Inspectiv | Privacy Policy

Last Updated: 12/20/2024

Inspectiv, Inc. and its affiliates (each and collectively, " Inspectiv", " we", " us" or " our") provide this Privacy Policy to inform you of our policies and procedures regarding the collection, use, processing and disclosure of Personal Data that we receive from our clients and users – whether via our website available at www.inspectiv.com and https://client.inspectiv.com/ (each and collectively, the “Site”), via our application security testing platform available at the Site, or via other methods. This Privacy Policy also applies to any Inspectiv internal business systems used to maintain Personal Data. Collectively, we refer to our Site and internal business systems as the "Services." Any other capitalized terms not defined in this Privacy Policy have the meaning set forth in our Terms of Service.

By accessing or using the Services, you confirm that (a) you have either agreed to the Inspectiv Terms of Service located at https://www.inspectiv.com/customertermsandconditions.html or you have entered into a separate agreement with us governing your access to and use of the Services and (b) you have read and understood this Privacy Policy.

We may update this Privacy Policy from time to time, including to reflect changes to our privacy practices. If we make a change that we believe will substantially alter your rights, we will update the “Last Updated” date at the top of the Privacy Policy and post it on our Site, and we will also notify you at the email address specified in your Customer Account or by means of a notice on the Site or Services before the change becomes effective. In certain cases, we may also seek your consent to further use your information, when required. We encourage you to periodically review this Privacy Policy for the latest updates.

‍

Collection of Personal Data

‍

We collect Personal Data regarding you or your device, including the following:

Information that you provide to create an Inspectiv Customer Account, specifically email address, first name and last name.
Email address, when you submit a Vulnerability report to Inspectiv. This email address will be used for the internal purposes of identifying you, and contacting you regarding the Vulnerability report. By submitting a Vulnerability report to Inspectiv, you consent to email or other electronic communications regarding your submission. See below for more discussion regarding Vulnerability submissions.
Log Data, which we collect automatically from your device and/or browser when you visit the Site or access or use the Services. “Log Data” includes IP addresses, preferences, web pages you visited before coming to the Site, information about your browser, network or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs, language and other regional settings), information about how you interact with the Services (such as timestamps, clicks, scrolling, browsing times, searches, transactions, referral pages, load times, and problems you may encounter, such as loading errors).
Emails and other communications that you send to us or contribute, such as customer support inquiries or posts to our customer message boards or forums. Please be aware that information that you post on public parts of the Site will be available to others.
Information that you share with Inspectiv in connection with surveys, contests or promotions.
Your marketing preferences.
Other information that you submit to Inspectiv directly or through third-party services.

We obtain Personal Data in three main ways:

You provide it directly, such as by registering for a Customer Account.
We record it automatically when you visit our Site or access or use our Services, including through the use of cookies, Web beacons or similar automated technologies (discussed more below).
We receive it from third parties throughout the normal course of business.

We will typically notify you when Personal Data is required, and the consequences of not providing it. If you do not provide Personal Data when requested, you may not be able to fully access or use the Services if the information is necessary for that purpose, or if we are legally required to collect it.

‍

Processing of Personal Data

With respect to our Services, “Processing” or “using" information means and refers to using cookies on a device, subjecting information to analysis, and handling or using information in any way, including without limitation accessing, using, collecting, storing, modifying, deleting, evaluating, combining, disclosing and transferring information within our organization or among our affiliates or third parties as disclosed to you.

We Process Personal Data for the following purposes:

Providing the Site and Services. To create and manage your Customer Account, provide and personalize our Services, process payments, complete transactions, and respond to your inquiries.
Communicating with you. To communicate with you, including by sending you emails about your transactions and Service-related announcements.
Customizing the Services. To provide you with customized services. For example, we may use your location information to determine your language preferences or display accurate date and time information. We also use cookies and similar technologies for this purpose, as discussed more below.
Improving our Services. To monitor, analyze and learn about how the Services are accessed and used, and to evaluate and improve the Services. We usually do this based on anonymous, pseudonymized or aggregated information which does not focus on you individually. For example, if we learn that most users of subscription Services use a particular integration or feature, we might wish to expand upon that integration or feature.
Security. To ensure the security and integrity of our Services, as discussed further below.
Log Data. We use Log Data to monitor and analyze use of the Site and Services, for technical administration, and to improve functionality and your user experience. We also use Log Data to verify that Site visitors meet the criteria required to process their requests. We do not treat Log Data as Personal Data or use it in association with Personal Data, but we may aggregate, analyze and evaluate Log Data for the same purposes as stated below, regarding other non-identifying information.
Enforcement. To enforce our Terms of Service posted at https://www.inspectiv.com/customertermsandconditions.html and other legal terms and policies.
Protection. To protect our and others’ interests, rights, property or safety (for example, to protect our clients and other users from abuse) or to prevent or stop activity that we may consider to be, or to pose a risk of being, unlawful, unethical or legally actionable.
Compliance. To comply with applicable legal requirements, such as tax requirements, governmental regulations, industry standards, contracts, court orders and law enforcement requests.
Surveys and contests. To administer surveys, contests and other promotions.
Promotion and Marketing. To promote the Services, to send you tailored marketing communications about products, services, offers, programs and promotions of Inspectiv and our partners, and to measure the success of those campaigns.
Advertising. To analyze your interactions with the Services and third parties’ online services, so we can tailor our advertising to what we think will interest you. See below for more discussion regarding third-party advertising.
Third party relationships. We may use affiliates and third-party vendors, consultants and service providers to facilitate and provide the Site and/or Services on our behalf, to perform related services such as maintenance, usage analytics, database management, fraud detection and service improvements. These third parties may have access to your Personal Data solely to perform these tasks on our behalf; they are obligated not to disclose or use your Personal Data for any other purpose. Certain third party vendors, including Google, use cookies to track prior visits to the Site and serve follow-up advertising; but you may disable these cookies by opting out at http://www.google.com/privacy_ads.html.

We Process Personal Data for the above purposes, under the following circumstances:

Consent. You have consented to the use of your Personal Data in a specific way. When you consent to such use, you may change your mind at any time.
Performing a contract. We require your Personal Data in order to provide you with Services as requested, or to respond to your inquiries. In other words, to perform our agreement with you or take steps at your request before entering into one.
Legal obligation. We have a legal obligation to use your Personal Data, such as to comply with applicable tax requirements or governmental regulations or to comply with a court order or binding law enforcement request.
Legitimate interests. We have a legitimate interest in using your Personal Data, as follows:
- To operate the Inspectiv business and provide you with tailored advertising and other communications, including to develop and promote our business.
- To analyze and improve the safety and security of our Services, such as by implementing and enhancing security measures and protections and protecting against fraud, spam and abuse, as discussed further below.
- To provide and improve the Services, including any personalized services.
- To share your Personal Data with any Inspectiv affiliates (i.e., other Inspectiv group companies) that help us provide and improve the Services.
- To comply with a court order or binding law enforcement request.
- To anonymize and subsequently use anonymized information.
Protecting you and others. To protect the vital interests of you or others.
Others’ legitimate interests. Where necessary for the purposes of a third party’s legitimate interests, such as our partners who have a legitimate interest in delivering tailored advertising or other communications to you and monitoring and measuring their effectiveness.

Use of Personal Information with Non-Identifying Information

‍

We may combine certain Personal Data with non-identifying information to provide the Site and Services, complete your transactions, and administer your inquiries. Certain non-identifying information would be considered Personal Data when combined with other identifiers in a way that enables you to be identified (for example, combining your zip code and your street address), but not when taken alone or combined only with other non-identifying information (for example, demographic information). We may combine your non-identifying information and aggregate it with other users’ information in order to improve your user experience and the quality and value of the Site and Services, and to analyze how the Site and Services are used. We may also use the combined information without aggregating it, in order to serve you specifically (for instance, to deliver a product per your stated preferences).

We may share aggregated information that does not include Personal Data and we may otherwise disclose to third parties non-identifying information and Log Data (defined below), for purposes including, without limitation, demographic profiling and industry analysis. Any aggregated information that we share in these contexts will not contain your Personal Data.

