OPT OUT OF WEBSITE TRACKING

ThreatQuotient, Inc. Privacy Policy

We at ThreatQuotient, Inc. (“ThreatQuotient,” “we,” “us,” or “our”) respect your privacy and are committed to protecting your personal information. This Privacy Policy aims to give you details on how ThreatQuotient collects and processes your personal information through your use of our Browser Extension. By using our Browser Extension, you understand and agree to the following policy.

Information Collection

The ThreatQ Browser Extension does not collect any information about you, the sites you visit, or the applications you use. The Browser Extension interacts with your ThreatQ application via the API credentials that are provided to it. It does not report any information back to ThreatQuotient, nor does it report any information to the ThreatQ application, without your consent.

All information stored by the ThreatQ Browser Extension will remain within the user’s environment and are not disseminated to third parties, including ThreatQuotient.

Data Retention

The ThreatQ Browser Extension does store any personal information in it. The data that is stored within the extension will be permanently deleted upon uninstallation of the extension from the Browser.

Your Data Privacy Rights

You have a number of rights under relevant data privacy laws, which may include the General Data Protection Regulation (EU) 2016/679. Depending on where you are based, those rights may include the right to (i) request access or copies of your personal information we process, (ii) rectify incorrect personal information, (iii) delete your personal information, (iv) restrict the processing of your personal information, (v) determine the portability of your personal information, (vi) lodge complaints with competent authorities in your country, and/or (vii) request a list with the names and addresses of any potential recipients of your personal information. 

Individuals may have the right to limit the use and disclosure of their personal information as required by the Privacy Shield’s Principles, such as whether your personal information is disclosed to a third party or used for purposes materially different from the purpose for which the personal information was originally collected or subsequently authorized by you. If you wish to limit the use and disclosure of personal information in accordance with the Privacy Shield Principles, please contact us at privacy@threatq.com

General Data Protection Regulation (GDPR)

ThreatQuotient complies with the European Union’s General Data Protection Regulation (GDPR).  If there is any conflict between the terms in this Privacy Policy and GDPR, the GDPR principles shall take precedence.

What are your data protection rights?
ThreatQuotient would like to make sure you are fully aware of all of your data protection rights assured by GDPR.

Every user is entitled to the following:

  • The right to be informed
    • You have the right to be informed about the collection and use of your personal data; As such, ThreatQuotient will notify you any time this occurs. This privacy policy defines the purpose for collecting various types of data along with retention periods and who we share it with.
  • The right of access
    • You have the right to request copies of your personal data, and other supplementary information pertaining to you from ThreatQuotient. This is commonly referred to as  a ‘Subject Access Request’ (SAR). 
    • You can contact ThreatQuotient for any GDPR related issue at: gdpr@threatq.com
  • The right to rectification
    • You have the right to request that we correct any information you believe is inaccurate. You also have the right to request of us to complete the information you believe is incomplete.
  • The right to erasure
    • You have the right to request that we erase your personal data, under certain conditions.
    • The right to erasure is also known as ‘the right to be forgotten’.
  • The right to restrict processing
    • You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to data portability
    • You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • The right to object
    • You have the right to object to ThreatQuotient’s processing of your personal data, under certain conditions.
  • Rights in relation to automated decision making and profiling.
    • We will tell our customers about any profiling and automated decision-making we carry out, what information we use to create the profiles and where we get this information from.
    • We don’t use special category data in our automated decision-making systems unless we have a lawful basis to do so, and we can demonstrate what that basis is. We delete any special category data accidentally created.

EU-U.S. Privacy Shield

ThreatQuotient complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield program, the Privacy Shield Principles and to view our certification, please visit www.privacyshield.gov

In compliance with the Privacy Shield Principles, ThreatQuotient commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact us at: privacy@threatq.com. We will make all efforts to resolve your complaints in a timely and accurate manner. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S. based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim.

ThreatQuotient has further committed to cooperate with EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and to comply with the information and advice provided to it by an informal panel of DPAs in relation to such unresolved complaints as determined by the Privacy Shield Principles. Under certain conditions, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism. ThreatQuotient is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Changes to this Privacy Policy

ThreatQuotient has the discretion to update this Privacy Policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage visitors to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You should review this Privacy Policy periodically to become aware of modifications.

How to Contact Us

If you have questions about this Privacy Policy, please contact us in one of the following ways:

Email us at privacy@threatq.com 

Or write to us at:
ThreatQuotient, Inc.
20130 Lakeview Center Plaza
Suite 400
Ashburn, VA 20147

For Subject Access Requests or any other GDPR inquiry, please email us at:
gdpr@threatq.com 

Last updated: June 15, 2023