information about you, in combination with other information we collect from other sources to provide you with materials about offers, products, and Services that may be of interest, including new content or Services. Castle may provide you with these materials by phone, postal mail, facsimile, or email, as permitted by applicable law. Such uses include:
You may contact us at any time to opt-out of the use of your Personal Information for marketing purposes, as further described in Section 6 below.
Our uses of such Technologies fall into the following general categories:
It may be possible for you to browse our websites without telling us who you are or revealing any information that enables us to directly identify you as an individual. However, you may lose anonymity once you give us Personal Information about you, and by doing so, you agree to the transfer and storage of that information to our servers and to the terms of this Policy. If you would like to opt-out of the Technologies we employ on our sites, services, applications, or tools, you may do so by blocking, deleting, or disabling them as your browser or device permits.
The Site may contain links to other websites and other websites may reference or link to our Site or other Services. These other domains and websites are not controlled by us, and Castle does not endorse or make any representations about Third-Party websites or social media platforms. We encourage our Users to read the privacy policies of each and every website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk. Castle’s Services may include publicly accessible blogs, community forums, or private messaging features. The Site and our other Services may also contain links and interactive features with various social media platforms (e.g., widgets). If you already use these platforms, their cookies may be set on your device when using our Site or other Services. You should be aware that Personal Information which you voluntarily include and transmit online in a publicly accessible blog, chat room, social media platform or otherwise online, or that you share in an open forum may be viewed and used by others without any restrictions. We are unable to control such uses of your information when interacting with a social media platform, and by using such services you assume the risk that the Personal Information provided by you may be viewed and used by third parties for any number of purposes. We use Third-Party software development kits (“SDKs”), such as the Google Analytics, Intercom and Amplitude SDK, on our websites. Third-Party SDKs may allow Third Parties including advertisers to collect your personal information to provide content that is more relevant to you. You may opt out of tracking by sending a request to email@example.com.
Although we do not sell merchandise through our Services, Clients may purchase our Services through Third-Party applications, such as Stripe. A Third-Party payment application may collect certain financial information from Clients to process a payment on behalf of Castle, including a Client’s name, email address, address and other billing information.
Castle collects Personal Information from current, prospective, and former Employees, their contact points in case of a medical emergency, and beneficiaries under any insurance policy. We acquire, hold, use and Process Human Resources Data for a variety of business purposes including: Workflow management, including assigning, managing and administering projects;
We may share your personal information as described in this Policy (e.g., with our Third-Party service providers; to comply with legal obligations; to protect and defend our rights and property) or with your permission, including:
In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Services. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify Users in connection with their investigation of the unauthorized activities.
All Personal Information collected via or by Castle may be stored anywhere in the world, including but not limited to the United States, the European Union, in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers. Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request. By providing information to Castle, you consent to the storage of your Personal Information in these locations.
You have the right to opt out of certain uses and disclosures of your Personal Information. Where you have consented to Castle’s Processing of your Personal Information, you may withdraw that consent at any time and opt-out to further Processing by contacting firstname.lastname@example.org. Even if you opt-out, we may still collect and use non-Personal Information regarding your activities on our Sites and/or information from the advertisements on Third-Party websites for non-interest based advertising purposes, such as to determine the effectiveness of the advertisements. You can see, review and change most of your personal information by logging into our websites. You must promptly update your personal information if it changes or is inaccurate. We retain personal information from closed accounts in order to comply with law, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, enforce our Services-related agreements, and take other actions otherwise permitted by law or as specified elsewhere in this Policy.
If at any time you choose to opt out from allowing us to use your Personal Information in the future to provide you with special offers or information regarding new products or services, check the “opt-out” box, either at the time you provide your personal information or via any subsequent marketing communication that we send you.
We maintain “do-not-call” and “do-not-mail” lists as mandated by law. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists within 60 days after receipt, or such shorter time as may be required by law.
Castle may occasionally send you push notifications through our mobile applications with game updates, high scores and other notices that may be of interest to you. You may at any time opt-out from receiving these types of communications by changing the settings on your mobile device. Castle may also collect location-based information if you use our mobile applications. You may opt-out of this collection by changing the settings on your mobile device.
With regard to Personal Information that Castle receives in connection with the employment relationship, Castle will use such Personal Information only for employment-related purposes as more fully described above. If Castle intends to use this Personal Information for any other purpose, Castle will notify the Individual and provide an opportunity to opt-out of such uses.
Do Not Track (“DNT”) is a privacy preference that Users can set in certain web browsers. DNT is a way for Users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
As noted above, you may stop or restrict the placement of cookies on your computer or remove them from your browser by adjusting your web browser preferences. Please note that cookie-based opt-outs are not effective on mobile applications. However, on many mobile devices, application Users may opt out of certain mobile ads via their device settings.
The online advertising industry also provides websites from which you may opt-out of receiving targeted ads from our data partners and our other advertising partners that participate in self-regulatory programs. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at https://www.networkadvertising.org/managing/opt_out.asp, or https://www.youronlinechoices.eu and https://www.aboutads.info/choices. You can also choose not to be included in Google Analytics here.
Although Castle makes good faith efforts to provide Individuals with access to their Personal Information, there may be circumstances in which Castle is unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy in the case in question or where it is commercially proprietary. If Castle determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, Castle will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Information.
Castle retains the Personal Information we receive as described in this Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
We take steps (such as administrative, technical, and physical procedures) to ensure that your information is treated securely and in accordance with this Policy. Some of the steps we take are limiting access to information through username and password credentials and multi-factor authentication and using industry-standard Secure Socket Layer (SSL) encryption technology to safeguard the account registration process and sign-up information. Other security safeguards include but are not limited to data encryption, firewalls, and physical access controls to building and files.
Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure.
By using the Site or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Site. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Site or sending an e-mail to you. You may have a legal right to receive this notice in writing.
To discuss the security programs, procedures and policies that we have selected and utilize to reasonably secure the Services, please contact email@example.com. We will be happy to discuss our security program with you.
By using the Site, Castle will transfer data to the United States, the cloud, our servers, the servers of our affiliates or the servers of our service providers. By choosing to visit the Site, utilize the Services or otherwise provide information to us, you agree that any dispute over privacy or the terms contained in this Policy will be governed by the laws of California and the adjudication of any disputes arising in connection with Castle or the Site will be in accordance with the Terms.
If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States, the cloud, our servers, the servers of our affiliates or the servers of our service providers and to Processing of your data globally. By providing your Personal Information, you consent to any transfer and Processing in accordance with this Policy.
The Services are not directed to those under 13 years of age, and we do not knowingly collect personal information from children. If you are younger than thirteen, please do not provide any personal information to us. If a person 13 years of age or younger has provided personal information to us, a parent or guardian of such person should contact us at firstname.lastname@example.org that we can remove such personal information from our database. We reserve the right to limit participation in particular programs, offers or promotions to those over 18 years of age.
If you have any questions about our privacy practices or this Policy, please contact Castle by email at email@example.com. We will address your concerns and attempt to resolve any privacy issues in a timely manner.
California law permits Users who are California residents to request and obtain from us once a year, free of charge, a list of the Third Parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. Castle does not share Personal Information with Third Parties for their own marketing purposes.
The following capitalized terms shall have the meanings herein as set forth below.