‍

Tracking Technologies

‍

Cookies. A “cookie” is a small data file that we transfer to your computer's hard disk for record-keeping purposes. Like many websites, we use cookies for two purposes: (1) we use persistent cookies to save your login information for future logins; and (2) we use session ID cookies to enable certain features of the Site and Services, to better understand your interactions with the Site and Services, and to monitor aggregate usage and web traffic routing. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Site and Services and close your browser. Third-party advertisers on the Site may also place or read cookies on your browser. You may change your browser options to stop accepting cookies or to prompt you before accepting; but then you may no longer be able to fully use all features and functions of the Site and Services. As noted above, certain third party vendors, including Google, use cookies to track prior visits to the Site and serve follow-up advertising; but you may disable these cookies by opting out at http://www.google.com/privacy_ads.html.

‍

Beacons. The Site and/or Services may contain small electronic images known as Web beacons (or single-pixel gifs), which are used with cookies to compile aggregated statistics for usage analysis. We may also use Web beacons in some emails to indicate which emails and links you have opened, enabling us to understand the effectiveness of our communications and marketing, advertising or promotional campaigns.

‍

Communications

‍

To protect the privacy and security of our other customers, Inspectiv’s personnel, and any independent Security Researchers who participate in a customer program, you may not solicit nor communicate with any of those parties directly – whether via email, phone, SMS (text) or otherwise. You may only communicate with those parties using functionality provided within the Inspectiv Site or Services.

To opt out of, or cancel, any future communications from Inspectiv to you, you may contact us at legal@inspectiv.com. We will attempt to accommodate your cancellation request, provided, that, we do not have a legal obligation or legitimate reason from the owner of a customer program (such as a Vulnerability Disclosure Policy (“VDP”) program or managed “bug bounty” program) to retain the information in your Customer Account. Please also note that, if you cancel your Customer Account, any reviews you have posted on the Site may remain publicly viewable via the Site.

‍

Security

‍

Inspectiv is highly concerned with safeguarding your information. While no service is completely secure, we have a security team dedicated to keeping personal information safe. We maintain administrative, technical and physical safeguards that are intended to appropriately protect the Personal Data in our possession against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse and any other unlawful form of Processing. A top priority for us is to help protect you from identity theft, “phishing” and other deceptive practices. We do not, and we never will, contact you via a non-secure or unsolicited e-mail or telephone communication in order to request your credit card or other payment method information, Customer Account login credentials, national identification numbers or other Personal Data.

In addition, when you enter Personal Data or sensitive information (such as Vulnerability information, and payment method information on our registration or order forms, we encrypt the information using secure socket layer (“SSL”) technology. We follow generally accepted industry standards to protect Personal Data that you submit to us, both during transmission and once we receive it. However, because no method of transmission over the Internet, or method of electronic storage, is fully secure, we cannot guarantee absolute security of this information. If you have any questions about security on our Site or Services, you may contact us.

We will make legally required disclosures to you via email or conspicuous posting on the Site or Services, in the event of a breach of the security, confidentiality or integrity of your unencrypted, electronically stored Personal Data. We will make such disclosures expeditiously and without unreasonable delay, insofar as consistent with (a) legitimate needs of law enforcement or (b) any measures necessary to determine the scope of the breach and restore the applicable data system’s reasonable integrity.

‍

Vulnerability Submissions - Information Sharing and Disclosure

‍

When you use the Site and Services for purposes of a VDP program or a managed “bug bounty” program, the program details, including any applicable Rules of Engagement as well as related customer and independent Security Researcher profile information, are visible to other users - unless otherwise specifically requested. However, in any event, Vulnerability reports submitted by a Security Researcher are only visible to (a) you, as the Customer owning the program, (b) any collaborating user whom you have invited to help manage the program, (c) the Security Researcher who submitted the Vulnerability report, and (d) authorized Inspectiv personnel. Vulnerability report details will only be publicly disclosed by Inspectiv with the consent of the owning Customer or authorized collaborating user. Inspectiv requires that the Security Researcher who submitted the Vulnerability report agree to the same rule, as a condition of participation in the program, but you understand and acknowledge that this does not constitute a guarantee by Inspectiv that the Security Researcher will not disclose the information.

