Skip to main content
Request a Demo

Privacy Policy

DATE OF LAST REVIEW: MAY 12, 2026

Definitions.

As used in this policy, the terms listed below will have the following meanings:

“Anonymous Information” means information that does not relate to an identified or identifiable natural person or to Personal Data rendered unable to identify a natural person. “Anonymized” or “Anonymization” is the process of making information anonymous.

“CAL™” or “Collective Analytics Layer” is a proprietary Threat Analysis Tool that operates with the ThreatConnect Platform and aggregates a worldwide scope of threat intelligence data and information, including OSINT, from all available sources, both internal and external to the ThreatConnect Platform, including from all users and Online Communities of any Products for which CAL is engaged.

“CAL Data” means anonymized or pseudonymized Indicators of Compromise that CAL automatically ingests and that is aggregated and co-mingled into all other data, information, and tools available on CAL to enrich the threat analysis capabilities of the ThreatConnect Platform for the benefit of all ThreatConnect users globally.

“Cloud” is a remote instantiation of the ThreatConnect Platform which is administratively controlled by ThreatConnect in a secure manner for multiple users, and for which organizational access to the account is controlled by the User. CAL and certain other vendor services (i.e., Pendo) are always active and engaged for Cloud users.

“Cookies” are small pieces of information that a website sends to your browser while you are viewing a website. We may use both session Cookies (which expire once you close your Web browser) and persistent Cookies. Our use of Cookies is subject to your consent to our Cookie Policy located here https://threatconnect.com/cookie-policy/.

“Data Protection Laws” means GDPR and any and all other laws, rules and regulations of any jurisdiction applicable to us or to our Services from time to time, as amended.

“Data Subject” means an identified or identifiable person to whom Personal Information relates.

“Dedicated Cloud” is a remote instantiation of the ThreatConnect Platform which is licensed to a single organization who possesses all administrative control of its Instance, including the creation of organizations and sub-organizations and the engagement of vendor services.

“GDPR” means the EU General Data Protection Regulation 2016/679 of the European Parliament and the European Council dated April 27, 2016 and all amendments and successors thereto.

“Instance” is a single instantiation of our cloud-based ThreatConnect Platform, which can be either a Cloud, Dedicated Cloud, or On-Premises deployment of the application.

“IOCs” or “Indicators of Compromise” are the information and technical data (e.g., IP address, domain name, hashes of malware, URLs and elements of valid or spoofed Personal Information) associated with an actual or attempted hack, intrusion, attack, release or compromise of the security of any data, network, device or information system or which may identify the existence or possible existence of any other cybersecurity threat, vulnerability or risk.

“Legitimate Interests” include, with regard to the controller or processor: (i) internal administration of the company’s business, including the management of assets, staff and business risks, (ii) direct marketing, (iii) preventing fraud or other illegal activities, (iv) ensuring network and information security, including preventing unauthorized access or damage to electronic communications networks, stopping malicious code distribution and preventing DNS attacks, (v) the establishment or defense of legal claims by the company or on behalf of a third party, and (vi) for purposes of public safety & health or other public interest, whether or not subject to action by a governmental authority.

“Online Communities” are those publicly available areas and other interactive features of the Sites or ThreatConnect Platform, such as Workspaces, user profiles, forums and message boards, with which users can share data and information for access by other users. Other than your password, your registration information (i.e., name, email address, user ID and avatar photo, if selected) will be available to all members of any Online Community or Workspace you join and to which you contribute User Shared Data.

“Personal Data” means, as defined in Article 4(1) of the GDPR, any information relating to an identified or identifiable natural person (i.e., Data Subject).

“Personal Information” means Personal Data, personally identifiable information, or any other such information that is protected under any Data Protection Laws, that is not encrypted or Anonymized.

“Processing” means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, use, transmission, dissemination, erasure or destruction.

“Products” means any or all of our proprietary threat intelligence tools or services, including TC Complete, TC Identify, TC Manage, TC Analyze, RQ, TC Exchange and CAL, and any other tools or software developed by us from time to time.

“Pseudonymization” means the processing of Personal Data such that it can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to protect against the attribution of such data to an identified or identifiable natural person. “Pseudonymized Information” is data that has undergone the process of pseudonymization.

“OSINT” or “Open Source Intelligence Feeds” means third-party products or tools that are used in or made available to users through our ThreatConnect Platform which provide cybersecurity threat, incident or adversary data, information or IOCs.

