🔥 Subscribe to Our Monthly Security Digest Newsletter Sign Me Up
Continuously model threats at scale and proactively write code that significantly reduces risks and remediation costs.
Developer-Centric
Threat Modeling
Continuously model threats at scale and proactively write code that significantly reduces risks and remediation costs.
Security Compass’ research team creates insights that challenge the way we think.
Join us at one of our virtual or in-person events.
General Agreements and Policies
Product and Service Privacy Policies
Effective as of January 14th 2020, Security Compass Technologies Ltd. and its affiliates, (collectively, the “Security Compass Group” or “we” or “us” or “our”) have updated terms that apply to the use of our website.
1. Terms
By accessing the website at https://www.securitycompass.com, you are agreeing to be bound by (i) these terms of service, (ii) Security Compass’ privacy policy; (iii) Security Compass’ cookie policy; and (iv) all applicable laws and regulations which apply to your use. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this website are protected by applicable copyright and trademark law.
These Terms do not apply to your access and use of Security Compass’ products and services which we market for subscription on our Websites (our “Products”). The practices and policies, including how we protect, collect, and use data stored within the Products by You (“Service Data”) are detailed in and governed by product specific privacy policies found below:
These Terms, or any part thereof, may be modified by us, including the addition or removal of terms at any time, and such modifications, additions or deletions will be effective immediately upon posting. Your use of the website after such posting shall be deemed to constitute acceptance by you of such modifications, additions or deletions.
2. Use License
The following terms apply to your conduct when accessing or using the website: (a) you agree not to interfere with or disrupt the website or the servers or networks connected to the website, or disobey any requirements, procedures, policies or regulations of networks connected to the website; (b) you agree not to reproduce, duplicate, copy, sell, resell or exploit for any commercial purpose, any portion of the website, use of the website, or access to the website; (c) you agree not to engage in any activity that would constitute a criminal offense or give rise to a civil liability; (d) you agree not to impersonate any person or entity, including, but not limited to, the Security Compass Group or any Security Compass Group employee, or falsely state or otherwise misrepresent your affiliation with any person or entity; and (e) you agree not to interfere with any other user’s right to privacy, including by harvesting or collecting personally-identifiable information about users of the websites or posting private information about a third party
The website may allow you to download certain resources made available by Security Compass, including but not limited to, whitepapers, datasheets, infographics, webinars, brochures and case studies (collectively the “Materials”). Permission is granted to temporarily download one copy of the Materials for personal, non-commercial transitory viewing only. This is the grant of a limited license for the sole purpose stated, and not a transfer of title. Under this license you may not:
This license shall automatically terminate if you violate any of these restrictions and may be terminated by Security Compass at any time. Upon terminating your viewing of these Materials or upon the termination of this license, you must destroy any downloaded Materials in your possession whether in electronic or printed format.
3. Disclaimer
The materials on Security Compass’ website are provided on an ‘as is’ basis. Security Compass makes no warranties, express or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights, other than those warranties which are implied by and incapable of exclusion, restriction or modification under the laws applicable to these terms.
Further, Security Compass does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its website or otherwise relating to such materials or on any sites linked to this site.
4. Limitations
In no event shall Security Compass or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption) arising out of the use or inability to use the materials on Security Compass’ website, even if Security Compass or a Security Compass authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.
5. Accuracy of Materials
The materials appearing on Security Compass’ website could include technical, typographical, or photographic errors. Security Compass does not warrant that any of the materials on its website are accurate, complete or current. Security Compass may make changes to the materials contained on its website at any time without notice. However Security Compass does not make any commitment to update the materials.
6. Links
Security Compass has not reviewed all of the sites linked to its website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by Security Compass of the site. Use of any such linked website is at the user’s own risk.
7. Modifications
Security Compass may revise these terms of service for its website at any time without notice. By using this website you are agreeing to be bound by the then current version of these terms of service.
8. Intellectual Property Rights
All text, graphics, photographs, trademarks, logos, icons, user interfaces, sounds, music, videos, artwork, software and computer code (collectively, “Content”), including but not limited to the “look and feel”, layout, design, structure, color scheme, selection, combination and arrangement of the Content present on the website is owned by or licensed to us. Such Content is protected by copyright, trademark, and various other intellectual property and unfair competition laws.
Except with our express written permission or as permitted by applicable laws, you may not copy, distribute, reproduce, mirror, frame, publicly display, publicly perform, translate, create derivative works of, re-publish or transmit the Content from the website (in whole or in part) in any way or through any medium for distribution, publication or any commercial purpose.
