Randori Privacy Policy Randori, Inc. (“Randori,” the “Company,” “we,” “our,” or “us”) is committed to protecting the privacy of your information. This Privacy Policy (the “Privacy Policy”) describes how Randori collects, uses, and shares information from users of the Company’s websites (www.randori.com) (the “Site”), when you communicate with us about services offered by Randori (the “Services”), and entering into an agreement to use the Services. This Privacy Policy does not apply to customer data collected within the provision of the Services. For customers using Randori’s Services, Confidentiality and Privacy commitments are included in the Master Services Agreement (MSA) & Data Protection Addendum (DPA).

1. Information Collected

We may collect a variety of information from or about you or your devices from various sources, as described below.

• Contact Information. When expressing an interest in obtaining additional information about the Services or registering to use the Services, Randori asks for personal contact information, such as your name, title, company name, physical address, email address, and phone number.
• Company Information. Randori may also ask you to provide additional information, such as company annual revenues, number of employees, or industry.
• Survey Information. Randori might also ask you to complete surveys from time to time.
• Navigational Information. As you navigate the Site, Randori may also collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons. Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on the Site (such as the Web pages viewed and links clicked). For example, Randori uses IP addresses to monitor the regions from which Customers and Visitors navigate the Site. In addition, we may use third-party services, such as Google Analytics, Mixpanel, HubSpot, Microsoft/Bing, LinkedIn, SalesForce, and Clearbit, that collect, monitor and analyze this type of information in order to increase the functionality of the Services. These third-parties may use cookies to help us analyze how you use the Site, and they have their own Privacy Policies addressing how they use such information.

The Google Analytics service is provided by Google Inc. You can opt-out from Google Analytics service using your information by installing the Google Analytics Opt-out Browser tool: https://tools.google.com/dlpage/gaoptout. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://www.google.com/policies/privacy. Mixpanel is provided by Mixpanel Inc. You can prevent Mixpanel from using your information for analytics purposes by opting-out. To opt-out of Mixpanel’s service, please visit this page: https://www.mixpanel.com/optout. For more information on what type of information Mixpanel collects, please visit the Terms of Use page of Mixpanel: https://www.mixpanel.com/terms. HubSpot is provided by HubSpot, Inc. To opt out of Hubspot’s processing of your information for analytics purposes please visit this page: https://privacyportal.onetrust.com/webform/9fd092df-0b2a-4194-89f1-820b83267af4/13da1ce4-8542-4d34-a84c-379495aa666c. For more information on the privacy practices of HubSpot, please visit the HubSpot Privacy Policy web page: https://legal.hubspot.com/privacy-policy. Microsoft/Bing Web Analytics is provided by Microsoft, Inc. To opt out of Microsoft’s processing of your information for analytics purposes please visit this page: https://about.ads.microsoft.com/en-us/resources/policies/opt-out-of-the-microsoft-advertising-optimization-program. For more information on the privacy practices of Microsoft, please visit the Microsoft Privacy Statement web page: https://privacy.microsoft.com/en-us/PrivacyStatement. LinkedIn is provided by LinkedIn Corp. To opt out of LinkedIn’s processing of your information for analytics purposes please visit this page: https://www.linkedin.com/psettings/guest-controls. For more information on the privacy practices of Microsoft, please visit the LinkedIn Privacy Policy web page https://www.linkedin.com/legal/privacy-policy. Salesforce is provided by Salesforce.com, Inc. To opt out of Salesforce’s processing of your information for analytics purposes please visit this page, please visit the Salesforce Privacy web page: https://www.salesforce.com/company/privacy/full_privacy/ Clearbit is provided by APIHub, Inc. To opt out of Clearbit’s processing of your information for analytics purposes please visit this page: https://clearbit.com/ccpa-opt-out. For more information on the privacy practices of Clearbit, please visit the Clearbit Privacy Policy web page https://clearbit.com/privacy.

• Cookies. Randori uses cookies to make interactions with the Company’s Services easy and meaningful. When you visit the Company’s Services, Randori’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you. They merely recognize your Web browser. Unless you choose to identify yourself to Randori, such as by filling out a Web form (such as a “Contact Us”), you remain anonymous to the Company. Randori uses cookies that are session-based and persistent-based. Session cookies exist only during one session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer.

