Privacy Policy
Effective as of April, 30 2017.Privacy Shield Exclusion
While FortMesa takes data privacy seriously, we are presently focused on providing domestic customers with the best information security process automation we can. As of today we have not formally evaluated our products and services for compliance with the EU-U.S. Privacy Shield Framework or the Privacy Shield Principles. If you are in the EU, EU Economic Area, or Switzerland and are interested in our process based approach to information security management contact our compliance office.Introduction
What is this?
Our Privacy Policy explains what information FortMesa, Inc. (“FortMesa”) collects about you and your organization, what this information is used for, and the circumstances under which we share it. For the purposes of this Privacy Policy it should be understood that when we say “your” or “you” we are referring herein to both the individual user and the customer organizational entity. Also, the data we collect includes not only data entered into our website or application by our users, but also data collected or inferred through the use of our software platform. Further, we outline any choices you may have in terms of how your information is utilized, accessed or updated.Scope of this Policy
This privacy policy applies to all FortMesa web properties or software products however it specifically exempts any data sent to third-party FortMesa Marketplace partners at your request and on your behalf.What We Collect
Organizational Information
We collect the physical address and the legal name as well administrative contact information for all customer to ensure we can establish ownership of each security scope dataset.Personal Information
We collect individual user names, email addresses, and phone numbers both for contact purposes, but also to establish identities required for authentication, authorization, and accounting. We may also collect other metadata related to the access of our services such as but not limited to device identifiers, usage and access logs, IP addresses, and geo-location data.Security Engineering Metadata (“Customer Data or Content”)
In the course of providing your organization with information security related services it will be necessary to collect metadata and other information on various elements of your information infrastructure. Things we collect for this purpose include but are not limited to asset names, system owners, network addresses, account names, and software versions. We will also ask you to detail configuration-level information about various assets which may include additional PII such as the user names of configured system access accounts. In some cases we will ask you to input data manually, in other cases we will provide you with various levels of automated data ingestion.Other Information
We may also collect information about you in other ways. Examples include but are not limited to phone-call records, emails, other text messaging protocols, shared documents, or support requests.Our Cookie Policy
Our applications use cookies or other identifying technologies to authenticate, authorize, account and audit access to our services. We may also utilize third party cookies or identifiers to perform the same AAA functions.Information Usage
We only use and access the information we collect only in the following ways:- Through the course of and as required by the use of our product.
- In order to develop new products or product enhancements.
- To support or troubleshoot usage of our products.
- For account management or billing purposes.
- To communicate with you regarding your usage of the service.
- To market to you (but not to pass on to third party marketers for their purposes).
- For investigative or forensic purposes.