Privacy Policy
Effective Date: December 13, 2023

Thank you for choosing to be part of our community at RedBlock Security, Inc. (" RedBlock", "we", "us", "our") and entrusting us with your personal information. We take data privacy very seriously and are committed to protecting your personal information and your right to privacy. Whenever you access our website - https://redblock.ai and other related sub-domains (the " Website") or use any of our services (the "Services", including the Website, off-site services etc.), there is always some personally identifiable or non-personally identifiable data about you, which you may leave with us, knowingly or unknowingly.


All capitalized terms have their definition specified in the Terms of Use, unless otherwise noted here.

If there are any terms in this Privacy Policy that you do not agree with, please discontinue use of our Services immediately as your continued use would signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal data as described in this Privacy Policy and our Terms of Service.

1. WHAT INFORMATION DO WE COLLECT?

In Short: We collect information directly from you when you register on our Website, provide us your contact information, subscribe to our Services. We also automatically collect from you your usage information, cookies and similar technologies.

Personal Information

While using our Service, we may ask you (or for Corporate Member Accounts, your employers) to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to any information about you which could, alone or together with other information, personally identify you or otherwise be reasonably linked or connected with you. Information such as a username and password, an email address, a real name, date of birth, an Internet protocol (IP) address, contact information, billing information are examples of “Personal Information.” 

Personal Information does not include aggregated, non-personally identifying information that does not identify you or cannot otherwise be reasonably linked or connected with you. We may use such aggregated, non-personally identifying information for research purposes and to operate, analyze, improve, and optimize our Website and Services.

If you provide us with personal information of another individual/entity that requires consent, it is your duty to make sure that the individual/entity has consented to or is appropriately informed about the processing of their personal information by RedBlock.

Usage Data


We may automatically collect some basic information when you visit or otherwise use our Services, subject, where necessary, to your consent. This includes information about how you use the Service, such your computer's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. This information may include your Personal information, Cookies and Tracking and Analytics information.

Cookies

To enable our systems to recognize your browser or device and to provide and improve our Services, we use cookies and similar technologies (e.g., pixel tags) to collect data (e.g., device IDs) to recognize you and your device(s) on, off and across different services and devices where you have engaged with our Services. Cookies are small text files that websites place on the computers and mobile devices of people who visit those websites. These files are then read by the website each time you return to the site. Most web browsers are set to accept cookies by default. However, you may also set your browser to block cookies and similar technologies, but this action may block our essential cookies and prevent our website from functioning properly, and you may not be able to fully utilize all of its features and services. You should visit your browser's help menu for more information on this.

Tracking and Analytics Information

We use a number of third-party analytics such as Google analytics data and service providers to help us evaluate your use of our Services, compile statistical reports on activity, and improve our content and Website performance. Some of the tracking technologies used by us are beacons, tags, and scripts to collect and track information and to improve and analyze our Services.

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized by us. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

Employer Provided Information

Others buying our Services for your use, such as your employer, provide us with personal data about you and your eligibility to use the Services that they purchase for use by their employees. For example, we will get Personally Identifiable information for authorizing users of our Services.

2. WHAT INFORMATION WE DO NOT COLLECT?

In Short: We don’t knowingly collect information from children under 13, and we don’t collect Sensitive Personal Information.


We do not intentionally collect “Sensitive Personal Information”, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. If you choose to store any Sensitive Personal Information on our servers, you are responsible for complying with any regulatory controls regarding that data.

Further, we do not knowingly solicit or collect personally identifiable data from or market to children under 13 years of age. By using the Website, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Website. If we learn that personal information from users less than 13 years of age has been collected, we will take reasonable measures to promptly delete such data from our servers. If you become aware of any data we may have collected from children under the age of 13, please contact us at [email protected].

3. HOW DO WE USE YOUR INFORMATION?

In Short: We use the data that we collect from you to provide and enhance your experience of our Services, subject to applicable laws.