If you have chosen to identify yourself to Randori, the Company uses session cookies containing encrypted information to allow the Company to uniquely identify you. Each time you log into the Services, a session cookie containing an encrypted, unique identifier that is tied to your session is placed in your browser. These session cookies allow the Company to uniquely identify you when you are visiting the Site and to process your form requests. Randori uses persistent cookies that can identify browsers that have previously visited the Company’s Services. When you provide the Company with personal information, a unique identifier is assigned to your session. This unique identifier is associated with a persistent cookie that the Company places on your Web browser. If you disable your Web browser’s ability to accept cookies, you will be able to navigate the Company’s Services, but you may not be able to successfully use the Services. Randori may use information from session and persistent cookies in combination with other information we collect to provide you with information about the Company and the Services and for the purposes described in Section 2, below.

• Web Beacons. Randori uses Web beacons alone or in conjunction with cookies to compile information about Customers’ and Visitors’ usage of the Company’s Services and interaction with emails from the Company. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular website tied to the Web beacon, and a description of a website tied to the Web beacon. For example, Randori may place Web beacons in marketing emails that notify the Company when you click on a link in the email that directs you to one of the Company’s Services. Randori uses Web beacons to operate and improve the Company’s Services and email communications. Randori may use information from Web beacons in combination with other information we collect to provide you with information about the Company and the Services, and for the purposes described in Section 2, below.
• Third-Party Cookies and Similar Technologies. From time-to-time, Randori engages third parties to track and analyze usage and volume statistical information from individuals who visit the Company’s Services. Randori may also use other third-party cookies and similar technologies to track the performance of Company advertisements. These third parties may track individuals’ activities on our Services and third-party sites.

Randori may also contract with third-party advertising networks that collect IP addresses and other Navigational Information on the Company’s Services and emails and on third-party websites. Ad networks follow your online activities over time by collecting Navigational Information through automated means, including through the use of cookies and similar technologies. They use this information to provide advertisements about products and services tailored to your interests. You may see these advertisements on other websites. This process also helps us manage and track the effectiveness of our marketing efforts. Some of our advertising partners may be members of the Network Advertising Initiative (http://optout.networkadvertising.org/?c=1#!/) or the Digital Advertising Alliance (http://optout.aboutads.info/?c=2&lang=EN). If you do not wish to receive personalized ads, please visit their opt-out pages to learn about how you may opt out of receiving web-based personalized ads from member companies. You can access any settings offered by your mobile operating system to limit ad tracking, or you can install the AppChoices mobile app to learn more about how you may opt out of personalized ads in mobile apps.

2. Use of Information Collected

We use the information we collect:

• To perform the services requested. For example, if you fill out a “Contact Us” Web form, the Company will use the information provided to contact you about your interest in the Services;
• To provide, operate, maintain, improve, and enhance our Site;
• To understand and analyze how you use our Site and develop new features, and functionality;
• To communicate with you, provide you with updates and other information relating to our Services, provide the information that you request, respond to comments and questions, and otherwise provide customer support;
• For marketing and advertising purposes. For example, the Company may use information you provide to contact you to further discuss your interest in the Services and to send you information regarding the Company and its partners, such as information about promotions or events;
• For compliance purposes, including enforcing our Terms of Service or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or government agency; and
• For other purposes for which we provide notice at the time the information is collected.

3. Public Forums

Randori may provide bulletin boards, FAQs, knowledge bases, blogs, or chat rooms on or through the Site. Any personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. Randori is not responsible for the personal information you choose to submit in these forums, or how others may use this information, so you should carefully consider whether and what to post and how to identify yourself on the Site.

4. Sharing of Information Collected

• Vendors and Service Providers.  We may share any information we receive with vendors and service providers retained in connection with the operation of the Site, the provision of our Services, or to communicate with you. For example, Randori may share your information with the Company’s service providers so that these service providers can communicate with you on our behalf, using the contact information you provided to the Company. Randori may also share your information with the Company’s service providers to ensure the quality of information provided. Unless described in this Privacy Policy, Randori does not share, sell, rent, or trade any information provided with third parties for their promotional purposes.
• Analytics and Advertising Partners. We use analytics services to collect and process certain analytics data, and work with third-party advertisers to show you ads we think may interest you, as described further in Section 1, above.
• As Required by Law and Similar Disclosures. Randori reserves the right to access, use, preserve, or disclose your information if we believe doing so is necessary or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; respond to your requests; or protect your, our, or others’ rights, property, or safety.
• Merger, Sale, or Other Asset Transfers. We may transfer your information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company, or we sell, liquidate, or transfer all or a portion of our assets.
• Consent. We may also disclose your information with your permission.