“Site” or “Sites” means the website ThreatConnect.com, including all subdomains thereof.

“Sub-Processor” means any third-party that we engage to Process Personal Information for or on behalf of you or for any other business purposes with you.

“TAP” or “ThreatConnect Authorized Personnel” means any of our employees or other authorized agents who need to know or otherwise have access to Personal Information in order for us to perform our obligations to you.

“ThreatConnect Data” means all data and information, other than User Data that is created, developed, licensed, stored, accessed and/or used in the ThreatConnect Platform (including all User Shared Data), all right, title and interest to which is held by us.

“ThreatConnect Platform” means our proprietary collaborative security operations and analytics platform that combines threat data collection, analysis, collaboration and expertise from a wide variety of sources into a single platform and is the operating platform for all of our Products and Threat Analysis Tools, including CAL.

“ThreatConnect Processing Authorities”. Our data processing is based upon performance of a contract, public interest and legitimate interests. Our collection and Processing of Personal Information in connection with your purchase, acquisition, use or license of any of our Products and Services, including use of the ThreatConnect Platform, is lawful and necessary on the basis of (i) the performance of a contract between you and us or at your request in anticipation of formation of such a contract, (ii) for the performance of a task carried out in the public interest, whether or not the subject of action by a public authority (including but not limited to the protection and enhancement of network and information security), and/or (iii) based upon our other Legitimate Interests means our respective legal bases for the collection and Processing of Personal Information.

“Threat Analysis Tools” means cyber threat-related inventions, software and information, whether proprietary to ThreatConnect or licensed by us from a Vendor and integrated into our Services.

“User Data” means a user’s Personal Information, text, documents, content, code, software, video, images, music, sound, messages, tags or other materials of any type exclusive of any ThreatConnect Data.

“User Shared Data” means any and all elements of User Data that a user uploads, submits, posts, emails, transmits or otherwise makes available to or through the use of CAL or to an Online Community, and all IOCs identified in a user’s Instance.

“Vendors” mean our suppliers and licensors which enable us to perform our Services, including our providers of (i) IP information & analytics, (ii) human resource information systems, (iii) OSINT and Threat Analysis Tools, and/or (iv) other security-related products or services.

“You,” “Your” or “User” means any and all authorized personnel of a client, organization, or entity which is the user account holder. Any right or obligation of an individual user may be administered by or under the authority of its employer or other account holder and the exercise of Data Subject Rights may not conflict with an individual user’s duties to its employer, including duties of confidentiality with regard to employer data.

“We,” “Us” or “Our” means ThreatConnect, Inc. including ThreatConnect, Inc., licensors and any and all ThreatConnect Authorized Personnel.

1. Introduction.

Welcome to the website of ThreatConnect, Inc., a Delaware corporation (“ThreatConnect,” “We,” “Us” or “Our”), where we provide our users (collectively, “You,” “Your” or “User”) with access to our Products, to our support services and to other resources relating to cyber security (collectively, the “Services”).

We have developed the ThreatConnect Platform, a proprietary collaborative security operations and analytics platform that combines threat data collection, analysis, collaboration and expertise from a wide variety of sources into a single platform. Our platform provides software, information and tools to detect, track, analyze and defend against all manner of cyber threats through both on-premises and remote cloud applications.

We know you are concerned about your privacy, so we have developed this Privacy Policy (“Privacy Policy”) to explain and secure your consent to how we collect, use and disclose information about you. This policy also explains when and how we may transfer that data to third parties for specifically identified purposes. We also explain your right to exercise certain data privacy rights that are granted under this policy or under applicable law and when those rights may not apply.

1.1 Web Site Owner. ThreatConnect is the owner of this web site (“https://threatconnect.com”). ThreatConnect can be contacted by mail at 3865 Wilson Blvd, Arlington, Virginia 22203, by phone at (703) 229-4240, or by e-mail at privacy@threatconnect.com.

