Privacy Policy

Last Updated: 6 June, 2025

Your trust is important to us, and we want to ensure that your personal information is protected. This Portnox Security LLC (“Portnox”) Privacy Policy explains how we collect and use your personal information in relation to Portnox products, services, events, and websites or applications that link to this Policy (together, the “Portnox Products”). It also describes how you can control or exercise your rights related to your personal information.

1. Personal Information We Collect

We process information about you while providing the Portnox Products. Below, we outline the kinds of information we collect.

Information You Give to Us

We collect information about you when you provide it to us directly.

• Your Portnox account.We collect information about you when you submit it through the Portnox Products, including when you create an account with us. This may include your name, email address, profile picture, company name, postal address, and phone number. This may also include your payment information when you purchase any of the Portnox Products.
• We collect information you provide to us when you open a support request or otherwise communicate with us (such as through third-party social-media sites). This may include your name, email address, title, company, and any other information you provide in your request.
• Other information submitted by you.We collect information about you that you submit to us through the Portnox Products, such as when you participate in any interactive features of the Portnox Products or fill out a form on one of our websites. This information may include your name, email address, and mailing address.

Information We Collect Automatically

We automatically collect information about you when you access or use the Portnox Products.

• Your use of the Portnox Products.We collect information about how you use the Portnox Products, such as your session date, time, and duration; the pages you viewed; and the page you visited before navigating to the products or websites.
• Device information.We collect information about your computer or device when you access any of the Portnox Products, such as the type of browser you use, your IP address, and the location of your device.
• Cookies and similar technologies.We use cookies and similar technologies (like web beacons and pixels) to collect information about your interactions with the Portnox Products, including identifiers, usage data, session information, links clicked, pages visited, and mouse movements. Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our services. To learn more about how to control cookie settings please consult your internet browser.

Information We Collect from Other Sources

We may also obtain information about you from other sources.

• Other services linked to your account.We may collect information about you when you link your Portnox account with other services. For example, if you create or log into your Portnox account using third-party credentials via single sign-on, we may have access to certain information such as your name and email address, as authorized in your third-party profile settings.
• Our affiliates.We may receive information about you from one of our affiliates if you interact with them directly, for example through a support request. This may include your name, email address, and information about your request.
• Third parties.We may receive information about you from third parties that provide business information to us or from public sources. This information may include things like your name, title, email address, phone number, and social-media profile. We may combine this information with information we collect through other means described above.

2. How We Use Personal Information

We use information about you for the following purposes.

• To provide the Portnox Products.We use information about you to provide you with access to the Portnox Products, including to create and manage your Portnox accounts, process transactions with you, and send you invoices.
• For research and to improve the Portnox Products.We use information about you, including website analytics, to improve the Portnox Products, including to monitor and analyze trends, usage, and other activities in connection with the Portnox Products so that we can continually improve them. We may also link or combine information about you with information we get from others to help understand your needs and provide you with better service.
• To communicate with you.We use information about you to communicate with you, including to send you technical notices, product updates, security alerts, support communications, and administrative messages about the Portnox Products (including important changes to the Portnox Products). This also includes sending you information about your account and data, such as when we update our terms or when we materially change how we use your data.
• For security.We may use information about you to maintain and increase the security of the Portnox Products, including to detect, investigate, and prevent fraud and other illegal activities from occurring, as well as to protect the rights and property of Portnox, our customers, and third parties.
• To market and promote the Portnox Products.We use information about you to send you promotional messages and to show you advertisements. This may also include using information about you to create more personalized advertising and suggest Portnox Products that may be of interest to you. We may also use information about you to facilitate contests, sweepstakes, and promotions, and to process and deliver your entries and rewards.
• To comply with legal obligations.We may use information about you to comply with our legal requirements. For example, we may process and retain information about your payments to us for tax and accounting purposes.
• With your consent.Finally, we use information about you for any other purposes that you have affirmatively consented to.

3. How We Share Personal Information

We may share your personal information as follows.

• Service providers.We use third-party service providers who work on our behalf, including to provide hosting services, authentication services, cybersecurity and anti-fraud services, and advertising, which may require us to share your personal information. A current list of our sub-processors is available here.
• For legal reasons.In rare cases, we may share information about you in response to a request for information if we believe disclosure is permitted or required by an applicable law, regulation, or legal process, including to comply with a subpoena or applicable court order. For example, we may disclose information in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements. Further, we may share your personal information with any person to whom disclosure is necessary to enable us to enforce our rights under this Privacy Policy or under any agreement we enter with you or to protect the rights, property, or safety of Portnox or third parties.
• Business transfers.We may share your information in connection with, or during negotiations of, any merger, sale of Portnox assets, financing, or acquisition of all or a portion of our business by another company.
• We may share your personal information with our affiliate companies who may act for us for any of the purposes set out in this Privacy Policy, including our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership.
• Marketing and analytics.We may share your personal information with analytics and search-engine providers that assist us in the improvement and optimization of our websites.
• Social Media.Some of our websites may contain social-sharing widgets or features that let you share information you find on our websites on third-party sites, including, for example, Twitter, LinkedIn, and YouTube. By doing so, you authorize us to facilitate this sharing of information, and you understand that the use of shared information will be governed by the social media provider’s privacy notice.
• We may share your personal information with your consent or at your direction.