How we use your personal information will depend on which Services you use, how you use those Services and the choices you make in your settings. Some more specific reasons why we may use your Personal Information or Usage Information are:

to communicate with you, with your consent. To send periodic emails and other communications relating to availability of our Services, security, or other services related issues. We also send messages about how to use our Services, updates and promotional messages advertising our Services. Please note that while you may opt-out of receiving any marketing and promotional messages from us by writing to us through the contact mechanism described below, you cannot opt out of receiving service messages from us, including security and legal notices.to create your account, and to provide you the Services.
to invite you to take part in surveys, beta programs, or other research projects, subject to your consent, where necessary. You are not obligated to respond to polls or surveys, and you have choices about the information you provide. You may opt-out of survey invitations.
for billing, account management and other administrative matters. We may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
to investigate, respond to and resolve complaints and for Service issues and provide a smooth customer support.to produce and share insights that do not identify you. If Information is aggregated or de-identified so that it is no longer reasonably associated with an identified or identifiable natural person, we may use it for any business purpose such as to generate statistics and publish visitor demographics for our Services.
for security purposes or to prevent or investigate possible fraud or other violations of our polices, end user license agreements etc.to comply with our legal obligations, protect our intellectual property, and enforce our Terms of Service.

4. WHAT ARE OUR LEGAL BASES FOR PROCESSING INFORMATION?

In Short: We have legal bases to collect, use and share data about you. You have choices about our use of your data. At any time, you can withdraw consent you have provided by contacting us. 

We will only collect and process personal data about you where we have legal bases. Legal bases include consent (we rely on your consent to use your Personal Information), contract performance (where processing is necessary for the performance of a contract with you (e.g., to deliver our Services you have specifically requested), and for your legitimate interests or the legitimate interests of others (e.g., for legal compliance purposes, security purposes, or to maintain ongoing confidentiality, integrity, availability of our Website and Services.)

Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us through the contact mechanism described below.

5. HOW DO WE SHARE THE INFORMATION WE COLLECT?

In Short: We may share your information with third parties under one of the following circumstances: with your consent, when there is a change of control or sale of corporate entities or business units, to comply with our legal obligations, with our trusted service providers and for security purposes. We do not sell your personal information and we do not host advertising on our Website.

With Your Consent

We share your Personal Information, if you consent, after letting you know what information will be shared, with whom, and why. 

Change In Control Or Sale 

If we are involved in a merger, acquisition, asset sale or business reorganization, your Personal Information may be transferred to our successors in interest. We will endeavor that the third party agrees to adhere to the terms of this Privacy Policy, otherwise, we will provide notice before your Personal Information is transferred and becomes subject to a different Privacy Policy. We may further disclose information (including Personal Information) about you to our current and future affiliate companies and business partners, provided all your Personal Information will be treated by them in accordance with the terms of this Privacy Policy. 

Law Enforcement 

Under certain circumstances, we may be required to disclose your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency) or private parties as we, in our sole discretion, believe necessary or appropriate in order to respond to claims, legal process (including subpoenas), to protect our rights and interests or those of a third party, the safety of the public or any person, to prevent or stop any illegal, unethical, or legally actionable activity, or to otherwise comply with applicable court orders, laws, rules and regulations. 

Service Providers

We may appoint trusted third-party service providers to perform functions and provide services to us ("Service Providers"), such as hosting and maintaining our servers and the website, database storage and management, email management, storage marketing, payment processing, Google analytics tool, promotional and marketing partners, customer service and fulfilling orders for products and services you may purchase through us. We will likely share your Personal Information, and possibly some non personal information, with these Service Providers to enable them to perform these services for us and for you. We ensure that our Service Providers are bound by the privacy restriction similar to the ones in this Privacy Policy. While we process all Personal Information in the United States, our Service Providers may process data outside of the United States or the European Union.

6. HOW YOU CAN ACCESS AND CONTROL THE INFORMATION THAT WE COLLECT?

In Short: You may access, review, change, or delete your basic personal information at any time by contacting us.We provide many choices about the collection, use and sharing of your data, such as:

Deletion or De-Identification of Personal Information: You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide Services to you). We retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 90 days of your request. You may contact us to request the erasure of the data we process on the basis of consent within 30 days. 

Change or Correct Data: You can edit some of your personal data through your account if you are a registered customer or you can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate. 

Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held). 

Data Portability: You can ask us for a copy of your personal data you provided in machine readable form.

You may contact us through the contact mechanism described below to make these requests, and we will consider your request in accordance with applicable laws. 

Individuals residing in the State of California and other regions may have additional rights under their respective laws. The additional rights and disclosures applicable to individuals residing specifically in the State of California can be found in our Jurisdiction Specific Privacy Policies section below. 

In Short: We have legal bases to collect, use and share data about you. You have choices about our use of your data. At any time, you can withdraw consent you have provided by contacting us. 

We will only collect and process personal data about you where we have legal bases. Legal bases include consent (we rely on your consent to use your Personal Information), contract performance (where processing is necessary for the performance of a contract with you (e.g., to deliver our Services you have specifically requested), and for your legitimate interests or the legitimate interests of others (e.g., for legal compliance purposes, security purposes, or to maintain ongoing confidentiality, integrity, availability of our Website and Services.) 

Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us through the contact mechanism described below.

7. HOW DO WE SECURE YOUR INFORMATION?

In Short: We monitor for and try to prevent security breaches and for that purpose we strive to use commercially acceptable means to protect your Personal Information. 

We have implemented appropriate technical and organizational security measures designed to protect the security of any Personal Information we process such as HTTPS. However, despite these safeguards in place, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. While we will do our best to protect your personal information, transmission of such personal information to and from our Website is at your own risk. You should only access the Website within a secure environment.

8. HOW LONG DO WE KEEP THE DATA THAT WE COLLECT?

In Short: We keep your information for as long as necessary to fulfils the purposes set out in this Privacy Policy unless otherwise required by law. 

We will keep your personal data only for as long as it is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. 

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods.

9. DO WE TRANSFER YOUR PERSONAL INFORMATION ACROSS BORDERS?

In Short: We may store and use your data outside your country. 

While RedBlock is incorporated in Delaware, USA, the data collected via our Website, through direct interactions with you, or from use of our Services may, from time to time, be transferred to – and maintained on - computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. 

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information. 

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to the transborder transfer and hosting of such information.

10. LINKS TO OTHER SITES

In Short: We may display links to other third-party sites that are not operated by us and over which we have no control and assume no responsibility for the content, privacy policies or practices of such third-party sites or services. 

This Privacy Policy applies only to the Services. The Services may contain links to other websites not operated or controlled by us. We are not responsible for the content, accuracy or opinions expressed in such websites, and such websites are not investigated, monitored or checked for accuracy or completeness by us. Please remember that when you use a link to go from the Services to another website, our Privacy Policy is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our platform, is subject to that website’s own rules and policies. Such third parties may use their own cookies or other methods to collect information about you.

11. PRIVACY SHIELD

RedBlock Security Inc. complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. RedBlock Security Inc. has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov

12. GOOGLE DISCLOSURE

RedBlock is committed to ensuring the privacy and security of user data. Our Limited Use Policy outlines the guidelines and restrictions for the use of data collected through our website. By accessing and using our services, you agree to adhere to the following:



1. Data Collection and Purpose: RedBlock collects user data solely for the purpose of improving user experience, providing personalized services, and enhancing our website's functionality.


2. Data Storage and Security: All user data collected by RedBlock is securely stored and protected against unauthorized access, disclosure, or misuse.

3. Limited Data Use: RedBlock will only use the collected data for the intended purposes stated on our website. Any additional use of data requires explicit consent from the user.


4. Data Sharing: RedBlock will not share, sell, or transfer user data to any third parties without prior consent, except as required by law or to comply with legal obligations. 

5.User Consent: By using RedBlock's services, users consent to the collection, storage, and use of their data as outlined in this Limited Use Policy. 

6. Compliance: RedBlock complies with the Google API Services User Data Policy, including the Limited Use requirements, to ensure the protection of user data. 

7. Policy Updates: RedBlock reserves the right to update and modify this Limited Use Policy. Users will be notified of any changes, and continued use of our services implies acceptance of the revised policy.For any questions or concerns regarding our Limited Use Policy, please contact us at [email protected]

Compliance Disclosure
To attest our compliance with the Limited Use Policy and the Google API Services User Data Policy, we provide the following disclosure: RedBlock's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. For more information, please refer to the “Google API Services User Data Policy.”

13. USER CONSENT FOR AI

Data Sharing with AI Models
The application utilizes AI models for the analysis of security configurations, API identities, and user identities. 

Data Sharing Disclosure with AI Models
The data shared with AI models includes security configurations, API identities, and user identities. Examples of shared data may encompass specific user and configuration settings data like firewall settings, API access keys, user profile information, roles, and API identities information such as keys, status, and creation date. Other data points may vary depending on the specific requirements of each application. 

Acquiring Explicit User Consent
To ensure transparency and user control over data sharing, a robust consent mechanism has been integrated within the application. When users choose to utilize the AI agent for scanning their app settings, a detailed consent prompt is prominently displayed. This prompt is presented upfront, allowing users to access the RedBlock app only after reviewing and accepting the privacy policy and terms of service.

14. JURISDICTION SPECIFIC PRIVACY POLICIES

In Short: Individuals located in the State of California and Canada have certain statutory rights in relation to their personal data. We are committed to protecting your rights and handling your personal data in accordance with this Privacy Policy and jurisdiction-specific privacy policies, including California Consumer Privacy Act and other data protection and privacy laws, as may be applicable in your case.

