Privacy Policy

Last Updated: September 6, 2021

  1. Policy & Purpose

    This privacy policy (“ Privacy Policy ”) adopted by PingSafe Pte Limited (hereinafter referred to as “ We ” / “ Our ” / “ Us ” / “ PingSafe ”) governs the collection, use and transfer of any information capable of identifying a person (“ Personal   Information ”) of individuals accessed or shared with Us by virtue of use or access of our Services ( defined below ) and Our website ( https://www.pingsafe. com , (collectively referred to as the “ Platform ( s )”). Unless specified otherwise, this Privacy Policy applies only to the Platform and services, features, software, and functionalities offered by Us, via the Platform.

    For the purposes of this Privacy Policy, Sensitive Personal Data or Information   or   Sensitive Information means Personal Information, that consists of the (in) password, (ii) financial information, such as bank account, debit or credit card details, (iii) physical, psychological and mental health condition, (iv) sexual orientation, (v) medical records and history, (vi) biometric information, (vii) official identifier, (viii) sex life, (ix) genetic data, (x) transgender status, (xi) intersex status, (xii) caste or tribe (xiii) religious or political belief or affiliation, (xiv) any detail relating to the above as provided to the body corporate for providing a service, and (xv) any of the information received under each of the aforesaid heads by the body corporate for processing, or to be stored or processed under a lawful contract.

    This Privacy Policy incorporates the requirements under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Personal Data Protection Bill 2019.

  2. Our Business & Policy Applicability

    PingSafe is engaged in the business of  providing cloud security posture management services to scan, monitor and identify misconfigurations and vulnerabilities in public cloud networks according to use-case commensurate best practices and compliance standards. By visiting the Platform and our Services, customers, companies, or any other users (hereinafter referred to as “ Users ” “ You ” “ Your ”) can access Our services enable continuous, location agnostic monitoring or cloud security risk & compliance and make an in-depth assessment of the cloud environment to maximize your security coverage (hereinafter collectively referred to as “ Services ”). PingSafe may at any time introduce additional features and sub-platforms which will be governed by this Privacy Policy (“ Privacy Policy ”). You hereby agree and acknowledge that this Privacy Policy is an overarching policy that governs the use of thePingSafe Platform and Services. For disclosures and disclaimers we request You to review and understand the Terms of Use specific to such service/sub-platform.

    By accessing the Platform, You consent to be bound by this Privacy Policy and are accepting the measures, protocols and practices involving the collection, use and transfer of Personal Information collected from You, as set out hereinbelow.

    This Privacy Policy does not apply to mobile applications or websites which are not owned or controlled by PingSafe, including third party links and applications with which You may interact while using the Platforms. We will not assume any liability for any harm caused to You by accessing any third party websites or links advertised on the Platforms.

  3. Collection & Use of Information

    1. Personal Information Collected

      When You access the Platform or to avail certain Services, such as registration and setting up an account with PingSafe, etc. we may ask You to provide Personal Information about yourself for the purposes that are set out in the table below:

      Data Collected

      Purpose

      Name

      For onboarding the members onto the Platform’s systems

      Email Address

      For onboarding the members onto the Platform’s systems and to authenticate users during registration or logging in

      While most information we collect can be shared at the discretion of the Users, some Personal Information (an indicative list of which is set out above) is required to be shared to enable the User to access certain Services provided on the Platforms. If You do not provide the information required by PingSafe to provide you with a specific service or feature, You may not be able to access such service or feature of the Platforms. We also collect information like your company’s name and email address to register for our Services and send OTPs for verification purposes.

    2. User Supplied Data

      If You send us personal correspondence, such as emails or letters, or if other Users or third parties send us correspondence about Your activities on the Platform, we may collect such information into a file specific to you.

      Upon contacting PingSafe, We may also use Your contact information to send you updates regarding our products and inform you about alterations or upgrades to our Services, features, software, other marketing content and functionalities offered by Us, via the Platform. You may opt out of receiving any non-essential communications from us by contacting Our Grievance Officer ( defined below ).

