Effective as of April, 30 2017.
Privacy Shield Exclusion
While FortMesa takes data privacy seriously, we are presently focused on providing domestic customers with the best information security process automation we can. As of today we have not formally evaluated our products and services for compliance with the EU-U.S. Privacy Shield Framework or the Privacy Shield Principles. If you are in the EU, EU Economic Area, or Switzerland and are interested in our process based approach to information security management contact our compliance office.
What is this?
Scope of this Policy
What We Collect
We collect the physical address and the legal name as well administrative contact information for all customer to ensure we can establish ownership of each security scope dataset.
We collect individual user names, email addresses, and phone numbers both for contact purposes, but also to establish identities required for authentication, authorization, and accounting. We may also collect other metadata related to the access of our services such as but not limited to device identifiers, usage and access logs, IP addresses, and geo-location data.
Security Engineering Metadata (“Customer Data or Content”)
In the course of providing your organization with information security related services it will be necessary to collect metadata and other information on various elements of your information infrastructure. Things we collect for this purpose include but are not limited to asset names, system owners, network addresses, account names, and software versions. We will also ask you to detail configuration-level information about various assets which may include additional PII such as the user names of configured system access accounts. In some cases we will ask you to input data manually, in other cases we will provide you with various levels of automated data ingestion.
We may also collect information about you in other ways. Examples include but are not limited to phone-call records, emails, other text messaging protocols, shared documents, or support requests.
We only use and access the information we collect only in the following ways:
- Through the course of and as required by the use of our product.
- In order to develop new products or product enhancements.
- To support or troubleshoot usage of our products.
- For account management or billing purposes.
- To communicate with you regarding your usage of the service.
- To market to you (but not to pass on to third party marketers for their purposes).
- For investigative or forensic purposes.
Our usage of de-identified or aggregated data is not subject to the limits placed herein.
Disclosure and Information Sharing
Customer Initiated Sharing
At times our customers may choose to share data with our third-party FortMesa Marketplace partners. Customers may also choose to share information collected by FortMesa in other ways. Third parties may also choose to share data collected by FortMesa and provided to them at the request of the customer. This policy does not attempt to restrict what information third parties or customer entities decide to share.
FortMesa Business Processes
FortMesa may share customer information with third parties for any of the purposes identified herein. Examples of such information sharing include but are not limited to email services, customer support and payment processing.
Through the course of changes to our business structure it may be necessary to share your information. Examples include but are not limited to due diligence related to sale of the company or its assets, dissolution, bankruptcy or reorganization. We may also disclose customer information through the course of obtaining financing.
We will comply with all legal or regulatory requirements. We will also respond to any lawful requests or orders.
Enforcement, Safety & Fraud
It may be necessary to share information in order to protect, defend or otherwise assert our rights. Further, information may be shared to investigate or prevent fraudulent activities or to preserve the safety of an organization or individual.
This policy may change from time to time, such changes will be posted at https://fortmesa.com/privacy and may have immediate effect. By using our services you agree to any such changes or revisions.