1.2 Web Site Visits. We are committed to safeguarding the privacy of all visitors to this Site and any other Sites operated by us (collectively, the “Sites”) as well as online users of our Products and Services in accordance with applicable law. What that means is:

WE DO NOT TRACK OR PROFILE OUR SITE VISITORS OR USERS OF OUR SERVICES FOR ANY PURPOSE OTHER THAN FOR THE MARKETING, PERFORMANCE AND DELIVERY OF OUR SERVICES;

WE DO NOT SHARE ANY PERSONAL DATA WITH THIRD PARTIES FOR THEIR TRACKING OR PROFILING OF OUR USERS OR FOR THE MARKETING OF THEIR OWN PRODUCTS OR SERVICES; AND1.3 Children. The Sites are not intended for nor directed to children and children are not eligible to use our Services. Protecting the privacy of children is very important to us. We do not collect or maintain Personal Information from people we actually know are under 13 years of age, and no part of our Sites or Services is designed to attract people under 13 years of age. If we later learn that a user is under 13 years of age, we will take steps to remove that user’s Personal Information from our databases and prevent the user from utilizing the Sites and the Services.

1.3 Children. The Sites are not intended for nor directed to children and children are not eligible to use our Services. Protecting the privacy of children is very important to us. We do not collect or maintain Personal Information from people we actually know are under 13 years of age, and no part of our Sites or Services is designed to attract people under 13 years of age. If we later learn that a user is under 13 years of age, we will take steps to remove that user’s Personal Information from our databases and prevent the user from utilizing the Sites and the Services.

2. Personal Information That May Be Collected.

2.1 Sources of Personal Data. Our means and methods of collecting Personal Information include:

  • We collect Personal Information that you submit to us voluntarily, including when you register an account and when you use our Sites and/or any of our Services;
  • Each time you request information from us or communicate with us through our Sites, register or attend an event or webinar, participate in telephonic communications with us or by sending us an email, we may collect and store any information that is contained in or otherwise associated with your communications, including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and other technology on the devices you use to access our Sites;
  • We use Cookies and navigational data like Uniform Resource Locators (URLs) to gather information regarding the date and time of your visit and the solutions and information for which you searched and viewed;
  • We use a third-party service to track and analyze Anonymous Information from users of our Sites such as statistical or demographic data and those third parties may use Cookies to help track user behavior however those third parties may not use such data for any other purpose than our own Services or for any third party.
  • We may receive Personal Information about you from various third parties and public sources, including from data analytics providers and our social media pages;

2.2 Links to Other Websites. The ThreatConnect Web site may contain links to other websites. ThreatConnect is not responsible for the privacy practices or the content of those other Web sites. If you click on a link or web application and are directed to a site other than our Sites, please refer to the privacy policy governing that site or Web application.

3. How We Process Your Information.

3.1 Purpose. We use all Personal Information collected or received by us for purposes of the performance of this policy, including the development, delivery and performance of our Products and Services.

3.2 Purposes Defined

Purpose of ProcessingLawful Basis
To Process your requests and provide you with access to our Services and customer support, including administering your accountLegitimate interests; Contract; Legal obligations
To market our Products and Services to you, including through your subscriptions to our email notifications and/or newslettersConsent (where required by law); Legitimate interests
To sell the products or services of third parties we believe may be of interest to you, subject to your opportunity to opt-out of those communicationsConsent (where required by law); Legitimate interests
To respond to your requests and questions, resolve disputes and/or troubleshoot problems with our Services
Legitimate interests; Contract; Legal obligations
To improve the quality of and communicate with you about our Sites and ServicesConsent (where required by law); Legitimate interests
To process information relating to transactions that you enter into with us, including your purchases of our Products and Services or other goods and services available through our SitesLegitimate interests; Contract; Legal obligations
To create Anonymized Information, Pseudonymized Information or CAL Data by removing or otherwise processing personally identifiable information.Legitimate interests
We may also Process your Personal Information where necessary for the exercise of our ThreatConnect Processing Authorities, including the establishment, exercise or defense of legal claims, the exercise of our Legitimate Interests or any other rights, duties or obligations that we may hold under applicable law.Legal obligations; Contract
Disclosure to Governmental Authorities. ThreatConnect may release Personal Information to appropriate governmental authorities where release is required by law (for example, a subpoena) or by a regulation, or is requested by a government agency conducting investigations or proceedings.Legal obligations
Stored Information Uses. ThreatConnect stores and retains the information provided by customers OR the information entered on the ThreatConnect Web site. Stored information is used by ThreatConnect to support customer interaction with the ThreatConnect Web site; to deliver customer purchases; and/or to contact customers again about other ThreatConnect services and products.Legitimate interests; Contract
Within Corporate Organization. ThreatConnect is a globally operated organization, with legal entities, business processes, management structures, and technical systems that cross borders. ThreatConnect may share your Personal Information within the ThreatConnect corporate organization and may transfer the information to countries in the world where ThreatConnect conducts business. Some countries may provide less legal protection for customer Personal InformationLegitimate interests
Mergers and Acquisitions. Circumstances may arise where for business reasons, ThreatConnect decides to sell, buy, merge or otherwise reorganize its businesses in the United States or some other country. Such a transaction may involve the disclosure of personal identifying information to prospective or actual purchasers, and/or receiving such information from sellers. It is ThreatConnect’s practice to seek appropriate protection for information in these types of transactionsLegal obligations; Contract
Use of Web Beacon Technologies. ThreatConnect may also use Web Beacon or other technologies to better tailor its Web site(s) to provide better customer service. If these technologies are in use, when a visitor accesses these pages of the Web site, a non-identifiable notice of that visit is generated which may be processed by ThreatConnect or by its suppliers. Web beacons usually work in conjunction with Cookies. If customer does not want cookie information to be associated with customer’s visits to these pages, customer can set its browser to turn off Cookies; however, Web beacon and other technologies will still detect visits to these pages, but the notices they generate cannot be associated with other non-identifiable Cookie information and are disregardedLegitimate interests