    3. Sensitive Personal Data or Information Collected

      We are committed to keeping all such Sensitive Personal Data or Information safe at all times and ensure that such data/information is only stored in secure servers are digitally encrypted, and provide the highest possible degree of care available under the technology presently in use. PingSafe will not use Your Sensitive Personal Data or Information for any purpose other than for such specific purposes as you have expressly consented to its use.

    4. Non-Personal / Aggregated Data

      Apart from the information You provide to us, we may also collect information related to your cloud environment read-only key,  Slack access tokens, JIRA access tokens, PagerDuty access tokens, GitHub access tokens, device type, device location browser, internet protocol address, demographic information, SMS read permissions, websites You visit before or after accessing Our Platform and Your activity trends when using the Platform. We use this information for sending alerts and notifications and figuring out data leaks, and to understand Users’ demographics, interests, and behaviour to better understand, protect and serve our users and create anonymous user personas. This information is compiled and analyzed on an aggregated basis.

  4. Storage & Security

    All information provided by You is stored and retained on secure cloud storage servers and systems of AWS, GCP located in Mumbai region. PingSafe maintains managerial, technical, operational, and physical security practices and procedures to protect data from misuse and unauthorized access, and maintain the accuracy of data ( “Security Practices” ).

    Such Security Practices include measures including, but not limited to (i) HTTPS and HSTS for secure connections, (ii)        encryption of sensitive data and communication e.g secret keys of a customer (iii) vulnerability disclosure and reward program for external researchers to report security vulnerabilities, that are commensurate to the sensitivity of the information shared by the Users to guard against unauthorized access to the server and systems and information residing on such server and systems. PingSafe’s Security Practice protects against unauthorized access to, or unauthorized alteration, disclosure or destruction of the information. PingSafe’s Security Practices are commensurate to the information assets being protected and with the nature of the business. By using the Platforms, you accept and proceed to use the Platform on the understanding that the Security Practice and procedures as mentioned above, which are designed to protect the information provided by You, are reasonable.

    PingSafe has deployed appropriate physical, electronic, and managerial procedures required under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, with a view to safeguard your information and help prevent (i) unauthorized access, (ii) maintain data security and (iii) avoid loss of User information. However, transacting over the internet has inherent risks and absolute security of data when transmitting data online, cannot be guaranteed, therefore, we do not assume any responsibility for any transmission of Your information that is at Your own risk and/or for the disclosure of Your information due to errors in transmission and/or unauthorized acts of third parties.

  5. Data Transfers & Disclosures

    We will not disclose or transfer any of Your Personal Information or Sensitive Personal Data or Information to any third parties except as explicitly provided in this Policy or where we have Your consent to do so. We will only share Your Personal Information or Sensitive Personal Data or Information with third parties with your consent, and where expressly identified, such in the following circumstances:

    1. Provision of Services : Where any service requested by You involves a third party, such information, as is reasonably necessary for PingSafe to carry out a service request involving such third party, may be shared with the third party. We may also engage with such third-party entities to perform functions including but not limited to advertising marketing and facilitating third-party services. Such companies are only granted access to the Personal Information needed to perform their functions upon entering into non-disclosure agreements and statements of work which protect the Users’ rights as provided in this Privacy Policy.
    2. Third parties : We may share Your Personal Information with other corporate entities to facilitate services on the Platforms, such as Hubspot  for marketing. AWS SES for sending emails, to You. We also share your aggregated and non-persona data with PagerDuty and Slack for assessing misconfigurations and issues with our Services.  PingSafe also takes efforts to ensure that any agent or third party that PingSafe engages comply with the same security standards as PingSafe for the protection of your Personal Information and Sensitive Personal Data or Information in PingSafe’s custody.
    3. PingSafe   and its Affiliates : Your Personal Information may be shared with Our group companies, subsidiaries, affiliates, and their employees for the purposes of the development of new products. Such persons will only use Your Personal Information in accordance with this Privacy Policy.
    4. Law Enforcement : We may also use and disclose the information You provide as we believe to be necessary or appropriate: (a) under applicable law, including laws outside Your country of residence; (b) to comply with investigations or legal process; (c) to respond to requests from public and government authorities, including authorities outside Your country of residence; (d) to enforce Our Terms and Conditions https://www.pingsafe.com/terms-of-use/ ;  (e) to defend Our business, or those of any of Our affiliates from third claims; (f) to protect Our rights, privacy, safety or property, and/or that of Our affiliates, You or others; and (g) to allow us to pursue available remedies in law or equity to limit damages that we may sustain.
    5. Change in control : We may also share Your information with third parties if we either: (a) sell, transfer, merge, consolidate or re-organise any part(s) of Our business, or merge with, acquire, or form a joint venture with, such third party; or (b) sell or transfer any of PingSafe’s businesses or any of its assets, in which case the information we hold about You may be transferred to any prospective buyer, new owner, or other third party involved in such sale or transfer.
  6. YOUR RIGHTS

