Privacy Policy

Last Updated:

February 24, 2025

DREADNODE PRIVACY NOTICE

Last Updated: February 25, 2025

This Privacy Notice applies to the processing of personal information by Dreadnode Inc. (“Dreadnode,” “we,” “us,” or “our”) including on our website available at www.dreadnode.io and our other online or offline offerings which link to, or are otherwise subject to, this Privacy Notice (collectively, the “Services”).

Global Scope: Dreadnode is a global company headquartered in the United States. Many of our IT and other functions are administered centrally by Dreadnode in the United States and any information that you provide or we collect may be transmitted to a country other than your country of residence for processing or storage, and it may also be communicated to third parties hired by us to provide services such as website hosting, database management, or analytics. By using our Services, you consent to the collection, use, storage, and processing of your personal information in the United States and in any country to which we may transfer your personal information in the course of our business operations. For more information, please see International Transfers of Personal Information. For information on our processing of personal information subject to applicable European Union or United Kingdom laws, please see our Supplemental European Union and United Kingdom Privacy Notice.

UPDATES TO THIS PRIVACY NOTICE
PERSONAL INFORMATION WE COLLECT
HOW WE USE PERSONAL INFORMATION
HOW WE DISCLOSE PERSONAL INFORMATION
YOUR PRIVACY CHOICES AND RIGHTS
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
RETENTION OF PERSONAL INFORMATION
SUPPLEMENTAL EUROPEAN UNION AND UNITED KINGDOM PRIVACY NOTICE
CHILDREN’S PERSONAL INFORMATION
THIRD-PARTY WEBSITES/APPLICATIONS
CONTACT US

1. UPDATES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Privacy Notice on our website, and/or we may also send other communications.

2. PERSONAL INFORMATION WE COLLECT

We collect personal information that you provide to us, personal information we collect automatically when you use the Services, and personal information from third-party sources, as described below.‍

2A. Personal Information You Provide to Us Directly

We may collect personal information that you provide to us.

Account Information. We may collect personal information in connection with the creation or administration of your account. This personal information may include, but is not limited to, your name, email address, phone number, and other information you store with your account.

Purchases. We may collect personal information and details associated with your purchases, including payment information. Any payments made via our Services are processed by third-party payment processors. We do not directly collect or store any payment card information entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details).

Your Communications with Us. We, and our service providers, may collect the information you communicate to us, such as through email or our web chat tool.

Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.

Interactive Features. We and others who use our Services may collect personal information that you submit or make available through our interactive features (e.g., messaging features, commenting functionalities, forums, blogs, and social media pages). Any information you provide using the public sharing features of the Services will be considered “public.”

Sweepstakes or Contests. We may collect personal information you provide for any sweepstakes or contests that we offer. In some jurisdictions, we are required to publicly share information of sweepstakes and contest winners.

Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, and other events.
Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
Job Applications. If you apply for a job with us, we will collect any personal information you provide in connection with your application, such as your contact information, professional and educational history, and CV.

2B. Personal Information Collected Automatically

We may collect personal information automatically when you use the Services.

Device Information. We may collect personal information about your device, such as your Internet protocol (IP) address, user settings, cookie identifiers, other unique identifiers, browser or device information, Internet service provider, and location information (including, as applicable, approximate location derived from IP address and precise geo-location information).

Usage Information. We may collect personal information about your use of the Services, such as the pages that you visit, items that you search for, the types of content you interact with, information about the links you click, the frequency and duration of your activities, and other information about how you use the Services.

Cookie Notice (and Other Technologies). We, as well as third parties, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect personal information through your use of the Services.

Cookies. Cookies are small text files stored in device browsers.

Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects personal information about use of or engagement with the Services. The use of a pixel tag allows us to record, for example, that a user has visited, a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.

See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.

2C. Personal Information Collected from Third Parties

We may collect personal information about you from third parties. For example, if you access the Services using a Third-Party Service (defined below), we may collect personal information about you from that Third-Party Service that you have made available via your privacy settings. In addition, users of the Services may upload or otherwise provide personal information about others.

3. HOW WE USE PERSONAL INFORMATION

We use personal information for a variety of business purposes, including to provide the Services, for administrative purposes, and to provide you with marketing materials, as described below. ‍

3A. Provide the Services

We use personal information to fulfill our contract with you and provide the Services, such as:

Managing your information;
Providing access to certain areas, functionalities, and features of the Services;
Answering requests for support;
Communicating with you;
Sharing personal information with third parties as needed to provide the Services;
Processing your financial information and other payment methods for products and Services purchased;
Processing applications if you apply for a job we post on our Services; and
Allowing you to register for events.

EU/UK GDPR Lawful Bases: If the EU GDPR or the UK GDPR applies to our processing of personal information under this section, our lawful bases may include performance of a contract, legitimate interest, consent, and/or compliance with legal obligations.