You may display, copy and download Content from the website solely for your personal and non-commercial use provided that: (a) you do not remove any copyright or proprietary notice from the Content; (b) such Content will not be copied or posted on any networked computer or published in any medium; and (c) no modifications are made to such Content.
9. Limitation of Liability
TO THE FULLEST EXTENT PERMISSIBLE BY APPLICABLE LAW, IN NO EVENT SHALL THE SECURITY COMPASS GROUP, OR ITS CURRENT OR FUTURE AFFILIATES, BE LIABLE TO YOU FOR ANY PERSONAL INJURY, PROPERTY DAMAGE, LOST PROFITS, COST OF SUBSTITUTE GOODS OR SERVICES, LOSS OF DATA, LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER AND/OR DEVICE OR TECHNOLOGY FAILURE OR MALFUNCTION OR FOR ANY FORM OF DIRECT OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY OR PUNITIVE DAMAGES BASED ON ANY CAUSES OF ACTION ARISING OUT OF USE OF THE WEBSITES OR ANY ALLEGED FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DELETION, DEFECT, OR DELAY IN SERVICE, OPERATION, OR TRANSMISSION OF THE WEBSITES, OR ANY ALLEGED COMPUTER VIRUS, COMMUNICATION LINE FAILURE, THEFT OR DESTRUCTION OF PROPERTY, AND/OR UNAUTHORIZED ACCESS TO, ALTERATION OF, OR USE OF OR POSTING OF ANY RECORD, CONTENT, OR TECHNOLOGY, PERTAINING TO OR ON THE WEBSITES. YOU AGREE THAT THIS LIMITATION OF LIABILITY APPLIES WHETHER SUCH ALLEGATIONS ARE FOR BREACH OF CONTRACT, TORTIOUS BEHAVIOR, NEGLIGENCE, OR FALL UNDER ANY OTHER CAUSE OF ACTION, REGARDLESS OF THE BASIS UPON WHICH LIABILITY IS CLAIMED AND EVEN IF THE SECURITY COMPASS GROUP OR FUTURE AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, YOU ALSO SPECIFICALLY ACKNOWLEDGE THAT THE SECURITY COMPASS GROUP OR FUTURE AFFILIATES ARE NOT LIABLE FOR ANY ACTUAL OR ALLEGED DEFAMATORY, OFFENSIVE, OR ILLEGAL CONDUCT OF OTHER USERS OF THE WEBSITES OR ANY OTHER THIRD PARTIES.
IF APPLICABLE LAW DOES NOT ALLOW ALL OR ANY PART OF THE ABOVE LIMITATION OF LIABILITY TO APPLY TO YOU, THE LIMITATIONS WILL APPLY TO YOU ONLY TO THE EXTENT PERMITTED BY APPLICABLE LAW.
10. Governing Law
These terms and conditions are governed by and construed in accordance with the laws of Ontario, Canada and you irrevocably submit to the exclusive jurisdiction of the courts in that Province or location.
11. Miscellaneous.
These Terms and any operating rules for the websites established by us constitute the entire agreement of the parties with respect to the subject matter hereof, and supersede all previous written or oral agreements between the parties with respect to such subject matter. The provisions of these Terms are for the benefit of the Security Compass Group, its affiliates and its third party content providers and licensors and each shall have the right to assert and enforce such provisions directly or on its own behalf. No waiver by either party of any breach or default hereunder shall be deemed to be a waiver of any preceding or subsequent breach or default. If any part of these Terms is found by a court of competent jurisdiction to be invalid or unenforceable, it will be replaced with language reflecting the original purpose in a valid and enforceable manner. The enforceable sections of these Terms will remain binding upon the parties. The section headings used herein are for convenience only and shall not be given any legal import.
PRIVACY POLICY
Effective as of January 14, 2020, Security Compass and its affiliates (collectively, the “Security Compass Group” or “we” or “us” or “our”) have updated our Privacy Policy.
Your privacy is important to us. It is Security Compass’ policy to respect your privacy regarding any information we may collect from you through our website, https://www.securitycompass.com, through other sites we own and operate, and through the products and services we provide.
This policy (together with our terms of service and any other documents referred to in it) sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed.
