Privacy Policy

Effective as of April, 30 2017.

Privacy Shield Exclusion

While FortMesa takes data privacy seriously, we are presently focused on providing domestic customers with the best information security process automation we can. As of today we have not formally evaluated our products and services for compliance with the EU-U.S. Privacy Shield Framework or the Privacy Shield Principles. If you are in the EU, EU Economic Area, or Switzerland and are interested in our process based approach to information security management contact our compliance office.

Introduction

What is this?

Our Privacy Policy explains what information FortMesa, Inc. (“FortMesa”) collects about you and your organization, what this information is used for, and the circumstances under which we share it. For the purposes of this Privacy Policy it should be understood that when we say “your” or “you” we are referring herein to both the individual user and the customer organizational entity. Also, the data we collect includes not only data entered into our website or application by our users, but also data collected or inferred through the use of our software platform. Further, we outline any choices you may have in terms of how your information is utilized, accessed or updated.

Scope of this Policy

This privacy policy applies to all FortMesa web properties or software products however it specifically exempts any data sent to third-party FortMesa Marketplace partners at your request and on your behalf.

What We Collect

Organizational Information

We collect the physical address and the legal name as well administrative contact information for all customer to ensure we can establish ownership of each security scope dataset.

Personal Information

We collect individual user names, email addresses, and phone numbers both for contact purposes, but also to establish identities required for authentication, authorization, and accounting. We may also collect other metadata related to the access of our services such as but not limited to device identifiers, usage and access logs, IP addresses, and geo-location data.

Security Engineering Metadata (“Customer Data or Content”)

In the course of providing your organization with information security related services it will be necessary to collect metadata and other information on various elements of your information infrastructure. Things we collect for this purpose include but are not limited to asset names, system owners, network addresses, account names, and software versions. We will also ask you to detail configuration-level information about various assets which may include additional PII such as the user names of configured system access accounts. In some cases we will ask you to input data manually, in other cases we will provide you with various levels of automated data ingestion.

Other Information

We may also collect information about you in other ways. Examples include but are not limited to phone-call records, emails, other text messaging protocols, shared documents, or support requests.

Our Cookie Policy

Our applications use cookies or other identifying technologies to authenticate, authorize, account and audit access to our services. We may also utilize third party cookies or identifiers to perform the same AAA functions.

Information Usage

We only use and access the information we collect only in the following ways:

  • Through the course of and as required by the use of our product.
  • In order to develop new products or product enhancements.
  • To support or troubleshoot usage of our products.
  • For account management or billing purposes.
  • To communicate with you regarding your usage of the service.
  • To market to you (but not to pass on to third party marketers for their purposes).
  • For investigative or forensic purposes.

Our usage of de-identified or aggregated data is not subject to the limits placed herein.

Disclosure and Information Sharing

Customer Initiated Sharing

At times our customers may choose to share data with our third-party FortMesa Marketplace partners. Customers may also choose to share information collected by FortMesa in other ways. Third parties may also choose to share data collected by FortMesa and provided to them at the request of the customer. This policy does not attempt to restrict what information third parties or customer entities decide to share.

FortMesa Business Processes

FortMesa may share customer information with third parties for any of the purposes identified herein. Examples of such information sharing include but are not limited to email services, customer support and payment processing.

Other Sharing

Business Planning

Through the course of changes to our business structure it may be necessary to share your information. Examples include but are not limited to due diligence related to sale of the company or its assets, dissolution, bankruptcy or reorganization. We may also disclose customer information through the course of obtaining financing.

Compliance

We will comply with all legal or regulatory requirements. We will also respond to any lawful requests or orders.

Enforcement, Safety & Fraud

It may be necessary to share information in order to protect, defend or otherwise assert our rights. Further, information may be shared to investigate or prevent fraudulent activities or to preserve the safety of an organization or individual.

Changes

This policy may change from time to time, such changes will be posted at https://fortmesa.com/privacy and may have immediate effect. By using our services you agree to any such changes or revisions.

Contact

If you have questions about this policy or anything else feel free to send us an email or see our contact page: https://fortmesa.com/contact.