Beyond vulnerability scanning: Enhancing attack surface management for more proactive security


We take privacy seriously.

As of 6/17/2022, Randori has been acquired by IBM ( and will be integrated into the IBM organization. Randori, an IBM Company (“Randori”) is committed to protecting the privacy of visitors to the website (“Website”) and others who request information about Randori. During this integration phase, if you have any questions about Randori’s handling of your personal information you can contact IBM Chief Privacy Office Helpdesk.

This Privacy Policy does not apply to customer personal information collected and processed through the provision of the services. For customers using Randori’s services, privacy commitments are included in the Data Processing Agreement (DPA) found at

1. Personal Information We Collect and Use

Your Account

You can create an account with Randori. Creating an account provides Randori with your name, email address, and phone number. We may require a Randori account for certain services, such as the use of a Randori product demo. We may also store your details from business contact information that you provide to us, or that we collect from your organization, our Business Partners, or our suppliers.

Business contact information is typically information that you would find on a business card, such as name and business contact details. We use this information to contact or communicate with you about business matters. If we receive business contact information from a third party, such as a Randori Business Partner or supplier, we will confirm that the information was shared appropriately. 

We may also combine your business contact information with other business-relevant information, such as information about your professional education, skills, work experience, or other publicly available information, such as business-related blogs, publications, job roles, and certifications. This information may be used to tailor our interactions with you in any part of Randori’s business, for example in the sales process, to maintain a relationship with you, and for post-contractual relationships.

Randori Website

Our websites offer ways to communicate with you about us, our products, and services. The information that we collect on websites is used to provide you with access to the website, to operate the website, to improve your experience, and to personalize the way that information is provided to you. If you visit our websites without logging in with an account, we may still collect information that is connected to your website visit. 

For more information on the technologies that we use to collect website information, and setting your preferences, see Cookies and Similar Technologies.

We collect information about your use of our websites, such as:

  • the webpages you view, 
  • the amount of time you spend on pages, 
  • the website URL that referred you to our pages, 
  • your geographic information derived from your IP address, 
  • and any hyperlinks or advertisements you select.

We use this information to improve and personalize your experience with our websites, provide you with content that you may be interested in, create marketing insights, and to improve our websites, online services, and related technologies. 

We also collect the information that your browser or device automatically sends, such as:

  • your browser type and IP address, 
  • operating system, device type, and version information,
  • language settings,
  • crash logs, 
  • account information (if signed in), 
  • and passwords.

We use this information to provide you with access to our webpages, improve the webpage view on your device and browser, adapt to your settings and language, and adapt content for relevancy or any legal requirements for your country. We also use this information to comply with system and network security requirements, and to provide support.


We use contact information that we collect directly from you, your organization, or third-party data providers, to communicate with you about our products, services, and offerings. We may, subject to your preferences, collect information about your interactions with our websites, our emails (such as whether emails are opened or links selected), and other Randori content, including content on third-party sites. For more information on the technologies that we use to collect this information, and setting your preferences, see Cookies and Similar Technologies.

We may also use this information to personalize your experience with our content and advertisements, and to develop internal marketing and business intelligence. For example, we may:

  • Aggregate the information that is collected about website visitors for the purposes of developing and modeling marketing audiences
  • Leverage insights from the information collected to personalize content and advertisements across multiple interactions and devices
  • Engage with advertising partners, such as publishers and social media companies, to deliver targeted advertisements on their platforms, aggregate information for analysis, and track engagement with those advertisements on our behalf

You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send, or by contacting us at To review or set your preferences regarding the information that we collect about you on our websites, select the “Manage Consent” button in the website footer.

Public Forums

Randori may provide bulletin boards, FAQs, knowledge bases, blogs, or chat rooms on or through the Site. Any Personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. Randori is not responsible for the Personal information you choose to submit in these forums, or how others may use this information, so you should carefully consider whether and what to post and how to identify yourself on the website. 

Support Services

When you contact us to request support, we collect your contact information, problem description, and possible resolutions. We record the information that is provided to handle the support query, for administrative purposes, to foster our relationship with you, for staff training, and for quality assurance purposes.

Protecting You and Randori

We may collect and use information to protect you and Randori from IT security threats and to secure the information that we hold from unauthorized access, disclosure, alteration, or destruction. This includes information from our IT access authorization systems, such as log-in information.

Conducting our Business Operations

We collect and use information from our business systems, which may include Personal information, to:

  • protect or enforce our rights, including to detect fraud or other criminal activities (for example, by using information in payment systems) 
  • handle and resolve disputes 
  • answer complaints and defend Randori in legal proceedings
  • and comply with legal obligations in the countries where we do business

2. Cookies and Similar Technologies

When you visit our website or view our content on certain third-party websites, we collect information regarding your connection by using various online tracking technologies, such as cookies, web beacons, Local Storage, or HTML5. Information that is collected with these technologies may be necessary to operate the website or service, to improve performance, to help us understand how our online services are used, or to determine the interests of our users. We use advertising partners to provide and assist in the use of such technologies on the Randori website.

