PRIVACY POLICY

UprootSecurity, Inc. ("UprootSecurity", "we", "us", "our"), a Delaware corporation, is committed to protecting your privacy and the security of your personal information. This Privacy Policy outlines our commitment to protecting the personal data you share with us and provides a clear understanding of how we collect, use, disclose, and retain your information when you interact with our website (https://www.uprootsecurity.com) and our other online services (collectively, the “Sites”).

At UprootSecurity, we understand the importance of privacy in the digital age. Whether you are browsing our Sites, exploring our services, or entering into a professional relationship with us, we want you to feel confident in how your personal information is handled. This Privacy Policy is designed to inform you about the types of data we collect, the purposes for which we collect it, and the measures we take to ensure it is processed securely and in compliance with applicable data protection laws.

Please take a moment to read this Privacy Policy carefully. By accessing or using the Sites, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy and our Terms of Use. If you do not agree with any part of this Privacy Policy or our Terms of Use, we kindly ask that you refrain from using our Sites. Your privacy is of utmost importance to us, and we are committed to ensuring that your personal information is treated with the highest level of care and respect.

Information We Collect

At UprootSecurity, we collect personal information from you through various methods when you interact with our Sites, enabling us to provide top-tier security solutions and enhance your experience. The types of information we collect include:

1. Information You Provide Directly to Us:

This includes personal information you voluntarily provide when you:

Contact Us Through the Sites: When you reach out to us for inquiries, support, or consultations, we may collect your name, email address, phone number, company name, job title, and any additional details you choose to provide.
Create a Customer Account: When you sign up for an account to access our services, such as VAPT (Vulnerability Assessment and Penetration Testing), PEN testing, or other security solutions, we collect your name, email address, and relevant credentials.
Use Site Features: When you interact with specific features on our Sites, like security assessment tools, we collect the information you provide during those interactions.

2. Information We Collect Automatically:

We automatically gather certain technical information when you visit our Sites, which helps us monitor and improve our services:

IP Address: We collect your IP address to understand your connection details and for security monitoring purposes.
Location (General): We may gather general location information based on your IP address to customize our services and analyze geographical trends.
Operating System and Browser Type: Information about your computer's operating system and browser helps us optimize the performance of our Sites.
Browsing History and Activity: We track your interactions on our Sites, including pages visited and actions taken, to enhance the user experience and ensure the security of our digital environment.

How We Use Your Information

We utilize your personal information for a variety of security-focused purposes, including:

Use of Your Information: We may use the information we collect from you when you register, make a purchase, sign up for our newsletter or marketing communication, surf the website, or use any site features. To the extent permitted by applicable law, we use your Personal Information that we collect or receive through our Services to perform our contractual obligations, Services, and other legitimate interests as detailed below:
1. Process Your Registration: To operate and administer our Services, including sending you emails, invoices, receipts, and notices, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and those third parties collect billing information to process your orders and credit card payments.
2. Communicate with You: To communicate with you about your account and provide customer support.
3. Enforce Compliance: To enforce compliance with our Standard Terms of Service and applicable law, and to protect the rights and safety of our Users.
4. Personalize Your Experience: To deliver the type of content and product offerings you are most interested in.
5. Improve Our Website or Services: To better serve you.
6. Service Requests: To respond to your customer service requests.
7. Contests and Promotions: To administer a contest, promotion, or other site feature.
8. Process Transactions: To quickly process your transactions.
9. Follow Up: To ask for ratings and reviews of services or products and to follow up after correspondence (live chat, email, or phone inquiries).
10. Prevent Unauthorized Access: To investigate and prevent unauthorized access to the Websites and the Services.
11. Legitimate Business Purposes: For other legitimate business purposes and lawful purposes.
12. Consent-Based Activities: For purposes for which we obtain your consent.

Information We Collect from Third-Parties

We may collect your Personal Information from third parties to whom you have given your personal data.

How We Disclose Your Information

We may disclose your personal information to third parties in the following circumstances:

Service Providers: We may share your information with trusted third-party service providers who assist us in operating our Sites, delivering our security solutions, and providing customer support. These providers are bound by confidentiality agreements and are only authorized to use your information as necessary to perform their services.
Disclosure for Legal Purposes: We may share the information we collect, including Personal Information, as permitted by applicable law, in response to subpoenas or other legal processes, at the request of governmental authorities conducting an investigation, or to enforce our terms and conditions.

We are committed to ensuring that your personal information is handled with the utmost care and in compliance with all relevant legal and regulatory requirements. Should you have any questions about how your data is shared with third parties, please feel free to contact us.

Your Data Protection Rights

If you wish to exercise your rights under any applicable data protection law, including the EU General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), please contact us by email at [email protected].

