Effective date: December 23, 2024
At BreachLock, Inc. (hereinafter referred to as “BreachLock”), we are committed to protecting and respecting the privacy of visitors to our website and customers of our products and services (collectively referred to as “services”). We take responsibility for complying with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our services and the choices and rights you have associated with that data. We use your data to provide and improve our services. By using our services, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Use.
This privacy policy applies to individuals visiting our website, whether they reside in the European Union or not. However, rights given under the EU-US Data Privacy Framework can only be exercised by the individuals residing in the European Union or UK individuals.
BreachLock complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. BreachLock has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
As detailed in the Principles, BreachLock may be required to disclose personal information of an individual without taking consent from an individual in response to lawful requests made by the public authorities, including to meet law enforcement or national security requirements. You have a right to invoke binding arbitration under certain circumstances when other dispute resolution mechanisms have been exhausted. These circumstances have been detailed on the framework website.
We collect several different types of information for various purposes to provide and improve our services.
In the course of using our Site, we may request certain Personally Identifiable Information (PII) from you. This information is essential for contact or identification purposes. For the context of GDPR, UK GDPR, and the Swiss Federal Data Protection Act, “Personal Information” encompasses any “personal data” pertaining to an identified or identifiable individual, as defined by these regulations, which BreachLock receives in the United States from the European Union, the UK, or Switzerland, and is recorded in any format. Considering the nature of our services, BreachLock majorly collects business-related data. However, it receives personal information of individuals either representing a business or in their personal capacity which includes –
BreachLock and its affiliates are responsible for your personal information. We may also retain the services of external suppliers to help meet our business needs and may share your data with these suppliers. These suppliers have been selected after a rigorous evaluation process and chosen for their security, reliability, and competence. They will process your data only under our instructions. Some of these suppliers may be based in non-EU countries. Where this is the case, the transfer of your personal information to these countries is carried out in compliance with the guarantees provided by law. Please contact us on the details given in the Contact section if you wish to receive information about these suppliers.
We remain responsible for all the personal information we receive under the DPF and that we subsequently transfer to third parties acting as agents on our behalf if they process personal information in a manner inconsistent with the DPF principles.
We may also collect information on how our services are accessed and used (herein after referred to as “Usage Data”). This usage data may include information such as your computer’s IP address, browser type, browser version, the pages of our services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
The Personal Information you supply may be disclosed to third-party service providers engaged by us. These entities are contractually obligated to utilize the shared Personal Information solely for the execution of the services commissioned by us.
We may aggregate demographic data, survey responses, and other Personal Information provided by you into a collective, non-personally identifiable format. This aggregated data, devoid of sufficient Personal Information to identify any individual, may be shared with our business partners, affiliates, sponsors, or other third parties. Rest assured, this aggregated information is structured in a manner that prevents personal identification of you or any other Site visitors.
When you engage with BreachLock’s blogs or any publicly accessible sections of our website, please be cognizant that any Personally Identifiable Information (PII) you disclose may become public. This PII could include, but is not limited to, your name and may be accessible to anyone who views the blog or the specific URL of the post you comment on. BreachLock is not liable for the use of this information by parties other than BreachLock personnel.
Your provided name will be displayed publicly and will serve as an identifier for your comment or content. While your PII will not be sold, rented, or shared under normal circumstances, it may be disclosed pursuant to a judicial order.
By posting a comment on our blog or submitting content to any public-facing part of our website, you grant BreachLock an irrevocable, perpetual, exclusive license to use, reproduce, publish, modify, perform, and create derivative works from any part of the content you provide, including any PII therein. Please note that all user-generated content, such as posts, articles, and comments, is subject to review and potential modification prior to publication.
We post customer testimonials on our website. These testimonials may contain personally identifiable information, such as the customer’s name. We obtain the customer’s explicit consent prior to posting any testimonials.
Protecting the privacy of young children is especially important to us. We advocate for the active involvement of parents and guardians in supervising the online activities of their children.
In compliance with the Children’s Online Privacy Protection Act (COPPA), BreachLock does not collect or maintain information from those we actually know are under the age of 13, nor is any part of our website structured to attract anyone under 13.
Should you believe that we have inadvertently collected Personal Identifiable Information from a child under the age of 13, we urge you to contact us immediately. Upon notification, we will take swift measures to verify and, if necessary, promptly delete such information from our database.
We use cookies and similar tracking technologies to track the activity on our services and hold certain information. Cookies are files with small amount of data which may include a unique anonymous identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our services.