3.3 Collection of Non-Identifiable Information. ThreatConnect may collect non-identifiable information from user visits to the ThreatConnect Web site(s) in order to provide better customer service. Examples of such collecting include: traffic analysis, such as tracking of the domains from which users visit, or tracking numbers of visitors; measuring visitor activity on ThreatConnect Web site(s); Web site and system administration; user analysis; and business decision making. Such information is sometimes known as “clickstream data.” ThreatConnect or its contractors may use this data to analyze trends and statistics.

4. Providing Your Personal Data to Others.

4.1 We may disclose your Personal Information to our Sub-Processors, Vendors and ThreatConnect Authorized Personnel only if and to the extent necessary for the purposes of this policy, including the exercise of our ThreatConnect Processing Authorities. We will ensure the reliability and training of all ThreatConnect Authorized Personnel as to the confidential nature of all Personal Information and will ensure that they have either executed confidentiality agreements or are otherwise subject to equivalent duties of confidentiality with regard thereto. 

4.2 We will limit access to Personal Information to only authorized Sub-Processors and Vendors who have executed confidentiality agreements or are otherwise subject to confidentiality obligations with regard to the Processing of Personal Information (including, when appropriate, the execution of data processing agreements).

4.3 We may disclose your Personal Information to our insurers and/or professional advisers if and to the extent necessary for obtaining or maintaining insurance coverage, managing risks, obtaining professional advice or the establishment or defense of legal claims.

4.4 Financial transactions relating to our Site and Services may be handled by our payment services providers (e.g., banks, credit card companies, etc.). We will share transaction data with our payment services providers only to the extent necessary for purposes of processing payments or refunds or resolving issues relating thereto and only when they are subject to appropriate Data Protection Laws.

4.5 We may also disclose your Personal Information when necessary for compliance with a legal obligation to which we are subject, in order to protect your vital interests or the vital interests of another natural person or where disclosure is necessary for the establishment or defense of legal claims or other exercise of our ThreatConnect Processing Authorities.

5. International Transfers of Your Personal Information.

5.1 Your Personal Information may be transferred to countries outside the European Economic Area (EEA), to (i) our offices or facilities in the United States or in other countries, (ii) to one of our Sub-Processors (e.g., Amazon Web Services or other data hosting providers); and/or (iii) to one or more of our Vendors.

5.1.1 Purpose of International Data Transfer:

To provide our services and/or products to our customers

To provide support and maintenance of our products and services – This will include, but is not limited to the access of data residing in the EEA, Switzerland, and the U.K. by United States based ThreatConnect personnel to maintain our contractual obligations to our customers.

To collaborate with our customers

To comply with our legal obligations

5.1.2 Legal Basis for International Data Transfer:

Contractual necessity: Transfers necessary for product and/or service delivery to our customers

Legitimate interests: Transfers based on our legitimate interests, provided they are not overridden by individual’s rights and interests

Legal Obligations: Transfers to comply with applicable laws and regulations

5.2 Transfers of your Personal Information in all such cases will be protected by appropriate security and privacy safeguards.

Standard Contractual Clauses (SCCs): We rely on SCCs approved by the European Commission as the primary legal mechanism for transfers of Personal Information from the EEA, Switzerland, and the United Kingdom to the United States and other third countries.