A cookie is a piece of data that a website may send to your browser, which may be stored on your computer and can be used to identify your computer. Web beacons, including pixels and tags, are technologies that are used to track a user visiting a Randori web page or if a web page was copied to another website. Web beacons may be used in email messages or newsletters to determine whether messages are read, forwarded, or links selected. Local Shared Objects can store content information displayed on the webpage visited, and preferences. These may be used to provide connected features across our websites or display targeted advertising on other websites based on your interests.

Session cookies can be used to track your progression from page to page so that you are not asked for information that you have already provided during the current session, or information that is needed to be able to complete a transaction. Session cookies are erased when the web browser is closed. Persistent cookies store user preferences for successive visits to a website, such as recording your choice of language and country location. Persistent cookies erase their data within 12 months. 

You can use our Cookie Manager to learn more about the online tracking technologies we use and to review or set your preferences regarding the information that we collect about you on our websites. Our Cookie Manager is either presented as a notification window when you first visit a webpage or opened by selecting the “Manage Consent” button in the website footer. Our Cookie Manager does not address all types of tracking technologies (for example, web beacons). When using mobile apps, use the options on your mobile device to manage settings. 

Blocking, disabling, or rejecting cookies may cause services to not function properly. Disabling cookies does not disable other online tracking technologies, but prevents the other technologies from accessing any details stored in cookies.

Our websites offer the possibility to use third-party social media options.  If you elect to use these options, these third-party sites may log information about you, such as your IP address, access time, and referring website URLs. If you are logged in to those social media sites, they may also link collected information with your profile information. We accept no responsibility for the privacy practices of these third-party services and encourage you to review their privacy policies for more information. 

For information on cookies and how to remove these technologies by using browser settings, see

3. Children

Unless otherwise indicated, our websites, products, and services are not intended for use by children under the age of 16.

4. Sharing of Personal Information

When sharing personal information, we implement appropriate checks and controls to confirm that the information can be shared in accordance with the applicable law.

If we decide to sell, buy, merge, or otherwise reorganize businesses in some countries, such a transaction may involve disclosing some personal information to prospective or actual business purchasers, or the collection of personal information from those selling such businesses.

Internally, personal information is shared for our legitimate business purposes, such as managing our relationship with you and other external parties, compliance programs, or systems and networks security. We do this to improve efficiency, for cost savings, and internal collaboration between our subsidiaries. Our internal access to personal information is restricted and granted only on a need-to-know basis. Sharing of this information is subject to the appropriate intracompany arrangements, our policies, and security standards.


  • our business with suppliers may include the collection, use, analysis, or other types of processing of personal information on our behalf. 
  • our business model includes cooperation with independent Business Partners for marketing, selling, and the provision of products and services. Where appropriate (for example, when necessary for the fulfilment of an order), we share business contact information with selected Business Partners.
  • we may share personal information with professional advisors, including lawyers, auditors, and insurance companies to receive their services.
  • we may share contractual relationship information with others, for instance, our Business Partners, financial institutions, shipping companies, postal, or government authorities, such as the customs authorities that are involved in fulfillment.

In certain circumstances, personal information may be subject to disclosure to government agencies in accordance with judicial proceedings, court orders, or legal processes. We may also share personal information to protect the rights of Randori or others when Randori believes that such rights may be affected, for example to prevent fraud.

5. Facilitating International Transfers

Your information may be transferred to or accessed by Randori affiliates, subsidiaries and third parties around the world. Randori complies with laws on the transfer of Personal information between countries to keep your Personal information protected, wherever it may be.

We have implemented various safeguards including Standard Contractual Clauses (SCCs), such as those approved by the EU Commission and accepted in several other countries. You can request a copy of the EU Standard Contractual Clauses (EU SCCs) by contacting us at

6. Information Security and Retention

To protect your personal information from unauthorized access, use, and disclosure, we implement reasonable physical, administrative, and technical safeguards. These safeguards include role-based access controls and encryption to keep personal information private while in transit. We also require our Business Partners, suppliers, and third parties to implement appropriate safeguards, such as contract terms and access restrictions, to protect information from unauthorized access, use, and disclosure.

We only retain personal information as long as necessary to fulfill the purposes for which it is processed, or to comply with legal and regulatory retention requirements. Legal and regulatory retention requirements may include retaining information for:

  • audit and accounting purposes,
  • statutory retention terms,
  • the handling of disputes,
  • and the establishment, exercise, or defense of legal claims in the countries where we do business.

We retain any contractual relationship information for administrative purposes, legal and regulatory retention requirements, defending Randori rights, and to manage Randori’s relationship with you.

When personal information is no longer needed, we have processes in place to securely delete it, for example by erasing electronic files and shredding physical records.