5. Third Parties

Our Site may contain links to other websites, products, or services that we do not own or operate. We are not responsible for the privacy practices of these third parties. Please be aware that this Privacy Policy does not apply to your activities on these third-party services or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information to them.

6. Children’s Privacy

We do not knowingly collect, maintain, or use personal information from children under 13 years of age, and no part of our Services are directed to children. If you learn that a child has provided us with personal information in violation of this Privacy Policy, then you may alert us at privacy@randori.com.

7. International Transfer of Information Collected

Randori is a United States company and the Site is hosted in the United States. If you choose to communicate with us or visit the Site from the European Union, the United Kingdom or other regions of the world with laws governing data collection and use that may differ from United States law, then please note that you are transferring your personal information outside of those regions to the United States for storage and processing. We may also transfer your information from the United States to other countries or regions in connection with the storage and processing of data, fulfilling your requests, and operating the Services. By providing any information, including personal information, directly to Randori, or to the Company on or through the Site, you consent to such transfer, storage, and processing.

8. California Residents

Randori acknowledges that individuals in the State of California have certain rights associated with the personal information received and retained by the Company through the California Consumer Privacy Act of 2018 (“CCPA”) and other California Privacy Laws. Although Randori is not currently a covered Business under the CCPA, we assure you that Randori does not sell information about you.

9. Data Subjects in the EU

We hereby inform Visitors, Business Contacts and Users from the EU and any other EU data subjects whose personal Data we may Process (in this section, “You”, “Your”), of the following rights (by virtue of EU privacy Laws) with respect to the processing of your Personal Data.

• Right to access: You may have the right to request a review of your Personal Data held by Randori.
• Right to rectification: if the Personal Data Processed by Randori is incorrect, incomplete or not Processed in compliance with Applicable Law or this Privacy and Cookie Policy, You may have the right to have your Personal Data rectified.
• Right to erasure: under certain conditions, You may be entitled to require that Randori would delete or “block” your Personal Data (e.g. if the continued Processing of a specific data is not justified or if the lawful basis for Processing is consent).
• Right to Portability: under certain conditions, You may have the right to transfer the Personal Data that you have provided to us between data Controllers (i.e. to transfer your Personal Data to another entity).
• Right to object: where that lawful basis for Processing your Personal Data is either “public interest” or “legitimate interests”, those lawful bases are not absolute, and you may have a right to object to such Processing.
• Right to withdraw consent: If the Processing of your Personal Data is based on your consent, You have the right to withdraw your consent to such processing at any time. If you are a Client’s User, please refer to our Client to withdraw your consent. If you are a Visitor, a Business Contact or a User, You may contact Us through the following link: Contact Us.
• The right to restrict Processing: under certain circumstances, You may have the right to object to the Processing of your Personal Data due to your particular situation.
• Right to lodge a complaint: You have the right to lodge a complaint before the relevant data protection authority or supervisory authority of your jurisdiction.

When a Data Subject asks us to exercise any of its rights under this Policy and the Applicable Laws, we may need to i) ask the Data Subject to provide us certain credentials to identify the Data Subject and to verify that the Data Subject is in fact who he/she claims to be, in order to avoid unlawful disclosure to that Data Subject of Personal Data related to others; and ii) ask the Data Subject questions to better understand the nature and scope of data that it requests to access.

10. Security

Randori makes reasonable efforts to protect your information by using appropriate administrative, technical, and physical security measures designed to protect the security of the information we maintain. However, as no electronic transmission or storage of information can be entirely secure, we can make no guarantees as to the security or privacy of your information.

11. Changes to this Privacy Policy

We will post any adjustments to the Privacy Policy on this page, and the revised version will be effective when it is posted. If we materially change the ways in which we use or share personal information previously collected from you through the Services, we will notify you through the Services, by email, or other communication.

12. Contacting Us & Effective Date

Questions regarding this Privacy Policy or the Company’s information practices should be directed to privacy@randori.com. Our Privacy Policy became effective on May 1, 2018, and was last updated on February 1st, 2021.