Subject to certain exceptions and limitations under your local law, you may be entitled to exercise the following rights:

Right to Be Informed: To know what Personal Information is being processed and the rationale for such processing.
Right to Access: To request copies of Personal Information that is being processed.
Right to Rectification: To update or modify the Personal Information submitted to the Data Controller.
Right to Withdraw Consent: To withdraw previously given consent to process Personal Information.
Right to Restrict and Object: To restrict and object to the processing of your Personal Information.
Right to Erasure: To request the deletion of your Personal Information (also known as the right to be forgotten).
Right to Complain: To complain to a data protection authority about our collection and use of your Personal Information. However, before referring to your local supervisory authority, please attempt to resolve the issues with us amicably.

Legal Basis for Processing Personal Information

The legal basis for collecting and processing Personal Information will depend on the type of Personal Information that we collect and the specific context in which we collect it. We will collect, use, and/or process your Personal Information only where such processing is in our legitimate interests, as permitted by law, and shall not be overridden by your data protection interests, rights, and freedoms.

Third-Party Links and Information

The Platform may contain information from third parties and links to external platforms that are not affiliated with, operated, or controlled by UprootSecurity, including but not limited to payment gateways, social networking platforms, and other service providers. We do not assume any responsibility for the transmission, data, or content received by you from any third-party platform. UprootSecurity makes no representations or warranties regarding the privacy practices, policies, accuracy, integrity, or quality of information, data, text, software, sound, photographs, graphics, videos, cookies, messages, or other materials available on such third-party platforms.

Under no circumstances shall UprootSecurity be deemed to control or guarantee the content, accuracy, or quality of the services or information provided by these third-party platforms. Any personal information or User Information provided by you to such third-party platforms will be governed by their respective privacy policies. We strongly recommend that you review the privacy policies and terms of service of these platforms before using them or providing any personal information.

Occasionally, we may, at our discretion, include or offer third-party products or services on our Platform. These third-party sites are governed by their own independent privacy policies and terms. UprootSecurity assumes no responsibility or liability for the content, activities, or privacy practices of these linked sites. However, we are committed to maintaining the integrity of our Platform and welcome any feedback or concerns regarding these third-party sites.

Retention of Personal Information

We will retain your Personal Information as long as you have an account with us in order to maintain and expand our relationship with you and to have proof and evidence concerning our relationship with you. Please note that except as required by applicable law or our specific agreements with you, we shall not have any obligation to retain your data for any particular period. Upon termination or expiry of your account, not exceeding 30 (thirty) days from the date of such expiration or termination, we will delete all Personal Information, including any copies thereof.

In case we are In case, we are unable to delete Your Personal Information due to technical or other reasons, UprootSecurity will apply measures to ensure that Your Personal Information is blocked from any further processing until deletion is possible. This excludes the data that we are required to retain for legal and regulatory requirements.

Additional Information for Residents of the European Economic Area (EEA)

Data Controller

For the purposes of the General Data Protection Regulation (GDPR), UprootSecurity, Inc. is the data controller responsible for the processing of your personal information as described in this Privacy Policy. As a data controller, we are committed to ensuring that your personal data is processed lawfully, fairly, and transparently.

Legal Basis for Processing Personal Data

Under the GDPR, the legal bases for processing your personal data include:

Consent: We may process your personal data if you have given your explicit consent for specific purposes.
Contractual Obligations: We process personal data to fulfill our obligations under a contract with you or to take steps at your request before entering into a contract.
Legitimate Interests: We may process your personal data for our legitimate interests, provided that such processing does not override your rights and freedoms.
Compliance with Legal Obligations: We may process your personal data to comply with our legal obligations, such as maintaining accurate records for tax or regulatory purposes.

Cross-Border Data Transfers

Your personal information may be transferred to and processed in countries outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place to protect your personal data, such as standard contractual clauses approved by the European Commission or other legally accepted mechanisms.

Your Rights Under GDPR

In addition to the rights outlined in the "Your Data Protection Rights" section, EEA residents may have the following additional rights:

Right to Data Portability: You have the right to request that your personal data be provided to you or another controller in a structured, commonly used, and machine-readable format.
Right to Object to Automated Decision-Making: You have the right to object to decisions made solely based on automated processing, including profiling, if such decisions have a significant effect on you.

If you wish to exercise any of these rights or have any concerns regarding the processing of your personal data, please contact us at [email protected].

Security Measures

UprootSecurity implements industry-standard security measures to protect your personal information from unauthorized access, use, or disclosure. These measures include encryption, firewalls, secure access controls, and regular security assessments. While we strive to ensure the security of your personal data, please be aware that no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

International Users

Our website and services are hosted in the United States. If you are accessing our Sites from outside the United States, please be aware that your personal data may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate. By using our Sites, you consent to the transfer of your personal data to these locations.

Governing Law

This Privacy Policy and any disputes related to it shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law principles.

Effective Date

This Privacy Policy is effective as of 02/09/2024.

This concludes the Privacy Policy for UprootSecurity. Should you require any further information or clarification, please do not hesitate to contact us at [email protected].