Privacy Policy
Updated Augst 16, 2021
Overview
This Privacy Policy (“Privacy Policy”, “Policy”) describes how Pomerium, Inc. (“Pomerium”, “we”, “us” or “our”) collects, uses, shares, processes and protects personal information (“Personal Information”) relating to individuals (“you”, or “your”), who may use or interact with our websites or services, communicate with us, contact us, or attend our events. “You” may be a visitor to one of our websites, a user of one or more of our Services (“User”), a collaborator, or a customer (“Customer”).
Pomerium respects your privacy and is committed to protecting your Personal Information (any information that relates to an identified or identifiable individual). Our belief is that any Personal Information provided to us by you is just that: personal and private.
Note: We do not rent, sell or trade your Personal Information.
SCOPE
This Policy applies to all visitors of our websites, and users of our products, websites, features or services, or any other Pomerium websites that link to this Policy (collectively, the “Websites”), unless covered by a separate privacy policy, and explains how we collect, use, disclose, and safeguard your information. Please note that this Privacy Policy does not apply to the extent that we process Personal Information in the role of a processor (or a comparable role such as “service provider” in certain jurisdictions) on behalf of our customers, including where we offer to our customers various cloud products and services, through which our customers (and/or their affiliates) connect their own applications to our hosted platform, sell or offer their own products and services, send electronic communications to other individuals, or otherwise collect, use, share or process Personal Information via our cloud products and services.
Please read this Privacy Policy carefully.
Data collections and uses
OVERVIEW
This Policy describes how we collect and use your Personal Information, whether it is shared and/or disclosed, and how we address privacy matters, such as deletion of your Personal Information upon request, and opting-out of marketing communications. Lastly, we describe methods for contacting us if you have privacy questions, comments or feedback.
PERSONAL INFORMATION WE COLLECT
Transparency is one of the best ways to earn your trust. The summary table explains what information we collect from you and why, based upon your relationship with us and as your relationship evolves with Pomerium.
| Description | What we collect | Why we collect it | |
|---|---|---|---|
| Visitors | Individuals who visit our public Websites, without logging into an account or using our products and/or services | IP AddressCookie InformationBrowser Info | To gauge interest in our productsTo assess effectiveness of marketing effortsTo monitor usage patterns and improve our Websites, products and/or services |
| Visitors (Marketing) | You may voluntarily share your information with us to receive information about our products and services, or to receive marketing information | NameEmailCompany Name | To share information about our products and/or servicesFor marketing purposes |
| Users | Individuals who establish an account with us, or otherwise use our Websites, products and/or services | NameEmailUsernameCompany NameCredit Card detailsPhone number | To access our products and Websites, products and/or servicesBillingSecurityIdentity verification2-Factor Authentication |
| Customer collaborators | Individuals who contribute to our public repositories | NameEmailUsername | To understand who contributes to our repositoriesTo track changes to our repositories |
Visitors
When you visit our Websites, we consider you a Visitor. As a Visitor, the information we collect from you is listed below. You’re not obligated to provide us with such Personal Information, and you are free to change or completely remove information shared with us; however refusing to provide requested Personal Information might prevent you from using certain features of the Websites.
| What do we collect? | Why do we collect it? | Can you limit collection? |
|---|---|---|
| Pomerium Cookies | To recognize you when you make a return visit and deliver overall a consistent experience | Most modern browsers allow you to delete or limit cookies |
| Third-Party Tags and Cookies | To measure our marketing effectiveness | Most modern browsers allow you to delete or limit cookies, including third-party cookies; however, you may not be able to limit marketing tags entirely unless you do not visit our sites |
| Internet Protocol (IP) Address | Part of the basic function of the internetTo measure who is visiting us and from where | The only way to avoid this is to not visit our sites |
| Browser Metadata(i.e. browser type, version, operating system) | Part of the basic function of the internetTo ensure we maintain a positive website experience for most used browsers | Browsers communicate this automatically; however, some third-party extensions may allow you to limit this |
Marketing
In addition to the data above, you may also voluntarily share Personal Information with us, in order to receive information about products, or to register for an upcoming event.
| What do we collect? | Why do we collect it? | Can you limit collection? |
|---|---|---|
| Name + Email | To respond to your inquiryEmail you about product offerings, updated and other marketing promotions | No, these are required for us to contact youYou can opt out of marketing emails, see the Opt-Out section |
| Company Name | To further develop our understanding of you | No, this is required |
| Job Title | To further develop our understanding of you | Yes, this is voluntary |
| Phone Number | To contact you | Yes, this is voluntary |
USERS
If you choose to register for an account with Pomerium or on our Websites, you will share Personal Information with us.
