TruSTAR's Privacy Policy

TruSTAR Technology (“TruSTAR” or “we”) respects the privacy of personal data collected from users of our services.  This Privacy Policy (“Policy”) explains how TruSTAR collects, uses, shares and discloses personal information collected from users (“you”).

This Policy does not apply to, and TruSTAR is not responsible for: (i) the practices of any other companies or individuals, or (ii) any third-party websites, platforms, devices, applications or services that you access via links from TruSTAR’s website or web applications (“Third Party Services”).  We encourage you to review the privacy policies of any Third Party Services that you access.

 

What information we collect, and how we collect it:

TruSTAR Website. Browsing information (e.g. browser information, IP addresses) of visitors to the TruSTAR public website (the “Website”) is recorded using cookies (see “Cookies” below) and website logs.

Web application registration and use. Upon customer registration, the TruSTAR web application (the “Application”) collects customer account information (e.g. name, email address, organization, payment information). In addition, we collect general browsing data regarding use of the Application in the same manner as for the Website.  

Customer-submitted incident and threat data. TruSTAR customers can use the Application to submit application-wide (i.e. available to all users of the platform) and enclave-specific (i.e. limited to a specified user group) security incident and threat information, which may contain personal data, including the name, IP address, email address and other information associated with security incidents and threats.

 

How we use the information we collect:

Threat analysis. TruSTAR uses data in the Application for analysis and reporting of network security threats, to provide services including threat insights, threat notifications, threat analysis and threat management guidance.

Threat analysis (profiling and automated decision making). The threat and incident data we collect is used to build profiles of individuals and entities on the Internet who may pose security threats (and of those who do not pose security threats). Our customers may use these profiles to deny access to services and resources to likely malicious actors. Our service is designed to make such automated decision making as targeted as possible, so that any denial of access is limited to that necessary to protect network and data security.

Customer administration. TruSTAR uses customer account information to communicate with customers regarding the Application and TruSTAR services, including for billing and account management features.  

Analytics. TruSTAR uses browsing information collected via the Website and Application to analyze user behavior and improve the functions of the Website and Application.

Information on TruSTAR services. TruSTAR uses customer personal data provided via the Website and Application to communicate with visitors about TruSTAR offerings and products.

 

How we share information:

TruSTAR shares personal data with certain third parties as described below, and take responsibility for such sharing as provided in this Policy and applicable law.

Threat analysis.  TruSTAR shares customer-submitted personal data related to security incidents and threats via the Application with other customers. Customers can use and process data in the Application to facilitate security analysis through incident exchange, collaboration, and threat analysis and visualization.  

Threat analysis (profiling and automated decision making).  TruSTAR shares profiles of individuals via the Application with customers, who use these profiles to deny access to services and resources to likely malicious actors.  Our service is designed to make such automated decision making as targeted as possible, so that any denial of access is limited to that necessary to protect network and data security.

Website analytics.  TruSTAR shares browsing information collected from the Website and Application with third-party analytics vendors to analyze user behavior and improve the functions of the Website and Application.  TruSTAR does not sell personal data obtained from the Website.

Legal matters.  TruSTAR may disclose personal data as required by law, including to meet national security or law enforcement requirements, or if in our judgment it is necessary to protect TruSTAR, our employees, or users from harm, loss, or liability.

Merger or acquisition.  If TruSTAR were to merge with or be acquired by another company, or TruSTAR sells substantially all of its assets, the acquirer or resulting company will receive and may continue to use personal data described in this Policy.  

 

Cookies:

The Website and Application use cookies—small files stored in your web browser—to identify visitors based on browser information, IP address and username. These cookies can track the services used and content viewed by users. Please see this link regarding how to disable cookies; however, please note that disabling cookies may affect some features of the Website and/or Application.  

 

Access to, correction, and deletion of personal data:

You may request access to, correction or deletion of your personal data held by TruSTAR by contacting the TruSTAR Chief Privacy officer at privacy@trustar.co.  TruSTAR may not delete personal data where the data subject facilitated criminal conduct or conducted malicious attacks.

EU customers of TruSTAR have certain rights to restriction of data processing and data portability to other service providers.

 

Opting out from marketing communications:

You may opt out of marketing communications regarding TruSTAR products and services (other than important service- and security-related messages), by managing communications preferences on the Application or by accessing the unsubscribe link within TruSTAR marketing communications.

 

Retention of personal data:

Customer account information collected from the TruSTAR web application is stored as long as the customer is a member of the platform.  TruSTAR deletes customer account information if a customer’s account is closed, although the information may continue to persist in TruSTAR’s backups for up to 90 days.   

Customer-submitted enclave-specific incident and threat data is available in the TruSTAR web application as long as the customer’s organization is a member of the platform.  TruSTAR deletes enclave-specific information if an organization’s account is closed, although the information may continue to persist in TruSTAR’s backups for up to 90 days.  

Customer-submitted application-wide incident and threat data is shared in perpetuity with customers of the platform in order to support our core threat management services. This information is not automatically removed when a customer organization closes its account.

Personal data obtained from the Website, including analytics and visitor-submitted personal data, are stored for a maximum of two years, and thereafter are retained only in aggregated and anonymized form.  

 

Security:

TruSTAR uses technological and organizational measures to protect personal and other data from unauthorized disclosure, alteration, or destruction.  However, data security presents many risks, and TruSTAR cannot guarantee that information will be 100% secure.  TruSTAR relies on customers to select secure passwords, to protect those passwords, and to use appropriate security software on their devices.  Please contact TruSTAR with any information regarding unauthorized use of the TruSTAR website or web application.

 

Transfer to United States; EU compliance:

TruSTAR is based in the United States, and information collected by TruSTAR is usually transferred to, processed, and/or stored in the United States.  We comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.  TruSTAR has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

TruSTAR complies with the EU General Data Protection Regulation with respect to our activities in the EU and EEA, and our EU contact person can be reached at privacy@trustar.co.

 

Changes to this Policy:

From time to time, TruSTAR may revise this Policy to reflect changes in the law, changes in TruSTAR’s products, or for other reasons.  Updated copies of this Policy will be posted on the Website.  If TruSTAR makes material changes to the Policy, TruSTAR will email a copy of the updated policy to customers and Website visitors that provided TruSTAR with their contact information.

 

Contact information and your rights:

If you have inquiries or complaints about your personal data, you should first contact TruSTAR at privacy@trustar.co.  If we receive a written complaint, TruSTAR will contact the person who made the complaint to follow up.  

TruSTAR has further committed to refer unresolved Privacy Shield complaints to TRUSTe, an alternative dispute resolution provider located in the United States.  If you do not receive timely acknowledgement of your Privacy Shield complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the TRUSTe Privacy Dispute website for more information or to file a complaint.  The services of TRUSTe are provided at no cost to you.

TruSTAR also works with the appropriate regulatory authorities to resolve any complaints regarding personal data that we cannot resolve with our users directly.  TruSTAR is regulated by the US Federal Trade Commission.  If you are a EU/EEA customer of TruSTAR, you may also have the right to complain to the data protection authorities in your country, and, under certain conditions, to invoke binding arbitration.

 

This priavcy statement was updated on Janary 8, 2018.