In the event that you facilitate a transaction with Portnox, or request information from or otherwise engage with us, and such activities require Portnox to share your personal information with a service provider or other third party, you hereby consent to such disclosure. Any disclosure of personal information to a third party will only be transferred subject to a contract as required by the DPF Principles, including Portnox’s continued liability and obligations under the Onward Transfer Principle. In particular, Portnox remains responsible and liable under the EU-U.S. DPF Principles, the UK extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the DPF Principles unless Portnox proves that it is not responsible for the event giving rise to the damage. For more information view the DPF Accountability for Onward Transfer.

4. Security

The security of your personal information is incredibly important to us. We have implemented and we continually maintain a variety of technical and organizational measures to protect your personal information from unauthorized access and against unlawful processing, accidental loss, destruction, and damage. View our Security page to learn more about the specific security controls we have put in place to safeguard your information.

5. Retention

We only keep your personal information for as long as necessary to fulfill the purposes we collected it for, after which it will be deleted or archived unless we are required to keep it to comply with our legal obligations or for another legitimate and lawful purpose. To determine the appropriate retention period for personal information, we consider several factors, including:

• the terms of our agreements with you;
• our legitimate interests (as outlined in this Privacy Policy);
• our legal obligations; and
• the amount and nature of your personal information.

In some cases, we may anonymize your personal information so that you are no longer identifiable, in which case we may use the resulting information without further notice to you.

6. Children

The Portnox Products are not directed to individuals under the age of 16, and we do not knowingly collect or sell the personal information of children under 16

7. Your Choices

You have choices about how Portnox collects and uses your personal information.

• Account information.Our customers may access, update, or change personal information they have provided to us by logging into the relevant Portnox application or emailing us at [email protected]. Subject to the terms of their agreements with us, customers may deactivate their accounts by emailing us at [email protected], but we may retain certain personal information as necessary to comply with our legal obligations or for legitimate business purposes, such as to resolve disputes or enforce our agreements. We may also retain cached or archived copies of personal information for a certain period.
• You may opt out of receiving promotional emails from Portnox by following the instructions in those emails or by emailing [email protected]. If you opt out of receiving promotional communications, we may still send you non-promotional emails, such as those about your account or our ongoing business relationship. If you would like to opt out of receiving promotional phone calls, please contact us as outlined in the “Contact Us” section below

8. Data Privacy Framework Notice

Portnox Security LLC (“Portnox”) is based in the United States and the personal information we collect and process is retained and stored in the United States. Portnox complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Portnox has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  Portnox has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the DPF Principles shall govern.  Portnox is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit the Data Privacy Framework website.

9. Supplemental Notice for the EEA, UK, and Switzerland

This section provides additional details about the personal information we process subject to the General Data Protection Regulation (GDPR) and UK GDPR.

Controller of Your Information

Unless otherwise stated in a supplemental notice, Portnox is the data controller of your personal information.

Your Rights

Subject to applicable law, you have the following rights with respect to your personal information.

• Right to access.You have the right to access your personal information that we hold, and receive it in a portable way.
• Right to update.You have the right to request that we update your personal information.
• Right to delete.You have the right to have your personal information deleted.
• Right to restrict processing.You have the right to request us to restrict or suppress the processing of your personal information where our processing is inappropriate.
• Right to object.You have the right to object to the processing of your personal information.
• Right to withdraw consent.You have the right to withdraw your consent at any time where we are processing your personal information based on your prior consent.

To exercise your rights, please email [email protected] or contact us as outlined in the “Contact Us” section below. Please note that we may ask you to provide us with additional information to confirm your identity.

Legal Bases for Processing Personal Information

We process your personal information on one or more of the following legal bases:

• where necessary to enter into or perform under a contract with you, including to provide the Portnox Products;
• where necessary for us to comply with a legal obligation;
• for our legitimate interests, as outlined in this Privacy Policy; or
• with your consent.

International Data Transfers

Your personal information may be collected in, transferred to, accessed from, or stored in a country other than the one you are in, including the United States, which may have data protection rules that are different from those of your country.

Your personal information is only transferred out of your country in accordance with applicable data protection law, including, for example, to third countries that adequately safeguard personal data, applicable DPF Principles, or other appropriate transfer mechanisms.