‍

Business Transfers

‍

As we continue to develop our business, we may buy or sell companies or business divisions, we may merge or combine with another company, or we may undertake another corporate transaction such as a reorganization, sale, joint venture, assignment, transfer or other disposition of our company or all or a significant part of our business, assets or stock. In such transactions, customer information is generally one of the transferred and shared business assets. Accordingly, we may share or transfer your information in connection with, or during negotiations of, such transactions, subject to reasonable confidentiality restrictions. The information transferred or shared remains subject to the promises made in any pre-existing privacy policy (unless you or the applicable user has agreed to be subject to new privacy terms).

‍

Third-Party Links, Advertising Analytics

‍

The Site and/or Services may contain links to third-party websites or resources. If you choose to visit an advertiser by clicking a banner or other ad, or clicking another third-party link, you will be directed to that third party's website or resource. The presence of such advertisement or link is not an endorsement, authorization or representation of Inspectiv’s affiliation with that third party, or of their privacy or information security policies or practices. We do not exercise control over third-party websites or resources. They may place their own cookies or other files on your computer or device, in order to collect data or solicit Personal Data from you. They may also follow different rules regarding the use or disclosure of any Personal Data that you submit to them. Therefore, we encourage you to read the privacy policies or statements of any third-party websites or resources that you visit.

The Site and/or Services may also include third-party advertising analytics technology, which enables customized ads to be displayed. We do not share or sell your Personal Data with such third parties; but when you use the Site and/or Services, Inspectiv or the third party operating the ad-serving technology may use non-personal information collected through cookies, web beacons, pixels, clear GIFs, JavaScript, anonymous device identifiers or other technologies to measure the effectiveness of ads, in order to help ensure that the right ads are presented to you. The information acquired also may be used to perform detailed web and advertising analytics concerning your use of the Site and/or Services and other websites of interest to you. To the extent any of this information is collected by third parties, you acknowledge and agree such collection and use is governed by those third parties' privacy policies and Inspectiv is not responsible for their privacy practices.

If you are interested in more information about personalized user ads and how to prevent third parties from delivering them, you may visit the following third-party websites: the Network Advertising Initiative Consumer Opt-Out Page or the Digital Advertising Alliance's Consumer Opt-Out Page. If you are using an Apple (iOS) device and do not want to receive in-application ads tailored to your interests, you may opt-out by accessing the following link on your device: https://support.apple.com/en-us/HT202074. If you are using an Android device, you may visit Google's Ads Preferences page from a browser on your device and make your choices there. Please note that, to the extent that ad technology is integrated into the Site and/or Services, even if you opt out of tailored ads, you may still receive some other ads; they just will not be tailored to your interests.

‍

Your Rights and Choices

Where applicable law requires (and subject to any relevant exceptions under law), you have the right to access, update, change or delete your Personal Data. You may do this either directly in your Customer Account or by contacting us at legal@inspectiv.com with your request. Please include “Privacy” in the subject line of your communication. Please also note that we may need to verify your identity in connection with your request, and the verification process may require you to provide us with additional information (for example, government identification) if you do not have access to your Customer Account. Even if you have access to your Customer Account, we may request additional information if we believe it is necessary to verify your identity. If we are unable to verify your identity or request, then in accordance with applicable law we may be unable to fulfill your request.

You may delete your Customer Account by contacting us, either via your Customer Account or at legal@inspectiv.com. Please note that, for technical reasons, there may be a delay in deleting your Personal Data from our systems when you ask us to delete it. We also may retain Personal Data in order to comply with the law, to protect our and others’ rights, to resolve disputes or to enforce our legal terms or policies, to the extent permitted under applicable law.

You may also elect not to receive marketing communications by changing your preferences in your Customer Account or by following the unsubscribe instructions in such communications.

You may have the right to restrict or object to the Processing of your Personal Data or to exercise a right to data portability under applicable law. You also may have the right to lodge a complaint with a competent supervisory authority, subject to applicable law.

Additionally, if we rely on consent for the processing of your Personal Data, you have the right to withdraw it at any time and free of charge. If and when you do so, this will not affect the lawfulness of the Processing before you have withdrawn your consent.

We will not discriminate against you for exercising your rights.