Compliance with Privacy Laws
At Security Compass, the security of your data isn’t an afterthought. We have prioritized the security of customer data long before it was legally required. Our approach has been anchored with a strong commitment to privacy, security, compliance and transparency. This approach includes supporting our customers’ compliance with various regulatory frameworks, including EU data protection requirements set out in the General Data Protection Regulation (“GDPR”), which became enforceable on May 25, 2018, and the California Consumer Privacy Act (“CCPA”) which came into effect January 01, 2020.
Where a company collects, transmits, hosts or analyzes personal information of EU data subjects, GDPR requires the company to process such data only in a way which guarantees the technical and organizational safeguards mandated by the GDPR.
Understanding the Key Concepts
What is ‘Personal Information’?
‘Personal Information’ means any information relating to an identified or identifiable natural person. The personal information we collect is explicitly stated below.
What is ‘Processing’ of personal information?
This can include a large number of actions. In simplified terms, processing your personal information means any use we make of it, whether we collect it in a database, store it somewhere or send it to someone else. You can see how we process your data below under ‘What we use your information for’.
What information do we collect?
We may collect and process the following data about you:
(i) Personal information
We may ask for personal information, such as your:
This data is considered “identifying information”, as it can be used to personally identify you. We only request personal information relevant to providing you with a service, and only use it to help provide or improve this service. If you consent to receiving communications about our products and services, we may use your personal information to send you product and industry related news and updates. We only send out communications where we are legally allowed to do so.
(ii) Log data
When you visit our website, our servers may automatically log the standard data provided by your web browser. This data is considered “non-identifying information”, as it does not personally identify you on its own. It may however include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other non-identifying details.
We may also collect data about the device you are using to access our website. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.
How we collect the information.
We collect information by fair and lawful means, with your knowledge and consent. We only process your data when we have a lawful reason for doing so. We also let you know why we’re collecting it and how it will be used. You are free to refuse our request for this information, with the understanding that we may be unable to provide you with some of your desired services without it.
What we use the information for.
We may use a combination of identifying and non-identifying information to understand who our visitors are, how they use our services, and how we may improve their experience of our website in future. We do not disclose the specifics of this information publicly but may share aggregated and anonymized versions of this information, for example, in website and customer usage trend reports.
We may use your personal details to contact you with updates about our website and services, along with promotional content that we believe may be of interest to you. We may contact you via phone, email, social media, or conventional mail. If you wish to opt out of receiving promotional content, you can follow the “unsubscribe” instructions provided alongside any promotional correspondence from us.
Where we store the information.
The personal information we collect is stored and processed in, or where we or our partners, affiliates and third-party providers maintain facilities. We only transfer data within jurisdictions subject to data protection laws that reflect our commitment to protecting the privacy of our users.
We only retain personal information for as long as necessary to provide a service, or to improve our services in future. In most cases, we delete personal information after a period of 2 years if we have not received any communication, opt-in notification, or other form of consent from the contact. While we retain this data, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security.
If you request your personal information be deleted, or where your personal information becomes no longer relevant to our operations, we will erase it from our system within a reasonable timeframe.
Who is the data processor?
Any personal information processed by Security Compass in connection with this Privacy Policy is controlled by Security Compass Ltd., which is considered the “data controller” of your personal information under the European Union data protection laws.
Who are our sub-processors?
Security Compass’ maintains an up-to-date list of the sub-processors used for hosting, or other processing of data in the product specific privacy policies (see above under GDPR Compliance)
How we protect your information.
Security Compass employs the following safeguards to ensure the security your data:
Cookies
We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified. Please refer to our Cookie Policy for more information.
Which third parties have access to your information?
We use third-party services for:
These third-party service providers may only access your data for the sole purpose of performing specific tasks behalf of Security Compass. We do not share any personally identifying information with them without your explicit consent. We do not give them permission to disclose or use any of your data for any other purpose.
We may, from time to time, allow limited access to our data by external consultants and agencies for the purpose of analysis and service improvement. This access is only permitted for as long as necessary to perform a specific function.
We will refuse government and law enforcement requests for data if we believe a request is too broad or unrelated to its stated purpose. However, we may cooperate if we believe the requested information is necessary and appropriate to comply with legal process, to protect our own rights and property, to protect the safety of the public and any person, to prevent a crime, or to prevent what we reasonably believe to be illegal, legally actionable, or unethical activity.
We do not otherwise share or supply personal information to third parties. We do not sell or rent your personal information to marketers or third parties.
Children’s Privacy
This website does not knowingly target children or collect personal information from children. As a parent/guardian, please contact us if you believe your child is participating in an activity involving personal information on our website, where you have not consented to the collection of such data. We do not use your supplied contact details for marketing or promotional purposes.