A. California Consumer Privacy Act (CCPA) 

This notice specifically describes the personal data we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act (“CCPA”).

We Do Not Sell Your Personal Information

Under the CCPA, a business that sells California residents' personal information to others: a) must give notice to California residents before selling their personal information to others; and b) must provide the right to opt out of the sale of their personal information.

Your Rights Under The CCPA

The CCPA provides California residents with certain rights related to their Personal Information. To submit a request based on these rights, please contact us via the contact mechanism set out below. If your Personal Information is disclosed by your employer for the purposes of using our Services, you may request your employer to exercise the following rights on your behalf. If you are no longer an employee of the said employer, you may exercise the following rights by contacting us directly.

The right to request for information pursuant: you have the right to know the categories of personal information we have collected about you; the categories of sources from which the personal information is collected; our business or commercial purpose for collecting or selling personal information; the categories of third parties with whom we share personal information, if any; the specific pieces of personal information we have collected about you, in the past 12 months.

The right to request for deletion of information: you have the right to request that we delete your personal information, subject to the exceptions in CCPA §1798.105. We honor such requests, unless an exception applies, such as when the information is necessary to complete the transaction or contract for which it was collected or when it is being used to detect, prevent, or investigate security incidents, comply with laws, identify and repair bugs or ensure another consumer’s ability to exercise their free speech rights or other rights provided by law.


The right to opt-out of sales: we do not sell personal information, so we don’t have an opt out.

The right to receive notification: we cannot collect new categories of personal information or use them for materially different purposes without first notifying you.


The right to equal services and prices: the CCPA prohibits businesses from discriminating against you for exercising your rights under the law. Such discrimination may include denying services, charging different prices or rates for services, providing a different level or quality of services, or suggesting that you will receive a different level or quality of goods or services as a result of exercising your rights.

You can exercise any of your rights as stated above, by sending us a request to [email protected]. We will endeavour to respond to any such request as soon as possible, and in any event within the legal deadline.


B. Canadian Residents.

Residents of Canada may request to access and review, and request correction of, their personal information held by us using the contact information provided below. We will take reasonable steps to verify your identity prior to responding to your requests. The verification steps will vary depending on the sensitivity of the personal information and whether you have an account with us.

We reserve the right not to change personal information if we disagree that it is incorrect, but we will append your requested alternative information. We may not provide access to personal information where permitted or required to deny access by the applicable law, for example, where the information requested would disclose the personal information, including opinions, of another individual or if it is subject to solicitor-client or litigation privilege. You have the right to refuse to provide or to withdraw your consent to processing of your personal information at any time with effect for future processing. This would not affect processing where the applicable law allows us to process personal information without consent.

15. PRIVACY POLICY UPDATES

In Short: Any changes to this Privacy Policy apply to your use of our Services after the “effective date”.

We may revise this Privacy Policy from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is published or made publicly accessible. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes, or by other means. We encourage you to review this Privacy Policy frequently to ensure you are aware of the most recent version. If you object to any changes, you must stop using our Services immediately.

You acknowledge that your continued use of our Services after we publish or notify you about the changes to this Privacy Policy means that the collection, use and sharing of your personal data is subject to the updated Privacy Policy, as of its effective date.

16. GOVERNING LAW AND JURISDICTION

In Short: Governing law shall be the laws of the State of California, USA with the courts in Alameda, California having exclusive jurisdiction. 

Irrespective of the country from which you access or use our Services, to the extent permitted by law, this Privacy Policy shall be governed by the laws of the State of California, without regard to principles of conflicts of law, except to the extent superseded by the laws of the United States of America. In addition, all legal actions or proceedings relating to this agreement shall be brought in state or federal courts located in Alameda, California and you hereby consent to the personal jurisdiction of such courts.

17. HOW TO CONTACT US?

In Short: Via email or mail. 

If you have questions or complaints about this Privacy Policy, please first contact us via email at [email protected] or at:

RedBlock Security, Inc. 
3736 Fallon Rd #309 
Dublin, CA 94568 
United States 
Phone: +1 925-364-5456 

If contacting us does not resolve your complaint, you have more options. Residents in the Designated Jurisdictions and other regions may also have the right to contact our Data Protection Officer via email at [email protected].

Looking for more information or want to book a demo?

Submit your information and an RedBlock representative will follow up with you as soon as possible.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.