3B. Administrative Purposes

We use personal information for various administrative purposes, such as:

Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
Carrying out analytics;
Measuring interest and engagement in the Services;
Improving, upgrading, or enhancing the Services;
Developing new products and services;
Creating de-identified and/or aggregated information. If we create or receive de-identified information, we will not attempt to reidentify such information, unless permitted by, or required to comply with, applicable laws;
Ensuring internal quality control and safety;
Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Notice;
Debugging to identify and repair errors with the Services;
Auditing relating to interactions, transactions, and other compliance activities;
Enforcing our agreements and policies; and
Carrying out activities that are required to comply with our legal obligations.

3C. Marketing

We may use personal information to tailor and provide you with marketing and other content. We may provide you with these materials as permitted by applicable law.

If you have any questions about our marketing practices, you may contact us at any time as set forth in “Contact Us” below.

EU/UK GDPR Lawful Bases: If the EU GDPR or the UK GDPR applies to our processing of personal information under this section, our lawful bases may include legitimate interest and/or consent.

3D. With Your Consent or Direction

We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information, with your consent, or as otherwise directed by you.

3E. Automated Decision Making

Dreadnode’s processing of your personal information will not result in a decision based solely on automated processing that has a legal or other similarly significant effect on you unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are permitted by law to engage in such automated decision making.

If you have questions about our automated decision making, you may contact us as set forth in “Contact Us” below.

4. HOW WE DISCLOSE PERSONAL INFORMATION

We disclose personal information to third parties for a variety of business purposes, including to provide the Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below. ‍

4A. Disclosures to Provide the Services

We may disclose any of the personal information we collect to the categories of third parties described below.

Service Providers. We may disclose personal information to third-party service providers that assist us with the provision of the Services. This may include, but is not limited to, service providers that provide us with hosting, customer service, analytics, marketing services, IT support, and related services. In addition, personal information and chat communications may be disclosed to service providers that help provide our chat features.

Other Users With Whom You Share or Interact. The Services may allow Dreadnode users to share personal information or interact with other users of the Services.

Third-Party Services With Whom You Share or Interact. The Services may link to or allow you to interface, interact, share information with, direct us to share information with, access and/or use third-party websites, applications, services, products, and technology (each a “Third-Party Service”).

Any personal information shared with a Third-Party Service will be subject to the Third-Party Service’s privacy policy. We are not responsible for the processing of personal information by Third-Party Services.

Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services.

Once your personal information is shared with our business partner, it will also be subject to our business partner’s privacy policy. We are not responsible for the processing of personal information by our business partners.

Dreadnode Customers (Authorized Users Only). In cases where you use our Services as an employee, contractor, or other authorized user of a Dreadnode customer, that customer may access information associated with your use of the Services including usage data and the contents of the communications and files associated with your account. Your personal information may also be subject to the Dreadnode customer’s privacy policy. We are not responsible for the Dreadnode customer’s processing of your personal information.

Affiliates. We may share your personal information with our corporate affiliates.

4B. Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

4C. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be disclosed, sold, or transferred as part of such a transaction.

5. YOUR PRIVACY CHOICES AND RIGHTS

Your Privacy Choices. The privacy choices you may have about your personal information are described below.

Email Communications. If you receive an unwanted email from us, you can use the unsubscribe functionality found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails. We may also send you certain non-promotional communications regarding us and the Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to this Privacy Notice).

Do Not Track signals and Global Privacy Control. Certain web browsers and other programs may transmit “do-not-track” “opt-out” signals, also called a Global Privacy Control (or “GPC”) signal (we refer to these as “GPC Signals”), to websites with which the browser communicates. In most cases you will need to change your web browser’s settings or add an application to your web browser to enable your browser to send a GPC Signal. Our websites will recognize GPC Signals for website users differently, based on the location of the user when they access our websites. For users that access our websites from U.S. states that have laws requiring recognition of GPC Signals, we will recognize and apply the GPC Signal to inactivate all of the cookies for that website, except for cookies that are necessary for the website to operate. For users from states not currently requiring recognition of the GPC Signal, our website servers may recognize and apply the GPC Signal for only advertising cookies, but will not apply the GPC Signal to functional or performance cookies.

Some web browsers incorporate other "do-not-track" (“DNT”) or similar features that signals to websites with which the browser communicates that a visitor does not want to have their online activity tracked. As of the Effective Date, not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, we along with many other digital service operators do not respond to all DNT signals. We recognize GPC signals as required under certain state privacy laws, but we do not currently recognize other DNT signals. For more information about the Global Privacy Control, please visit https://globalprivacycontrol.org.

Cookies. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, the Services may not work properly.