Limits of our policy
This privacy policy only covers Security Compass’ own collecting and handling of data. We only work with partners, affiliates and third-party providers whose privacy policies align with ours, however we cannot accept responsibility or liability for their respective privacy practices.
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites and cannot accept responsibility or liability for their respective privacy practices.
Your rights and responsibilities
As our user, you have the right to be informed about how your data is collected and used. You are entitled to know what data we collect about you, and how it is processed. You are entitled to correct and update any personal information about you, and to request this information be deleted. You may amend or remove your account information at any time, using the tools provided in your account control panel.
You are entitled to restrict or object to our use of your data, while retaining the right to use your personal information for your own purposes. You have the right to opt out of data about you being used in decisions based solely on automated processing.
How do I exercise my privacy rights?
In certain jurisdictions such as the EU and California privacy laws and regulations provide you with an array of rights, which lead to greater transparency into the use and control over your personal information. To ensure we honor your rights, you may contact us and submit a verifiable request in regard to the following:
Where you have previously agreed to us using your personal information for direct marketing purposes, and you wish to withdraw your consent (this may also be done through the unsubscribe function in an email received from us).
You may request access to your information, or to have your information changed or removed. Requests will be handled as soon as reasonably possible, but in all cases within 30 days. If you believe the information we hold about you is incorrect, or your personal information is being processed unlawfully, you may contact us have this rectified.
Your California Privacy Rights
The CCPA provides California residents with specific consumer rights regarding their personal information:
Security Compass does not sell or share personal information collected through our website with third parties for commercial purposes or monetary gain, and therefore do not offer an opt out of sale link on our homepage for CCPA purposes. Consumers will not be discriminated against for exercising their privacy rights. For more information on how to exercise your California consumer privacy rights, see the section of this privacy policy ‘How do I exercise my privacy rights?’.
Changes to our Privacy Policy
This privacy policy was last updated on January 14, 2020.
At our discretion, we may change our privacy policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website. If you are a registered user on https://www.securitycompass.com, we will notify you using the contact details saved in your account. Your continued use of this site after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information.
How to contact us:
Write: | Phone: | Email: |
Security Compass Canada | 1 888-777-2211 | [email protected] |
We use cookies to help improve your experience of https://www.securitycompass.com. This cookie policy is part of Security Compass’ privacy policy, and covers the use of cookies between your device and our site. We also provide basic information on third-party services we may use, who may also use cookies as part of their service, though they are not covered by our policy.
If you don’t wish to accept cookies from us, you should instruct your browser to refuse cookies from https://www.securitycompass.com, with the understanding that we may be unable to provide you with some of your desired content and services.
What is a cookie?
A cookie is a small piece of data that a website stores on your device when you visit, typically containing information about the website itself, a unique identifier that allows the site to recognize your web browser when you return, additional data that serves the purpose of the cookie, and the lifespan of the cookie itself.
Cookies are used to enable certain features (eg. logging in), to track site usage (eg. analytics), to store your user settings (eg. timezone, notification preferences), and to personalize your content (eg. advertising, language).
Cookies set by the website you are visiting are normally referred to as “first-party cookies”, and typically only track your activity on that particular site. Cookies set by other sites and companies (ie. third parties) are called “third-party cookies”, and can be used to track you on other websites that use the same third-party service.
Types of cookies and how we use them
Essential cookies
Essential cookies are crucial to your experience of a website, enabling core features like user logins, account management, shopping carts and payment processing. We do not use this type of cookie on our site.
Performance cookies
Performance cookies are used in the tracking of how you use a website during your visit, without collecting personal information about you. Typically, this information is anonymous and aggregated with information tracked across all site users, to help companies understand visitor usage patterns, identify and diagnose problems or errors their users may encounter, and make better strategic decisions in improving their audience’s overall website experience. These cookies may be set by the website you’re visiting (first-party) or by third-party services. We use performance cookies on our site.
Functionality cookies
Functionality cookies are used in collecting information about your device and any settings you may configure on the website you’re visiting (like language and timezone settings). With this information, websites can provide you with customised, enhanced or optimised content and services. These cookies may be set by the website you’re visiting (first-party) or by third-party service. We use functionality cookies for selected features on our site.
Targeting/advertising cookies
Targeting/advertising cookies are used in determining what promotional content is more relevant and appropriate to you and your interests. Websites may use them to deliver targeted advertising or to limit the number of times you see an advertisement. This helps companies improve the effectiveness of their campaigns and the quality of content presented to you. These cookies may be set by the website you’re visiting (first-party) or by third-party services. Targeting/advertising cookies set by third-parties may be used to track you on other websites that use the same third-party service. We use targeting/advertising cookies on our site.
