Privacy Policy

Last Updated July 2022


Please read this policy carefully before using our website or the Services (as defined under the Terms of Service).

This privacy policy (the “Policy”) aims to give you information on how OX collects and processes your personal data through your use of this website, including any data you may provide through this website or use or purchase the Services.

This Policy will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you. It applies to those visiting our website www.ox.security or using the Services (together, the “Platform”).

For the purpose of the relevant data protection legislation, the data controller is OX Appsec Security Ltd. (“OX”, “us”, “our” or “we”).

Please note that this Policy does not apply to, or limit, our use or disclosure of non-personal information (i.e. information which is not relevant to you or able to identify you) we may collect from you via your use of the Platform.

Information you give us 

You may give us information about you by filling in forms on our Platform, when you log in to the Platform, or by corresponding with us by phone, e-mail, chat, or otherwise. This includes (but is not limited to) information you provide when you use our service and when you report a problem with our Platform or the services available on it. The information you give us will depend on the circumstances but, as you are giving it to us, you will always know what information we are receiving. We may keep a record of that correspondence or information in case we need to contact you in relation to the issue for which you contacted us, for operational performance improvement and/or nuisance caller management, or otherwise as may be required by law.

Information we collect about you 

We may collect the following information about you:

  • your contact details (phone number, address, email address).

  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone 

  • setting, browser plug-in types and versions, operating system and platform; and

  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Platform (including date and time); what you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers), and methods used to browse away from the page and any phone number used to call our customer service number.

  • Any other information you directly provide us.

Information we receive from other sources 

We may receive information from the third-party authentication provider about you, including your GitHub, Bitbucket, Google, or Docker username and your email address. We are also working closely with other third parties and may receive information about you from them.

Cookies

Our Platform uses cookies to distinguish you from other users of our Platform. This helps us to provide you with a good experience when you browse our Platform and also allows us to improve our Platform. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.  

Uses made of the information

We use information held about you in the following ways:

  • to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;

  • to provide customer support;

  • to personalize your experience;

  • to contact you about your account;

  • to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;

  • to provide you with our newsletter, security best practices and updates about our Platform;

  • to provide you with information about goods or services we feel may interest you;

  • to notify you about changes to our Platform;

  • to administer our Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

  • to improve our Services and our services and to ensure that content is presented in the most effective manner for you and for your computer or mobile device; 

  • as part of our efforts to keep our Platform safe and secure; and

  • In certain cases, we may or will anonymize or de-identify your Information and further use it for internal and external purposes, including, without limitation, to analyze and improve OX services (including through the use of artificial intelligence) and for research purposes. We may use this anonymous or de-identified information and/or disclose it to third parties without restrictions (for example, in order to improve our services and enhance your experience with them and/or to develop new product features and improve existing offerings).

If you no longer wish to receive our newsletters, product updates, or other marketing communications, you may unsubscribe from them at any time by going to unsubscribe@ox.security.

Legal basis for processing your personal data

We rely on our legitimate business interests, and those of our customers, to process your personal data. For example, we have a legitimate interest in providing and improving the Services; maintaining and improving the security and integrity of our Platform; minimizing claims and financial losses of us, and our customers; promoting the Platform and our services and brand; research and analytics; and sharing information with our service providers who help power our operations.

In some cases where we send you promotional material by email we obtain your consent as a legal basis to processing your personal data. 

Disclosure of your information

We may share your information with the following, selected third parties:

  • business partners, service providers and subcontractors for the performance of any contract we enter into with them or you;

  • service providers acting as processors who provide IT, customer management, recruitment administration and system administration services;

  • analytics and search engine providers that assist us in the improvement and optimization of our Platform.

We may disclose your personal data to certain third parties in the following circumstances:

  • if we have your permission to do so;

  • third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may access and use your personal data;

  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms applicable to the OX service and any other documents referred to in them; or to protect the rights, property, or safety of OX, our users, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Where we store your personal data

All information you provide to us is stored on our secure servers or those of our service providers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Platform, you are responsible for keeping this password confidential. Do not share a password with anyone.

We cannot guarantee the security of your data transmitted to our Platform; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorized access.

Data retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of a dispute in respect to our relationship with you.

Your rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data.

If you wish to exercise any of the rights set out below, please contact us at legal@ox.security.

You have the right to:

  • Request access to your personal data.

  • Request correction of the personal data that we hold about you.

  • Request erasure of your personal data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

  • Object to processing of your personal data on the ground that  you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

  • Request restriction of processing of your personal data. 

  • Request the transfer of your personal data to you or to a third party.

  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. 

No fee usually required

You will not have to pay a fee to access your personal data or to exercise any of the other rights, provided that such requests are not clearly unfounded, repetitive or excessive.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights.

Time limit to respond

We  generally respond to all legitimate requests within one month. In the event could take longer, we will notify you and keep you updated.

Third party platforms

Our Platform may, from time to time, contain links to and from the websites operated by third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Use by children

We do not offer our products or Services for use by children and, therefore, we do not knowingly collect information from, and/or about children under the age of 18. If you are under the age of 18, do not provide any information to us without the involvement of a parent or a guardian. In the event that we become aware that you provide information in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at legal@ox.security.

Analytics tools

  • Google Analytics. The website uses a tool called “Google Analytics” to collect information about use of the website. Google Analytics collects information such as how often users visit this website, what pages they visit when they do so, and what other websites they used prior to coming to this website. We use the information we get from Google Analytics to maintain and improve the website and our products. We do not combine the information collected through the use of Google Analytics with information we collect. Google’s ability to use and share information collected by Google Analytics about your visits to this website is restricted by the Google Analytics Terms of Service, available at https://marketingplatform.google.com/about/analytics/terms/us/, and the Google Privacy Policy, available at http://www.google.com/policies/privacy/. You may learn more about how Google collects and processes data specifically in connection with Google Analytics at http://www.google.com/policies/privacy/partners/. You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.

  • Hubspot. Some personal data may be used on Hubspot, such as support tickets and contact details.

  • Datadog. We use Datadog in order to better understand our user’s experience our Platform. We also use it to identify the root cause of slow load times, whether it’s an issue with the code, the network, or the infrastructure. Datadog collects information about your activity in our Platform. Datadog’s ability to use and share information collected about you is restricted by the Datadog Terms of Service, available at https://www.datadoghq.com/legal/terms/, and the Datadog privacy Policy, available at https://www.datadoghq.com/legal/privacy/.

  • We reserve the right to remove or add new analytic tools, cookies, pixels and other tracking technologies.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to legal@ox.security.