Complaints

We encourage you to contact us as provided below should you have a Data Privacy Framework related (or general privacy-related) complaint.  If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our [email protected] (free of charge).  Through this dispute resolution mechanism, we have also committed to cooperating and complying with the information and advice provided by an informal panel of data protection authorities (DPAs) in the European Economic Area, and/or the Swiss Federal Data Protection and Information Commissioner, UK Information Commissioner Office (as applicable) in relation to unresolved complaints (as further described in the DPF Principles). You may also contact your local data protection authority within the European Economic Area, UK, or Switzerland (as applicable) for unresolved complaints.

In compliance with the EU-U.S. DPF, Portnox commits to cooperate and comply with the advice of the panel established by the EU DPAs with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF in the context of the employment relationship.

You may lodge a complaint with a data protection authority for your country or region where you have your habitual residence, where you work, or where an alleged infringement of applicable data protection law occurs. A list of EEA data protection authorities is available here, the contact details for the UK Information Commissioner’s Office is available here, and the contact for the Swiss Federal Data Protection and Information Commissioner here.

Under certain conditions, more fully described on the Data Privacy Framework website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration.

10. Supplemental Notice for California

This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act, as amended (CCPA).

Your Rights

Subject to applicable law, you have the following rights with respect to your personal information.

• Right to access.You have the right to request that we disclose to you what personal information we collect, use, disclose, share, and sell about you.
• Right to delete.You have the right to request that we delete your personal information that we’ve collected.
• Right to update.You have the right to request that inaccurate personal information we hold about you be corrected.
• Right to restrict the use and disclosure of your sensitive information.You have the right to request that we limit our use and disclosure of your sensitive personal information.
• Right to nondiscrimination.You have the right not to receive discriminatory treatment because you’ve exercised any of your rights under the CCPA.

If you or your authorized agent wishes to exercise any of these rights, please email [email protected] or contact us as outlined in the “Contact Us” section below. Please note that we may ask you or your agent to provide us with additional information to confirm your identity.

Categories of Personal Information Collected

The personal information that we’ve collected in the past 12 months fall into the following categories specifically established under the CCPA:

• Identifiers such as a real name, postal address, unique personal identifier, online identifier, internet protocol address, and email address.
• Information under Cal. Civ. Code §1798.80(e), such as your name, address, telephone number, or any financial information.
• Commercial information, such as information related to products or services you’ve purchased.
• Internet or other electronic network activity information, such information regarding your interaction with the Portnox Products.
• Geolocation data.
• Audio, electronic, visual, or similar information, such as audio recordings of calls with you.
• Inferences drawn on the information above, such as aggregated metrics.
• Account log-in or credit card number in combination with your credentials allowing access to your account.

For more information about the categories of personal information we collect, please see the “Personal Information We Collect” section above.

Categories of Personal Information Disclosed for a Business Purpose

The personal information that we’ve disclosed for a business purpose (including to our service providers) in the past 12 months fall into the following categories specifically established under the CCPA:

• Identifiers such as a real name, postal address, unique personal identifier, online identifier, internet protocol address, and email address.
• Information under Cal. Civ. Code §1798.80(e), such as your name, address, telephone number, or any financial information.
• Commercial information, such as information related to products or services you’ve purchased.
• Internet or other electronic network activity information, such information regarding your interaction with the Portnox Products.
• Geolocation data.
• Audio, electronic, visual, or similar information, such as audio recordings of calls with you.
• Inferences drawn on the information above, such as aggregated metrics.
• Account log-in or credit card number in combination with your credentials allowing access to your account.

For more information about the categories of personal information we disclose to other parties, including to our services providers, please see the “How We Share Personal Information” section above.

No Sale or Sharing of Personal Information

We do not sell or share (for the purpose of cross-context behavioral advertising) your personal information, as those terms are defined under the CCPA.

11. Supplemental Notice for Virginia

This section provides additional information for residents of Virginia and the rights afforded to them under the Virginia Consumer Data Protection Act (VCDPA).

Your Rights

Subject to applicable law, you have the following rights with respect to your personal information.

• Right to access.You have the right to access your personal information and obtain a copy of it in a portable and readily usable format.
• Right to correct.You have the right to correct errors in your personal information.
• Right to delete.You have the right to have your personal information deleted.
• Right to opt out.You have the right to opt out of behavioral advertising, automated profiling, and sales of personal information.

To exercise your rights, please email [email protected] or contact us as outlined in the “Contact Us” section below. Please note that we may ask you to provide us with additional information to confirm your identity.

If you submit a request to exercise one of the above rights and you disagree with our decision regarding your request, you may appeal our decision by replying to our response.

12. Changes to this Privacy Policy

We may occasionally update this Privacy Policy. The date at the top of this Privacy Policy indicates when it was last revised. Any changes will become effective when we post the revised Privacy Policy on this page.

13. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at: Portnox, 5707 Southwest Parkway, Building Two Suite 260, Austin, TX 78735; or [email protected].