When you register, create a User Account on our Website and begin using our products, we consider you a User. This section describes our privacy practices related to Users. Keep in mind Users are also considered Visitors so we collect this data in addition to what was described for Visitors.
| What do we collect? | Why do we collect it? | Can you limit collection? |
|---|---|---|
| Email, Username and Password | In order to establish your account and allow you to securely access itEmail you about service updates, maintenance activities, security notifications, weekly summaries and other account related information | No, these are required for us to contact youYou can opt out of marketing emails, see the Opt-Out section |
| Phone Number | For 2-factor authentication | This is required to enable 2-factor authentication |
| Payment DataCredit card dataAddress | We require the minimum amount of data to process your payment | This is required to process your payment |
HOW WE USE PERSONAL INFORMATION
Our Products and Services
We use Personal Information to facilitate the business relationships we have with our Users, to comply with our financial regulatory and other legal obligations, and to pursue our legitimate interests where these are not overridden by the interests, rights or freedoms of Users . We also use Personal Information to complete payment transactions. We only collect and process your Personal Information to the extent it is necessary to fulfill these purposes and where we can rely on a legal basis for such processing
HOW LONG DO WE KEEP YOUR DATA?
We only process and keep any Personal Information for as long as necessary. to achieve the purpose for which the information was originally collected. The exact length of time we keep Personal Information depends on our processing purposes and the statutory retention period for that type of information. After the statutory period of time passes, or if storage of Personal Information is not needed, Personal Information is deleted or anonymized.
HOW DO WE USE YOUR INFORMATION?
We use Personal Information we collect to provide products and/or services to you, keep our Websites running smoothly, and protect us legally. We will not use or share your Personal Information in ways unrelated to those described below. We do not use automatic decision-making or profiling, and will not sell your Personal Information for any purpose.
- Customer’s instructions. Pomerium will only share and disclose Personal Information in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement, and in compliance with applicable law and legal process.
- Customer access. Owners, administrators and other Customer representatives and personnel, as defined in the Customer Agreement, may be able to access, modify or restrict access to Personal Information.
- Third party service providers and partners. We may engage third party companies or individuals as service providers or business partners to process Personal Information and support our business. Please email us at privacy@pomerium.com for a list of the third party service providers and/or partners we utilize.
- During a change to Pomerium’s business.If Pomerium is involved in a merger, acquisition, sale of all or a portion of our assets, or bankruptcy, your Personal Information would be an asset transferred to or acquired by the successor entity or third party. You acknowledge that such transfers may occur and that the transferee may process Personal Information in a manner different to that set out in this Privacy Policy. You will be notified by email and/or a prominent notice on our Websites of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
- Aggregated or de-identified information. We may disclose or use aggregated or de-identified Personal Information for any purpose. For example, we may share aggregated or de-identified information with prospects or partners for business or research purposes, such as showing a total count of active users accessing our products.
- To comply with laws. If we receive a request for information, we may disclose Personal Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
- To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of Pomerium or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With consent. Pomerium may share Personal Information with third parties when we have consent to do so.
SECURITY
Pomerium takes appropriate administrative, technical, physical and organizational security measures to protect your Personal Information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once it is received, taking into account the nature of such information and the risks involved in processing, and comply with applicable laws and regulations. While we have taken reasonable steps to secure the Personal Information you provide to us, please be aware that despite our best efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide Personal Information via our Websites.
If you have any questions about our security, or have reason to believe that your interaction with us is no longer secure, please contact us at security@pomerium.com.
POLICY FOR CHILDREN
We do not knowingly solicit information from or market to children under the age of thirteen (13). If you are under age 13, please do not give us any Personal Information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help us enforce our Privacy Policy by instructing them to never share Personal Information through our Websites without their permission. If you suspect or become aware of any data we have collected from children under age 13, please contact us immediately using the contact information provided below.
NOTICE TO ALL NON-U.S. RESIDENTS
Our servers are located in the U.S.. If you are located outside of the U.S., please be aware that any information provided to us, including Personal Information, will be transferred from your country of origin to the U.S.. Pomerium transfers and processes data, including the data transfers under the EU-U.S. Privacy Shield, the Swiss-U.S. Privacy Shield, and the General Data Protection Regulation (GDPR), in accordance with applicable laws and regulations.
NOTICE FOR RESIDENTS OF THE EUROPEAN AND SWISS ECONOMIC AREAS
In order to comply with European Union and Swiss data protection laws, Pomerium, Inc. self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to enable companies to comply with data protection requirements when transferring Personal Information from the European Union and Switzerland to the United States. You can view our self-certification here.