Third-party cookies on our site
We may employ third-party companies and individuals on our websites—for example, analytics providers and content partners. We grant these third parties access to selected information to perform specific tasks on our behalf. They may also set third-party cookies in order to deliver the services they are providing. Third-party cookies can be used to track you on other websites that use the same third-party service. As we have no control over third-party cookies, they are not covered by Security Compass’ cookie policy.
How you can control or opt out of cookies
If you do not wish to accept cookies from us, you can instruct your browser to refuse cookies from our website. Most browsers are configured to accept cookies by default, but you can update these settings to either refuse cookies altogether, or to notify you when a website is trying to set or update a cookie.
If you browse websites from multiple devices, you may need to update your settings on each individual device.
Although some cookies can be blocked with little impact on your experience of a website, blocking all cookies may mean you are unable to access certain features and content across the sites you visit.
Important information about SD Elements
The SD Elements Privacy Policy contains information about the privacy practices surrounding how we (Security Compass) collect and manage information relating to users who use our product, SD Elements.
What is SD Elements?
SD Elements is a web application created by Security Compass which helps companies write secure software by providing guidance on best practices in secure software development and by integrating with software tools that are used to develop software.
Examples of such tools are:
Who controls and manages my access to SD Elements?
A license to SD Elements is purchased by your company, who then manages your access to the features and projects that are set up by your company in SD Elements.
Security Compass does not directly view your data except for the purposes of helping your company get up and running with the software, and for helping to resolve issues where they arise when we’re working in partnership with your company to optimize SD Elements for its unique environment.
Where is SD Elements hosted?
Depending on your company’s security requirements, they may choose to host in one of two ways:
What information is collected when you use SD Elements?
Information collected is restricted to:
We also use cookies to help you manage your access to SD Elements.
Why is this information collected?
Use of Email Address:
We use your email address for the following reasons:
Use of Name
We use your first name, last name and email address for the following reasons:
The types of activities we record in the activity log include:
Use of IP Address
We record the IP address you use when you sign into SD Elements so that we are able to audit and troubleshoot in the event you run into technical issues accessing specific features of SD Elements.
Contractual Obligations
We capture and process this information as part of a contractual arrangement with your company to enable SD Elements to help your company write secure software.
Can my personal information be shared with any other systems?
Depending on how your company chooses to configure SD Elements, they may use it in conjunction with other tools such as code analysis tools and Issue Tracking Systems. In this case, information about your activities in SD elements may be shared with these tools and your activities in these tools may be shared with SD Elements.
Your company may also use the SD Elements platform to take data about your activities in SD Elements and share them with another tool in use at your company.
Does SD Elements use machine learning to track my activity and predict my behavior?
SD Elements does not use automated machine learning to either track your behavior or predict your activities.
Will my information leave the country I’m located in?
If your company’s version of SD Elements is hosted in the cloud, your information may be transferred across multiple locations. This is possible if the hosting provider that hosts SD Elements creates a server in another location for the purposes of improving performance or ensuring SD Elements is regularly available for your company to use.
Normally, Security Compass remains neutral about where SD Elements in the cloud is physically hosted. However, your company may contractually require that SD Elements be hosted in a specific country.
If my information is transferred to another location, will it be secure?
SD Elements is a secure, encrypted web application that protects your information regardless of where SD Elements is hosted.
How long is my information retained?
For the purpose of enabling your company to conform to compliance and audit regulations, we retain your information for as long as your company licenses SD Elements. Please note: Your information will not be deleted in the event that you leave the company while SD Elements is still being used by this company.
If your company stops being an SD Elements customer, the information will be securely removed from our servers and backed up in an encrypted backup file for a period of at least six months. This information is stored in case your company wishes to retrieve it for audit purposes or restart their SD Elements license at a later time.
Who are the Sub-processors used for SD Elements?
Name of Sub-processor | Address of Sub-processor | Services/Sub-processing provided |
Amazon Web Services | 410 Terry Avenue North Seattle, WA 98109 | Host provider for SaaS based SD Elements customers |
Salesforce Service Cloud & Experience Cloud | Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105 94103 | Service Cloud is the customer support ticketing software used by the support team. Experience Cloud is an experience portal for customers. |
Who do I contact if I require more clarity about the SD Elements Privacy Policy?For more information about the SD Elements Privacy Policy, you can contact us in the following ways:
Write:
Security Compass
Attn: Legal Department
390 Queens Quay West, Suite 209
Toronto ON, Canada
M5V 3A6
Phone: 1.888.777.2211
Email: [email protected]
Does Security Compass have a Data Protection Officer (DPO)?