Below are the examples of cookies we use on our site, and why we use them:
BreachLock uses the collected data for various purposes:
We will provide you with marketing-related information (including newsletters and/or promotional materials) only after you have, where legally required to do so, opted-in to receive those communications and have provided the opportunity for you to opt-out at any time.
BreachLock will not use your personal information for taking any automated decisions affecting or creating profiles other than as described above. We will not share your personal information with third parties without your consent, except our service providers or parties acting as an agent of BreachLock under a legally binding contract.
Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal data, to the United States and process it here.
We transfer personal information to other countries only when it is essential for the services we provide you, or it is required for the verification or proof of legal claims or subject to protect that assure the protection of your personal information, such as European Commission approved standard contractual clauses.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
BreachLock shall take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
BreachLock may disclose your personal data in the good faith belief that such action is necessary to:
BreachLock shares the collected data with its affiliates, which process this data on behalf of BreachLock. It also shares data with other third parties to fulfill various obligations and as required or permitted by law.
With respect to marketing emails, you can opt-out of receiving such emails from BreachLock by writing to us at the contact details given in the Contact section or using the ‘’Unsubscribe” option given in all the emails sent from BreachLock. Notwithstanding the contents of this Policy, BreachLock may disclose personal data in the circumstances as specified in the Principles.
Security of your data is important to us, but do remember that no method of transmission over the Internet or method of electronic storage is 100% secure, i.e., absolutely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
We may employ third party companies and individuals to facilitate our services (hereinafter referred to as “Service Providers”), to provide our service on our behalf, to perform service-related services or to assist us in analyzing how our services are used. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated under the law to not to disclose or use it for any other purpose.
We may use third-party service providers to monitor and analyze the use of our services,
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having made your activity on the services available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.
HubSpot is a full-service tool for marketing, sales, and customer service. BreachLock uses this service to gather actionable marketing insights and provide customer service to our clients. On behalf of and under instructions from BreachLock, HubSpot acts as a processor to collect, receive, use, store, share, transfer, and process your Personal Data. HubSpot does not have any direct control or ownership of the Personal Data they process. For more information on HubSpot’s data processing activities as a processor, you can visit the HubSpot Product Privacy Policy web page.
Our services may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third party sites or services.
You may have rights under applicable global privacy laws, including GDPR, UK GDPR, CCPA, and the Swiss Federal Data Protection Act. These rights may encompass: accessing your Personal Information we hold, its source, and the purposes of processing, including where this information is shared or sold; correcting any inaccuracies in your Personal Information; requesting the deletion of your Personal Information (‘right to be forgotten’); restricting the processing of your Personal Information; portability of your Personal Information; objecting to our use of your Personal Information; opting out of the sale of your Personal Information; and rights related to automated decision-making and non-discrimination.
BreachLock is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to your organization and following the procedures and subject to conditions set forth in Annex I of Principles.
An individual residing in the EU or UK individuals has a right to access his personal information stored with BreachLock. An individual may request to update, correct, or delete his/her data. To submit such requests to exercise your right or raise any questions, please contact BreachLock as per the ‘Complaints’ section given below. As per the provisions of the framework, BreachLock reserves the right to authenticate an applicant’s identity, charge a minimum amount of fee, and deny or provide access.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, BreachLock commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Individuals within the European Union, the UK, and Switzerland are encouraged to bring forward any inquiries or complaints related to data protection compliance directly to BreachLock.
BreachLock subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Please contact us via email at compliance@breachlock.com or send your correspondence to the following address:
BreachLock, Inc. 3 Germay Drive, Unit 4 #1354 Wilmington DE 19804 Email: compliance@breachlock.com Phone: +1-917-779-0009
We commit to promptly addressing and working towards the resolution of any issues raised.
BreachLock complies with the EU-U.S. Data Privacy framework and has self-certified to the Department of Commerce that it adheres to the Principles laid down in the Framework. If there is any conflict or vagueness in this Privacy Statement and the Data Privacy Framework, the Data Privacy Framework shall govern. To learn more about the framework, please visit the framework website.
If you have any questions related to this Privacy Policy, your personal data stored with BreachLock, your rights under the EU-U.S. Data Privacy Framework, and any matters related thereof, please contact our Compliance Manager:
Address: BreachLock, Inc. 3 Germay Drive, Unit 4 #1354 Wilmington DE 19804 Email: compliance@breachlock.com Phone: +1-917-779-0009
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, BreachLock commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
This Privacy reflects our information security and data protection practices. If any material changes are made in the contents of this policy, BreachLock will also let you know via email and/or a prominent notice on our services, prior the changes coming into effect and updating the “Effective Date” at the top of this Policy. Changes to this Policy are effective when they are published on this page.