‍

International Transfers

‍

Your information may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside of the United States and you choose to provide your Personal Data to us, we may collect and Process it in the U.S., or we may transfer it to the U.S. and Process it there. Where we transfer your Personal Data, we will comply with applicable Data Protection Laws and take all reasonable steps to ensure that your privacy rights continue to be protected.

Children

‍

‍We welcome submission of Vulnerability reports by any person, regardless of their age, in connection with a customer program. However, if the person is under the age of 18, any Vulnerability report must be submitted by their parent or guardian. And any applicable bounty award payments will only be issued to an adult who has read and accepted our Terms of Service.

By accessing or using the Services, you represent that you are at least 18 years of age. We understand the importance of protecting the privacy of minors, especially in the online environment, and we do not knowingly collect Personal Data from children under 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Data without their consent, the parent or guardian should contact us. If we become aware that a child under 13 has provided us with Personal Data, we will take steps to delete the information as soon as practicable, unless we obtain the necessary consent from the child’s parent or guardian.

‍

California Residents

‍

This Section is applicable if you reside in the State of California (“California Resident”).

Categories, business and commercial purposes, sources and third parties

The following is a list of all categories of personal information which Inspectiv collects, or has collected, from California Residents, during the twelve (12) months before the effective date of this Privacy Policy:

Identifiers, such as your name, email address and IP address.
Commercial information, such as transaction data.
Financial data, such as partial payment information that we receive from our payment processor.
Internet or other network or device activity, such as browsing history.
Location information, such as general information inferred from an IP address.
Other inferences, such as inferences about your personal preferences and attributes drawn from profiling.
Sensory information, such as recordings of support calls.
Other information that identifies or can be reasonably associated with you.

We collect personal information directly from you (either directly or through a third-party service), automatically through your use of the Site and/or Services, and from third parties such as business partners, service providers and payment processors.

We collect personal information for the following business purposes: (i) providing the Services (including without limitation maintaining your Customer Account, processing and fulfilling Services orders, and administering promotions); (ii) providing customer support for the Services; (iii) operating the Services (including without limitation, managing third party relationships and enabling use of our service providers); (iv) communicating with you; (v) customizing the Services; (vi) securing and protecting the Services including without limitation, auditing the Services, bug and fraud detection, debugging and repair of errors, and the detection, protection and prosecution of security incidents or illegal activity; (vii) enforcing our terms and policies; (viii) complying with law; (ix) verifying your identity; and (x) other business purposes about which we may notify you from time to time.

We also collect personal information for uses that advance our commercial or economic interests such as: (1) promoting, marketing and advertising the Services; (2) customizing the Services; (3) improving the Services; (4) communicating with you about relevant offers from third parties; and (5) other commercial purposes about which we may notify you from time to time.

We do not “sell” or “share” your personal information, as those terms are broadly defined in the CCPA.

‍

Your Requests

‍

Subject to certain exceptions and restrictions, the CCPA provides to California Residents the right to submit requests to a business which has collected their personal information: (i) to provide them with access to the specific items and categories of personal information collected by the business about such California Resident, the categories of sources for such information, the business or commercial purposes for collecting such information, and the categories of third parties with which such information was shared; and (ii) to delete such personal information. As noted above, we need certain types of personal information so that we can provide our Services to you, so if you ask us to delete some or all of your information, you may no longer be able to access or use the Services.

If you are a California Resident, please follow the instructions in the “Your rights and choices” section above to submit a request, and please make sure you note that you are a California Resident when you do so. California Residents may designate an authorized agent to make requests on their behalf. In order to designate an authorized agent to make a request on your behalf, you or your agent must provide proof that the agent has been authorized by you to act on your behalf, such as written authorization signed by you authorizing that agent to act on your behalf. We reserve the right to request additional information from you and/or individuals claiming to be an authorized agent, such as when we suspect fraud.

‍

Contact Us

‍

If you have questions, comments or complaints about our Privacy Policy or our privacy practices, or if you would like to exercise your rights and choices, please email us at legal@inspectiv.com, or write to us at the address below:

Inspectiv, Inc.

Attention: Legal

10866 Washington Blvd., #1300
Culver City, CA 90232

‍