7. Your Rights

You have certain rights when it comes to the handling of your personal information. You can contact to:

  • request access to the personal information that we have on you, or have it updated. Depending on the applicable law, you may have additional rights concerning your Personal information.
  • ask questions related to this Privacy Policy and privacy practices. Your message is forwarded to the appropriate member of the data privacy team.
  • submit a complaint if you are not satisfied with how Randori is processing your Personal information.

More information on certain rights that may apply to you and how to exercise them:

California Consumer Privacy Act of 2018 (CCPA – US):

If you are a California resident, you have rights under the California Consumer Privacy Act of 2018 (CCPA). The information below provides instructions on how to exercise the rights granted by the CCPA. There may be cases where we present you with an additional privacy notice that includes information specific to an activity or offering.

Know your Personal Information

You can request specific pieces of personal information, or information about the categories of Personal information that Randori holds about you by submitting a request to or by calling (toll free) 1-800-IBM-4YOU (1-800-426-4968).

Request Deletion of your Personal Information

You can request the deletion of the personal information that Randori holds about you by submitting a request to or by calling (toll free) 1-800-IBM-4YOU (1-800-426-4968).

Opt-Out of the Sale of Personal Information

When you use Randori websites, our authorized advertising partners may collect cookies and similar technologies and use this data for their own purposes. This activity may qualify as a “sale” under the CCPA. You can make choices to allow or prevent such uses. To opt-out of Randori making information relating to cookies, and similar technologies, available to third parties for their own purposes, click here.

If you are accessing our websites while located outside of California, you can opt-out by going to the “Manage Consent” button in the website footer and setting your cookie preferences to “Required”.


If you choose to exercise any of these rights, we will not deny goods or services to you or provide different quality of services.

Authorized Agent

You may use an authorized agent to submit a request about your personal information via To use an authorized agent, you must provide the agent with written authorization. In addition, you may be required to verify your own identity with Randori.

General Data Protection Regulation (European Economic Area and United Kingdom)

If the processing of your personal information is subject to the EU General Data Protection Regulation (“GDPR”) or UK General Data Protection Regulation (“UK GDPR”), and your personal information is processed based on legitimate interests, you have the right to object to the processing on grounds relating to your specific situation. Under GDPR and UK GDPR you may also have the right to request to have your personal information deleted or restricted, ask for portability of your personal information, and not be subject to a decision based solely on automated processing. Where the processing of your personal information is based on consent, you have the right to withdraw this consent at any time. This does not affect the lawfulness of the processing based on consent before your withdrawal.

8. Legal Basis

In some jurisdictions, the lawful handling of Personal information is subject to a justification, sometimes referred to as legal basis. The legal bases that we rely on for the lawful handling of your Personal information vary depending on the purpose and applicable law. The different legal bases that we use are:

Necessary for the performance of a contract with you

We rely on this legal basis when we need to process certain Personal information, such as your contact details, payment details, and shipment details, to perform our obligations or to manage our contractual relationship with you. Examples: 

  • If you intend to purchase a product or service, we require your business contact information to enter into a contract with you or you may need to create an account to access a purchased product online. 
  • When fulfilling a contract, you may need to receive support services, for which we will need to collect your contact information. 

Necessary for the purposes of Randori’s or a third party’s legitimate interest 

Legitimate interests relate to being able to conduct and organize business, which includes the marketing of our offerings, protecting our legal interests, securing our IT environment, or meeting client requirements. Examples:

  • We capture your use of, and interaction with our websites to improve them. 
  • We process your account information to manage access authorization of our services.
  • Where we have a contractual relationship with the organization that you are working for, we have a legitimate interest to process your Personal information used to manage this contract.
  • We process your business contact information in combination with other business-relevant information to tailor our interactions with you and promote our products and services.
  • We have to keep our general business operations functional. To this end we may, for example, processes the login information of our IT systems and networks, or CCTV footage at Randori locations for security and safety purposes.

We may also process Personal information where it is necessary to defend our rights in judicial, administrative, or arbitral proceedings. This also falls under the legal basis of legitimate interest in countries where they are not a separate legal basis. 


The processing is based on your consent where we request this. Example:  

  • the optional use of Cookies and Similar Technologies or email of Marketing materials. 

Legal obligation 

Where we need to process certain Personal information based on our legal obligation. Example:

  • We may be obliged to ask for a government-issued ID for certain transactions, such as for a financing transaction (see Contractual Relationship).

9. Changes to this Privacy Policy

If a material change is made to this Privacy Policy, the effective date is revised, and a notice is posted on the updated Privacy Policy for 30 days. By continuing to use our websites and services after a revision takes effect, it is considered that users have read and understand the changes.

10. Contacting Us & Effective Date

Questions regarding this Privacy Policy or the Company’s information practices should be directed to Our Privacy Policy became effective on May 1, 2018, and was last updated on October 3, 2022.