Pomerium is responsible for the processing of Personal Information we receive, under Privacy Shield, and the subsequent transfers to a third-party acting as an agent on our behalf. With respect to Personal Information received or transferred pursuant to the Privacy Shield Framework, Pomerium is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Pomerium may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
NOTICE FOR CALIFORNIA RESIDENTS
The California Consumer Privacy Act (CCPA) is a new data privacy law that applies to certain businesses which collect Personal Information from California residents. The law became effective on January 1, 2020. Pomerium already offers data protection terms pursuant to the GDPR in Europe. We are now also offering the same terms under the CCPA. Your rights under the CCPA are described below.
Please note that Pomerium does not rent or sell any Personal Information.
In addition, California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits California residents to request and obtain from us, once a year and free of charge, 1) information about categories of Personal Information (if any) we disclosed to third parties for direct marketing purposes, and, 2) the names and addresses of the third parties with which we shared Personal Information in the preceding calendar year.
If you are under 18 years of age, reside in California, and have a registered account with our Websites, you have the right to request removal of unwanted data that you publicly post on our Websites. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on our Websites, but please be aware that the data may not be completely or comprehensively removed from our systems.
If you are a California resident and would like to make a request, please submit your request in writing to us using the contact information provided below.
Your Rights
We recognize, under the EU-U.S. Privacy Shield, the Swiss-U.S. Privacy Shield, CCPA, and GDPR, that you have certain rights in regards to your Personal Information. We feel that your privacy and ability to preserve and exercise your rights is very important. You are encouraged to review and understand these rights as they pertain to you and your Personal Information. In certain circumstances, these rights include, but are not limited to:
- Right to be Informed: This means we have to tell you why we process your Personal Information, our retention periods, and who it will be shared with.
- Right of Access: This means we have to provide you with a copy of your Personal Information we process upon your request.
- Right to Rectification: This allows you to have inaccurate Personal Information rectified, or completed if it is incomplete.
- Right to Erasure: This allows you to have your Personal Information erased.
- Right to Restrict Processing: This means you can limit the way we use their data.
- Right to Data Portability: This allows you to receive a copy of your Personal Information in a structured, commonly used and machine-readable format and gives you the right to transmit those data to another controller without hindrance.
- Right to Object: This allows you to object to the processing of your Personal Information at any time.
- Right to Non-Discrimination: The CCPA prohibits covered businesses from discriminating against consumers for exercising their CCPA rights. This means we cannot charge a different price, deny access to our products, or impose penalties for exercising your rights under the CCPA.
- Right to Withdraw Consent: This means you can withdraw your consent at any time.
In support of these rights, you may exercise any of the above rights, with respect to your Personal Information. You may update, correct or delete your Personal Information; if you wish to delete or suspend your account, please note that we may retain certain information as required by law or for legitimate business purposes. If you have become aware that an account has been created about you without your knowledge or consent, you may contact us to request deletion of that said account. You may contact us by emailing privacy@pomerium.com
For your protection, we may only respond with the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will respond to your request within 30 days.
CANDIDATES
We also provide the ability to submit job applications to our open job listings. To appropriately respond to your application, we need to collect and process your provided Personal Information, which may also be carried out electronically. If we begin an employment contract with you, your submitted application data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. We maintain your Personal Information for the period of time necessary to carry out our legitimate business interests and according to applicable laws. For information about specific retention periods, please contact us at privacy@pomerium.com
CHANGES TO THIS POLICY
If we make material changes to this Policy, we will revise the “Last Updated” date at the top of this Policy, and in some cases, we may provide you with more prominent notice (such as adding a statement to our homepage or sending you an email notification). Any changes or modifications will be effective immediately upon posting of the updated Privacy Policy, and you waive the right to receive specific notice of such changes or modifications.
We encourage you to review the Policy whenever you access the Websites to stay informed about our information practices and the ways you can help protect your privacy. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes to the Privacy Policy by your continued use of the Websites after the date such Policy is posted.
CONTACT US
For any and all privacy-related matters, questions or comments, or to exercise a right under the GDPR, Privacy Shield, or the CCPA, you may contact us in writing or by email. Our contact information is as follow:
Pomerium, Inc.
℅ Security and Privacy Office
215 S. Highway 101, Suite 117 Solana Beach,
CA 92075 , United States
Email: privacy@pomerium.com
EU or Swiss residents with inquiries or complaints regarding this Privacy Policy should first contact Pomerium at privacy@pomerium.com. Please allow a reasonable amount of time to respond to your request. If you do not receive timely acknowledgement of your complaint, or if your complaint is not addressed by Pomerium, you may contact our U.S.-based alternative dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
If these processes do not result in a resolution, you may then contact your local data protection authority, the U.S. Department of Commerce, and/or the Federal Trade Commission for assistance. Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted and upon written notice to Pomerium at privacy@pomerium.com.