5.3 You acknowledge that any and all User Shared Data or other User Data access by or through the use of CAL may be accessed, available or used throughout the world, in Anonymized, Pseudonymized or other processed form, that identification and recovery of such data is lost and that access of such data by others cannot be tracked, discovered or restricted.

6. Information Security.

6.1 Commitment to Online Security. ThreatConnect employs physical, electronic and managerial procedures to safeguard the security and integrity of Personal Information. Billing and payment data is encrypted whenever transmitted or received online. Personal Information is accessible only by staff designated to handle online requests or complaints. All ThreatConnect agents and contractors with access to Personal Information on the ThreatConnect web site(s) or products, are also bound to adhere to ThreatConnect security standards.

ThreatConnect intends to protect customer Personal Information and to maintain its quality. To achieve information security and quality, ThreatConnect implements appropriate measures and processes, such as using encryption when transmitting certain sensitive information.

7. Privacy Policy Changes.

7.1 Changes to Privacy Policy.

ThreatConnect reserves the right to change OR update its privacy policy statement at any time.

8. Access Rights to Data.

8.1 Summary. This section summarizes your rights with regard to your Personal Data under certain Data Protection Laws (“Data Subject Rights”). These rights are complex and not all relevant details are included here. You should read the relevant laws and the available guidance from the relevant regulatory authorities and review recent cases interpreting those requirements in order to fully understand the scope and applicability of these Data Subject Rights.

8.2 When Data Rights Do Not Apply

These Data Subject Rights only apply to the extent that the Personal Data retains its character as Personal Data. Even then, certain Data Subject Rights are overridden by the legal basis upon which the Processing occurs. These Data Subject Rights do not apply to the extent that the Personal Data under consideration is governed by our Legitimate Interests.

8.3 Data Subject Rights Described

Your principal rights to Personal Data include, when and as applicable, the following. The following is a general statement of potential Data Subject Rights and does not imply that all such rights exist in all cases or as to all users. If you wish to exercise any of these rights, please contact us at privacy@threatconnect.com:

The Right of Access — You have a right to have access to the Personal Data we hold about you and to verify that we are using your Personal Data lawfully. If asked, we will provide confirmation of what Personal Data we hold, together with certain additional information such as the purposes of the Processing, the categories of Personal Data concerned and the recipients of the Personal Data. Provided that our rights and interests or the rights and interests of others are not affected, we will supply you with a copy of your Personal Data or inform you of the rights you may have with regard thereto.

The Right of Rectification — You have the right to have any Personal Data held about you which is inaccurate to be rectified and, taking into account the purposes of the Processing, to have any incomplete personal data about you completed.

The Right to Erasure (Right to be Forgotten) — In some circumstances you have the right to the erasure of your Personal Data. Those circumstances include when (i) the Personal Data is no longer necessary in relation to the purposes for which it was collected or processed; (ii) you withdraw consent to consent-based Processing such as marketing; (iii) you object to Processing and a balance of your rights against Legitimate Interests weighs in your favor, and/or (iv) the Processing is unlawful. However, there are exclusions of the right to erasure, including where Processing is necessary for compliance with Legitimate Interests which override the right to erasure.

The Right to Restrict Processing — In some circumstances you have the right to restrict the Processing of your Personal Data. Those circumstances include when you (i) accurately contest the accuracy of the Personal Data; (ii) Processing is unlawful but you oppose erasure of it; (iii) we no longer need the Personal Data for the purposes of our Processing, and (iv) you have objected to Processing but our verification of your objection is still pending. Where Processing has been restricted on this basis, we may continue to store your Personal Data but will only Process it with your consent, for our Legitimate Interests or upon governmental order or request.

The Right to Object to Processing — You have a right to object, in certain circumstances, to our Processing of your Personal Data. Among other grounds, you may object to our Processing of your Personal Data if we do not honor your rightful withdrawal of consent-based Processing or when you disagree with our assertion of Legitimate Interests. In such a case, we will no longer Process the applicable Personal Data unless we can demonstrate compelling Legitimate Interests for such Processing which override your Data Rights. But if you do object to our Processing, we will seek to accommodate your request to the extent practicable.

The Right to Data Portability — To the extent that the legal basis for our Processing of your Personal Data is (i) your consent; or (ii) the Processing is necessary for the performance of a contract and such Processing is carried out by automated means, you have the right to receive your Personal Data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it is outweighed by our Legitimate Interests or when it would adversely affect the rights or interests of others.

