Privacy Policy

Please read this policy carefully before using our website or the Services (as defined under the Terms of Service).

This privacy policy (the “Policy”) aims to give you information on how OX collects and processes your personal data through your use of this website, including any data you may provide through this website or use or purchase the Services.

This Policy will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you. It applies to those visiting our website www.ox.security or using the Services (together, the “Platform”).

For the purpose of the relevant data protection legislation, the data controller is OX Appsec Security Ltd. (“OX”, “us”, “our” or “we”).

Please note that this Policy does not apply to, or limit, our use or disclosure of non-personal information (i.e. information which is not relevant to you or able to identify you) we may collect from you via your use of the Platform.

Information we collect about you, what we use it for and who we collect it from

Specific personal information we collect	Sources of personal information	Why is the personal information collected and for what purposes?	Legal Basis (As applicable, for GDPR Purposes)	Retention Period	Consequences of not providing the data
When you browse or visit the Platform
Data collected through cookies, analytic tools and log files	This information is collected automatically from you through your use of the Platform We may receive information from the third-party authentication provider about you, including your GitHub, Bitbucket, Google, or Docker username and your email address. We are also working closely with other third parties and may receive information about you from them.	To review and improve the usage and operations of our Platform To analyze trends To administer the Platform To track users’ movement around the website and Services	Legitimate interest (e.g. necessary cookies)	In each case, as necessary for the purpose of each cookie.	Certain non-essential features may not be available
When you make use of or interact with the Platform
When you create an account and sign in
Full name Email address Username	We collect this information directly from you	In order to allow you to sign in to your account. In order to grant you access to our platform. In order to personalize your experience.	The processing is necessary for a contract we have with you. Legitimate interest (in order to personalize your experience)	We will employ reasonable efforts to delete your information 30 days from termination of your engagement with OX.	Cannot allow you to sign in to your account. Cannot grant you access to our platform. Cannot personalize your experience.
When you chat with our chatbot
Any information you choose to share with us	We collect this information directly from you	In order to answer your questions and provide our chatbot to you.	Legitimate interest (in order to answer your requests)	Until we no longer need the information and proactively delete it, or you send a valid deletion request.	Cannot answer your questions and/or provide you with support.
When you submit a “Book a Demo” form
Full name Email address Telephone number Country Any other information you choose to share with us	We collect this information directly from you	In order to answer your request to “get started”. To provide relevant subscription options. To send marketing communications	In order to take steps to enter into a contract with you. Legitimate interest (in order to answer your request to “get started”) Consent (where required)	Until we no longer need the information and proactively delete it, or you send a valid deletion request.	Cannot answer your request to “get started”. Cannot send you marketing communications.
When you subscribe to our distribution list(s)/ newsletter(s)/ blog(s)
Full name Email address Company name Telephone number Any other data you decide to provide us with	We collect this information directly from you We are also working closely with other third parties and may receive information about you from them.	To add you to our mailing list To send newsletters or other marketing communications.	Consent (where required)	Until we no longer need the information and proactively delete it, or you send a valid deletion request.	Cannot add you to our mailing list Cannot send you marketing communications
When we process your job application
Full name Email address Phone number Resume Any other information you choose to share with us	We collect this information directly from you	To process your job application To assess you as a candidate	In order to take specific steps before entering into a contract with you.	Depending on the context, until we no longer need the information and proactively delete it, or you send a valid deletion request, or up to 7 years.	Cannot process your job application Cannot assess your suitability as a candidate
When you contact us
Full name Email Any other data you decide to provide us with	We collect this information directly from you	To respond to your query To communicate with you To provide you with support To analyze your experience with OX To send you marketing communications	Legitimate interest (in order to answer your query) Consent (where required)	Until we no longer need the information and proactively delete it, or you send a valid deletion request.	Cannot respond to your query Cannot communicate with you Cannot provide support Cannot analyze your experience with OX Cannot send you marketing communications
When you attend a marketing event and /or we exchange business cards and you provide us with your personal information
Email address Full name Phone number Company Job title Any other information you choose to share with us	We collect this information directly from you	To establish a business connection To send marketing communications	Consent (where required)	Until we no longer need the information and proactively delete it, or you send a valid deletion request.	Cannot establish a business connection Cannot send you marketing communications
When we use the personal information of our customers (e.g. contact details)
Email address Full name Phone number Company name Job title Payment information Any other information you choose to share with us Any other information you already agreed for us to collect	We collect this information directly from you	To provide our services To perform the applicable agreement To communicate with our customers	The processing is necessary for a contract we have with you. Legitimate interest (the processing is necessary for a contract that we have with your employer).	Until we no longer need the information and proactively delete it, or you send a valid deletion request.	Cannot provide our services Cannot perform the agreement Cannot communicate with you
When we use the personal information of our service providers (e.g. contact details)
Email address Full name Phone number Company Job title Any other information you choose to share with us	We collect this information directly from you	To provide our services To perform the applicable agreement To communicate with our service providers, suppliers and developers	The processing is necessary for a contract we have with you. Legitimate interest (the processing is necessary for a contract that we have with your employer).	Until we no longer need the information and proactively delete it, or you send a valid deletion request.	Cannot provide our services Cannot perform the applicable agreement Cannot communicate with our service providers, suppliers and developers
When you interact with us on our social media profiles (e.g., Linkedin)
Full name Email address Any other data you decide to provide/supply	We collect this information directly from you	To reply to your request or question	Legitimate interest (in order to respond to your question).	Until we no longer need the information and proactively delete it, or you send a valid deletion request.	Cannot reply or respond to your request

In certain cases, we may or will anonymize or de-identify your Information and further use it for internal and external purposes, including, without limitation, to analyze and improve OX services (including through the use of artificial intelligence) and for research purposes. We may use this anonymous or de-identified information and/or disclose it to third parties without restrictions (for example, in order to improve our services and enhance your experience with them and/or to develop new product features and improve existing offerings).