The online advertising industry also provides mechanisms that may allow you to opt out of receiving targeted ads from organizations that participate in self-regulatory programs. To learn more, visit the Network Advertising Initiative, the Digital Advertising Alliance, and the European Digital Advertising Alliance.

Please note you must separately opt out in each browser and on each device.

Your Privacy Rights. In accordance with applicable law, you may have the right to:

Request Access to or Portability of Your Personal Information;

Request Correction of Your Personal Information;

Request Deletion of Your Personal Information;

Request Restriction of or Object to our Processing of Your Personal Information;

Request to Opt-Out of Certain Processing Activities including, as applicable, if we process your personal information for “targeted advertising” (as “targeted advertising” is defined by applicable privacy laws), if we “sell” your personal information (as “sell” is defined by applicable privacy laws), or if we engage in “profiling” in furtherance of certain “decisions that produce legal or similarly significant effects” concerning you (as such terms are defined by applicable privacy laws); and

Withdraw Your Consent to our Processing of Your Personal Information. Please note that your withdrawal will only take effect for future processing, and will not affect the lawfulness of processing before the withdrawal.

If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.

If your personal information is subject to the applicable data protection laws of the European Economic Area or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority if you believe our processing of your personal information violates applicable law. If your personal information is subject to the applicable data protection laws of the European Economic Area, you may find the contact details of the competent authorities in the following link: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en. For the

United Kingdom, you can lodge a complaint with the Information Commissioner’s Office (ICO) by clinking here: https://ico.org.uk/make-a-complaint/.

6. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

All personal information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. These countries may or may not have adequate data protection laws as defined by the data protection authority in your country.

If we transfer personal information from the European Economic Area, Switzerland, and/or the United Kingdom to a country that does not provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.

For more information about the safeguards we use for international transfers of your personal information, please contact us as set forth below.

7. RETENTION OF PERSONAL INFORMATION

We store the personal information we collect as described in this Privacy Notice for as long as you use the Services, or as necessary to fulfill the purpose(s) for which it was collected, provide the Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.

8. SUPPLEMENTAL EUROPEAN UNION AND UNITED KINGDOM PRIVACY NOTICE

This Supplemental Notice for EU/UK GDPR only applies to our processing of personal information that is subject to the EU or UK General Data Protection Regulation.

In some cases, providing personal information may be a requirement under applicable law, a contractual requirement, or a requirement necessary to enter into a contract. If you choose not to provide personal information in cases where it is required, we will inform you of the consequences at the time of your refusal to provide the personal information.

Dreadnode’s processing of your personal information may be supported by one or more of the following lawful bases:

Performance of a Contract: Dreadnode may need to process personal information to perform the contract we have with you.
Legitimate Interest: Dreadnode may process personal information to further our legitimate interests, but only where our interests are not overridden by your interests or fundamental rights and freedoms.
Consent: In some cases, Dreadnode may also rely on your consent to process personal information.
Compliance with Legal Obligations: Dreadnode may process your personal information to comply with our legal obligations.

If we process personal information that is considered a “special category of personal data”, then our processing of this personal information may be supported by one or more of the following conditions:

Explicit Consent: You may have provided your explicit consent for our processing of your personal information.
Necessary for Employment, Social Security, or Social Protection Law Purposes: Our processing of your personal information may be necessary for the purposes of carrying out obligations and exercising specific rights in the field of employment, social security, and/or social protection law.
Necessary to Protect Vital Interests: Our processing of your personal information may be necessary to protect the vital interests of you if you are physically or legally incapable of giving consent.
In Connection with a Foundation, Association or Other Non-Profit Body. Our processing of your personal information may be carried out in the course of our legitimate activities in connection with our foundation, association, or other non-profit body.
Publicly Available Personal Information: Our processing of your personal information may relate to personal information which has been manifestly made public by you.
Necessary for the Establishment, Exercise or Defense of Legal Claims: Our processing of your personal information may be necessary for the establishment, exercise or defense of legal claims.
Necessary for Substantial Public Interest: Our processing of your personal information may be necessary for reasons of substantial public interest.
Necessary for Substantial Interest in the Area of Public Health: Our processing of your personal information may be necessary for reasons of public interest in the area of public health.
Necessary for Archiving, Research, or Statistical Purposes. Our processing of your personal information may be necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

9. CHILDREN’S PERSONAL INFORMATION
The Services are not directed to children under 18 years of age, and we do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has uploaded personal information to the Services in violation of applicable law, you may contact us as described in “Contact Us” below.

10. THIRD-PARTY WEBSITES/APPLICATIONS

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.

11. CONTACT US

Dreadnode is the controller of the personal information we process under this Privacy Notice.

If you have any questions about our privacy practices or this Privacy Notice, or to exercise your rights as detailed in this Privacy Notice, please contact us at: contact@dreadnode.io.