    We do not keep Your data for longer than is necessary unless we are required to do so under applicable law.  We will use Your Personal Information only for so long as is necessary:

    1. to achieve the purposes that have been specifically identified in this Privacy Policy or such purposes as having been identified in any agreement entered into with you;
    2. as required by applicable laws and regulations, or as may be required for evidentiary purposes;
    3. as deemed necessary for tax, fraud control, or mitigation, and to conduct a defence in relation to any disputes or claims whether potential or actual (taking into account statute of limitations under applicable laws).

    You can review, modify, and delete the information You have provided to us at any time by accessing the Platform and/or withdraw Your consent from allowing us to collect, process or transfer Your information by contacting Our Grievance Officer ( See Section VII below ). Please note that if You withdraw Your consent, we may be constrained to withdraw those features, functionalities, services etc. which cannot be provided, without the information You seek to withdraw consent for, or delete from our records. Please note that your requests with respect to your data shall not be complied with if it adversely affects another user, or prejudices such user’s rights.

    Your right to withdraw consent relates to any further collection or processing, of your Sensitive Data, however such withdrawal of consent shall not: (i) be retrospective or require the deletion of records required for statutory purposes; or (ii) operate where required for the discharge of ongoing contractual obligations unless the contract under which the Sensitive Data is required to be collected is also terminated with the request for withdrawal of consent to collect such Sensitive Data.

    Your data will be erased/deleted when it has served the purpose for which it was being collected and is no longer necessary, where consent has been withdrawn, or where retention of such data is contrary to or prohibited by applicable law.

    You have the right to data portability, i.e., you have the right to receive a copy of your personal data in a commonly used and structured, machine-readable format and have it transferred to another service provider or third party after paying us a fee which shall be communicated upon your request.

  7. GRIEVANCE REDRESSAL

    In respect of the Personal Information or Sensitive Personal Data or Information which you have provided to us (“ Collected Information ”), should You wish to (i) request deletion of the Collected Information You have provided to us, from our records, (ii) correct or update the Collected Information, (iii) raise any queries or concerns regarding the purpose of retention, end-use(s) of the Collected Information, or (iv) report a breach of this Privacy Policy, please contact Our grievance officer, Anand Prakash (“ Grievance Officer ”) at [email protected]

    Our Grievance Officer is accessible between 10AM  to 5PM on weekdays (except public holidays) and will address Your queries or grievances within one month from the date of receipt of such queries or grievances.

    To the extent You are exercising any of Your rights under applicable law, we will respond as soon as possible, and in any event within 30 days or in accordance with the timeframe permitted under applicable law. You have the right to file a complaint with the Data Protection Authority once constituted, against the refusal to hear a complaint or dissatisfaction in the manner in which the complaint was resolved. We may seek certain information from You (such as Your name and registered contact number or email address) during the grievance redressal or feedback process in order to verify Your identity and establish secure modes of correspondence.

    Kindly note that in such the event that you wish to withdraw your consent for us to collect, retain, use, or process your Collected Information, You may not be able to take full advantage of the entire scope of features and Services offered to You which rely on such Collected Information, and we reserve the right not to provide such Services that require the Collected Information to be supplied to us.

  8. UPDATES

    From time to time, we may update this Privacy Policy. Any changes will become effective when we post the revised Privacy Policy on the Platform. Your continued use of the Platform following these changes means that You accept the revised Privacy Policy, as amended. You are encouraged to review this Privacy Policy from time to time.