SD Elements does not regularly or systematically monitor users on a large scale beyond who your company grants access to the application. A Data Protection Officer is not recommended at this scale of data processing, and data protection is managed by our overall team.
Important information about eLearning
The eLearning Privacy Policy contains information about the privacy practices surrounding how we (Security Compass) collect and manage information relating to users who use our eLearning product.
What is Security Compass eLearning?
eLearning is a training mechanism created by Security Compass which teaches students the fundamentals of software security through a collection of modules and suites.
Examples of such training suites are:
Who controls and manages my access to eLearning?
A license to eLearning may be purchased directly by your, or by your company on your behalf. When your company purchases the license, it is also the company who then manages your access to the courseware.
Security Compass does not directly view your data except for the purposes of helping your company get up and running with the software, and for helping to resolve issues where they arise when we’re working in partnership with your company to optimize eLearning for its unique environment.
Where is eLearning hosted?
Depending on your company’s security requirements, they may choose to host in one of two ways:
What information is collected when you use eLearning?
Information collected is restricted to:
We also use cookies to help you manage your access to eLearning.
Why is this information collected?
Use of Email Address:
We use your email address for the following reasons:
Use of Name
We use your first name, last name and email address for the following reasons:
Use of IP Address We record the IP address you use when you sign into eLearning so that we are able to audit and troubleshoot in the event you run into technical issues accessing specific features of the LMS.
Can my personal information be shared with any other systems?
Your company may also use the eLearning platform to take data about your activities (such as test results) and share them with another tool in use at your company. Security Compass does not share your information with any third party system.
Does eLearning use machine learning to track my activity and predict my behavior?
eLearning does not use automated machine learning to either track your behavior or predict your activities.
Will my information leave the country I’m located in?
If your company’s version of eLearning is hosted in the cloud, your information may be transferred across multiple locations. This is possible if the hosting provider that hosts the LMS creates a server in another location for the purposes of improving performance or ensuring eLearning is regularly available for your company to use.
Normally, Security Compass remains neutral about where eLearning in the cloud is physically hosted. However, your company may contractually require that your data be hosted in a specific country.
How long is my information retained?
For the purpose of enabling your company to conform to compliance and audit regulations, we retain your information for as long as your company licenses eLearning. Please note: Your information will not be deleted in the event that you leave the company while eLearning is still being used by this company, unless you or your company request its removal.
If your company stops being an eLearning customer, the information will be securely removed from our servers and backed up in an encrypted backup file for a period of at least six months. This information is stored in case your company wishes to retrieve it for audit purposes or restart their eLearning license at a later time.
Who are the sub-processors used for eLearning?
Name of Sub-processor: Docebo
Address of Sub-processor: Via Parco 47, 20853 Biassono (MB) Italy
Services/Sub-processing provided: Host provider for SaaS based SD Elements customers
Name of Sub-processor: Salesforce Service Cloud & Experience Cloud
Address of Sub-processor: Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105
Services/Sub-processing provided: Service Cloud is the customer support ticketing software used by the support team. Experience Cloud is an experience portal for customers.
Who do I contact if I require more clarity about the eLearning Privacy Policy?
For more information about the eLearning Privacy Policy, you can contact us in the following ways:
Write:
Security Compass
Attn: Legal Department
390 Queens Quay West, Suite 209
Toronto ON, Canada
M5V 3A6
Phone: 1.888.777.2211
Email: [email protected]
This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from https://security-compass.myshopify.com (the “Site”).
PERSONAL INFORMATION WE COLLECT
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”
We collect Device Information using the following technologies:
Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers, email address, and phone number. We refer to this information as “Order Information.”
When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the Order Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
SHARING YOUR PERSONAL INFORMATION
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store–you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us understand how our customers use the Site–you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
BEHAVIOURAL ADVERTISING
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
YOUR RIGHTS
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
DATA RETENTION
When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information.
CHANGES
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.
CONTACT US
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, you can contact us in the following ways:
Write:
Security Compass
Attn: Legal Department
390 Queens Quay West, Suite 209
Toronto ON, Canada
M5V 3A6
Phone: 1.888.777.2211
Email: [email protected]