Cookies

Our Platform uses cookies to distinguish you from other users of our Platform. This helps us to provide you with a good experience when you browse our Platform and also allows us to improve our Platform. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

Disclosure of your information

We may share your information with the following, selected third parties:

business partners, service providers and subcontractors for the performance of any contract we enter into with them or you;

service providers acting as processors who provide IT, customer management, recruitment administration and system administration services;

analytics and search engine providers that assist us in the improvement and optimization of our Platform.

We may disclose your personal data to certain third parties in the following circumstances:

if we have your permission to do so;

third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may access and use your personal data;

if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms applicable to the OX service and any other documents referred to in them; or to protect the rights, property, or safety of OX, our users, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Where we store your personal data

All information you provide to us is stored on our secure servers or those of our service providers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Platform, you are responsible for keeping this password confidential. Do not share a password with anyone.

We cannot guarantee the security of your data transmitted to our Platform; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorized access.

External transfers

Where we transfer your personal information outside of EU/EEA (for example to third parties who provide us with services), we will generally obtain contractual commitments from them to protect your personal information. When OX engages in such transfers of personal information, it relies on i) Adequacy Decisions as adopted by European Commission on the basis of Article 45 of Regulation (EU) 2016/679 (GDPR) (for example, when we access from Israel), ii) Standard Contractual Clauses issued by the European Commission, or iii) the recipients certification to the EU-US Data Privacy Framework and the UK Extension. OX also continually monitors the circumstances surrounding such transfers in order to ensure that these maintain, in practice, a level of protection that is essentially equivalent to the one guaranteed by the GDPR.

In order to run our business and provide our website and Services to you, we transfer personal information to certain countries around the world, including to our affiliates and service providers, many of whom are located outside of your jurisdiction. Therefore, your personal information may be processed in countries with privacy laws that are different from privacy laws in your country. Whenever we make such transfers, we will use commercially reasonable efforts to implement an appropriate level of protection to your personal information by implementing at least one of the following safeguards:

making sure the destination country has been deemed to provide an adequate level of protection for personal information; and/or
by executing implement data onward transfer instruments such as data processing and protection agreements.

Data retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of a dispute in respect to our relationship with you.

Security.

We have implemented appropriate technical, organizational and security measures designed to protect your personal information. However, please note that we cannot guarantee that the information will not be compromised as a result of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.

Your rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data.

If you wish to exercise any of the rights set out below, please contact us at legal@ox.security.

You have the right to:

Request access to your personal data.

Request correction of the personal data that we hold about you.

Request erasure of your personal data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data on the ground that you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data.

Request the transfer of your personal data to you or to a third party.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
Marketing emails – opt-out: You may choose not to receive marketing email of this type by emailing us at legal@ox.security. Please note that the email must come from the email account you wish to block OR if you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails, and we will process your request within a reasonable time after receipt.
Deleting your account: Should you ever decide to delete your account, you may do so by emailing legal@ox.security. If you terminate your account, any association between your account and personal information we store will no longer be accessible through your account. However, given the nature of sharing on certain services, any public activity on your account prior to deletion will remain stored on our servers and will remain accessible to the public.

No fee usually required

You will not have to pay a fee to access your personal data or to exercise any of the other rights, provided that such requests are not clearly unfounded, repetitive or excessive.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights.

Time limit to respond

We generally respond to all legitimate requests within one month. In the event could take longer, we will notify you and keep you updated.

Third party platforms

Our Platform may, from time to time, contain links to and from the websites operated by third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Use by children

We do not offer our products or Services for use by children and, therefore, we do not knowingly collect information from, and/or about children under the age of 18. If you are under the age of 18, do not provide any information to us without the involvement of a parent or a guardian. In the event that we become aware that you provide information in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at legal@ox.security.

Analytics tools

Google Analytics. The website uses a tool called “Google Analytics” to collect information about use of the website. Google Analytics collects information such as how often users visit this website, what pages they visit when they do so, and what other websites they used prior to coming to this website. We use the information we get from Google Analytics to maintain and improve the website and our products. We do not combine the information collected through the use of Google Analytics with information we collect. Google’s ability to use and share information collected by Google Analytics about your visits to this website is restricted by the Google Analytics Terms of Service, available at https://marketingplatform.google.com/about/analytics/terms/us/, and the Google Privacy Policy, available at http://www.google.com/policies/privacy/. You may learn more about how Google collects and processes data specifically in connection with Google Analytics at http://www.google.com/policies/privacy/partners/. You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.

Hubspot. Some personal data may be used on Hubspot, such as support tickets and contact details.

Datadog. We use Datadog in order to better understand our user’s experience our Platform. We also use it to identify the root cause of slow load times, whether it’s an issue with the code, the network, or the infrastructure. Datadog collects information about your activity in our Platform. Datadog’s ability to use and share information collected about you is restricted by the Datadog Terms of Service, available at https://www.datadoghq.com/legal/terms/, and the Datadog privacy Policy, available at https://www.datadoghq.com/legal/privacy/.

We reserve the right to remove or add new analytic tools, cookies, pixels and other tracking technologies.

Specific provisions applicable under California privacy law

California Privacy Rights: California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of information to third parties for their direct marketing purposes. To make such a request, please send an email to legal@ox.security. Please note that we are only required to respond to one request per customer each year.

Our California Do Not Track Notice (Shine the Light): We do not currently respond or take any action with respect to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party web sites or online services. We may allow third parties, such as companies that provide us with analytics tools, to collect personally identifiable information about an individual consumer’s online activities over time and across different web sites when a consumer uses the website.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to legal@ox.security.