The Right to Complain to a Supervisory Authority — If you believe that our Processing of your Personal Data violates GDPR, you have a legal right to lodge a complaint with a Supervisory Authority responsible for data protection in the EU member state of your residence, your place of work or the place of the alleged violation. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.

The Right to Withdraw Consent — To the extent that our Processing of your Personal Data is based solely upon your consent, you have the right to withdraw such consent at any time, which will terminate such Processing. A withdrawal of your consent does not affect the lawfulness of any Processing based on consent before our receipt of your withdrawal of consent.Right to Opt-Out of Automated Decision-Making — You have the right to opt-out of automated decision-making processes that affect you. If you choose to exercise this right, our systems will not use automated processes to make decisions about you, and we will seek alternative methods that do not solely rely on automated processing.

9. Legal Bases for Our Processing of Personal Information.

9.1 Lawful Basis for Processing. As provided in Article 6 of GDPR, Processing is lawful only if and to the extent that at least one of the following justifications applies:

  1. The Data Subject has given consent to the Processing of his or her Personal Data for one or more specific purposes;
  2. Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;
  3. Processing is necessary for compliance with a legal obligation to which the controller is subject;
  4. Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  5. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
  6. Processing is necessary for the purposes of the Legitimate Interests pursued by the controller or by a third party, except where a balancing of such Legitimate Interests is overridden by the interests or fundamental rights and freedoms of the Data Subject.

9.2 Legitimate Interests. Under Article 11 of GDPR, if the purposes for which a controller processes Personal Data do not require the identification of a Data Subject, the controller shall not be obliged to maintain, acquire or process additional information in order to identify the Data Subject solely to comply with GDPR. Also, Data Subject Rights as set forth in Articles 15-20 of the GDPR do not apply unless the controller actually receives additional information that enables the Data Subject to be identified. This provision is further support for our Processing of Personal Information in Threat Analysis Tools, OSINT and CAL, which may contain inadvertent, incidental or unassociated elements of Personal Information of Data Subjects.9.3 Processing Based Upon Consent. Our collection and Processing of Personal Data associated solely with (i) your visitation to our Sites, without the purchase or preparation for purchase of any Products or Services, or (ii) for our own marketing purposes is your voluntary, informed consent.

10. Supplemental Information for California Residents

10.1 You have the right under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), and certain other privacy and Data Protection Laws, as applicable, to exercise free of charge:

Disclosure of Personal Information We Collect About YouYou have the right to know, and request disclosure of: the categories of Personal Information we have collected about you, including sensitive Personal Information; the categories of sources from which the Personal Information is collected; the categories of third parties to whom we disclose Personal Information, if any; and the specific pieces of Personal Information we have collected about you.
Disclosure of Personal Information Sold, Shared, or Disclosed for a Business PurposeYou have the right to know the categories of Personal Information about you that we sold or shared and the categories of third parties to whom it was sold or shared, and the categories disclosed for a business purpose. You have the right to opt-out of the sale or sharing of your Personal Information. To opt-out, please email privacy@threatconnect.com.
Right to Limit Use of Sensitive Personal InformationYou have the right to limit the use and disclosure of your sensitive Personal Information to the purposes necessary to perform the services or provide the goods reasonably expected by an average consumer.
Right to DeletionSubject to certain exceptions, on receipt of a verifiable request from you, we will delete your Personal Information from our records and direct third parties to whom we have shared it to do the same, unless this proves impossible or involves disproportionate effort.
Right of CorrectionIf we maintain inaccurate Personal Information about you, you have the right to request that we correct it. Upon receipt of a verifiable request, we will use commercially reasonable efforts to correct the inaccurate information.
Protection Against RetaliationYou have the right not to be retaliated against for exercising any of your rights under CCPA/CPRA.

11. Accountability.

11.1 Terms of Use

If a customer chooses to enter into a purchase order OR to subscribe to ThreatConnect’s services, customer’s action is hereby deemed acceptance of ThreatConnect practices described in this policy statement. Any dispute over privacy between customer and ThreatConnect is subject to the provisions of this notice.

11.2 Questions, Problems and Complaints

If you have a question about this policy statement, or a complaint about ThreatConnect compliance with this privacy policy, you may contact ThreatConnect by email: privacy@threatconnect.com.