Privacy Policy

Blackpoint Holdings, LLC (“Blackpoint Cyber,” “Blackpoint,” “Our,” “We,” or “Us”) is committed to protecting the privacy and security of your personal information collected by us through:

1. A Blackpoint website that links to this privacy policy, including blackpointcyber.com, or any subdomains (“Websites”),
2. The Blackpoint Partner Portal, SNAP-Defense, or other Blackpoint Products and Services (collectively referred to as the “Services”), and/or
3. As part of our sales and marketing activities, whether by email, phone, or other means

This Privacy Policy does not apply to information collected by:

• Us offline or through any other means, including on any other website operated by Blackpoint or any third party (including our affiliates and subsidiaries); or
• Any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on the Websites or Services

Visiting our Websites, or otherwise providing, your personal information to us is voluntary. If you do not agree with this privacy policy, do not access, or use our Websites or Services or otherwise provide us with your personal information. This policy may change from time to time. Your continued use of the Website or Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

This policy is intended to help you understand:

• What information we collect from you
• What information we collect automatically
• What information we collect from other sources
• How we use information we collect
• How we share information we collect
• How we store and secure information we collect
• Your Privacy Rights
• Other important privacy information
  • Cookies and Tracking
  • Children
  • External Links
  • Promotional & Marketing Communication
  • International Privacy Laws
  • Changes to this Privacy Policy
  • How to Contact Us

We collect information directly from you when you input it into our Services or otherwise provide it directly to us.

Account and Profile Information: We collect information from you to create an account with our Services. Such information includes your name, email address, and password.

Content You Provide Through Our Service: The Services includes the Blackpoint products you use. Examples include additional contact phone numbers and email addresses to receive security threat alerts pertaining to the Services. We collect feedback you provide directly to us through the Services, and we collect clickstream data about how you interact with and use features in the Services.

Otherwise Communicate with Us: We may request, or you may otherwise voluntarily provide us with personal information such as your name, job title, business email, and phone number when you communicate with us by phone, email, completing a web form, interacting with us on social media or at events, requesting a demo, or participating in contests, promotions, sweepstakes, or activities. If you use the chatbot feature on our Website, we collect data that you choose to provide in your communications with the chatbot.

Payment Information: We collect payment and billing information when you register for Services. For example, we ask you to designate a billing contact with a name, contact information, and address. Payment card information is collected securely by our payment processing vendor. Please see “How we share information we collect” for more information on personal information processed by our payment processor.

Sensitive Information: We do not collect sensitive personal information (as defined under applicable privacy laws, including health information, biometric data, religious beliefs, or similar categories) unless it is necessary to provide our Services or as otherwise permitted by law. If we collect sensitive information, we will obtain your express consent prior to collection if required by applicable law or otherwise ensure we have a valid legal basis for processing such information.

We automatically collect information about you when you use our Websites and Services, including browsing our websites and taking certain actions within the Services.

Your Use of the Websites or Services: We keep track of certain information about you when you visit and interact with any of our Websites or Services. This information includes the features you use and the links you click on.

Device and Connection Information: We collect information about your computer, phone, tablet, or other devices you use to access the Websites or Services. This device information includes your connection type, your operating system, browser type, IP address, URLs of referring/exit pages, and other device identifiers. How much of this information we collect depends on the type and settings of the device you use to access the Websites or Services.

Network and Device Information/Identifiers: Some features of the Services require that you install our software on your electronic devices (e.g., SNAP-Defense agent) or create an API connection to your information system (e.g., Sophos, Cisco Meraki, Bitdefender, etc.). This software collects data from your IT environment to provide the Services you requested.

• Device Information: Including information on your operating system, MAC address, device or machine ID, and other device identifiers.
• Applications, Programs, and Files: Including information on the existence, characteristics, and behavior of your files and applications. Depending on the Services you subscribe to, a determination on the security status of your files may be collected from other security applications (e.g., 3rd party Anti-Virus), such as whether activity could be categorized as bad, good, suspicious, or unknown. Additionally, if Blackpoint suspects that a file or application is potentially malicious, we may collect copies of it for purposes of malware research and analysis.
• Network and Internet: Including IP addresses, URL requests, ports and protocols, applications, and files that attempt to access a network.

Cookies and Similar Tracking Technologies: We use cookies, and similar technologies such as pixel tags, web beacons (referred to together as “cookies”) to provide functionality and recognize you across different Services and devices. For more information, please see Cookies and Tracking below.

We may receive Personal Information about you from other Service users, non-affiliated services, social media platforms, public databases, and business or channel partners. We may combine this information with information we collected by other means described above to improve our records, create more personalized advertising, and suggest services that may be of interest to you.

Other Service Users: Other users of the Service may provide information about you while using the Service. For example, we receive your email address from another Service user when they invite you to use the Service. Additionally, a Service user may provide us your contact information when they designate you as the billing or security incident contact.

Linking External Services: We collect information about you when you or your administrator of Blackpoint Services establishes an API connection to a non-Blackpoint service. For example, you may connect Microsoft 365 to our Service to monitor and protect your environment(s). In this example, we may receive your name, email address, username, IP Address, and other metadata authorized by you relating to your Microsoft 365 activity to identify malicious or suspicious behavior. The information we receive when you link or integrate our Services with another service depends on the settings, permissions, and privacy policy controlled by that connected service.

Other Parties: We receive information from other parties, such as our business partners, social media platforms, joint marketing and advertising partners, event sponsors, referrals, and other data providers. This may include your name, contact details, and information about your company.

How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.

Provide the Services: As a leading cybersecurity provider, we use information to stay ahead of threat actors. We use this information to:

• create your account,
• process billing and payment,
• provide customer support,
• distribute updates to Blackpoint Services,
• analyze and conduct research on how you use the Services to improve them,
• process your purchase of the Services,
• develop new products and services,
• protect you and others from security threats such as viruses, threat actors, and ransomware, and
• predict and protect against future IT security threats and vulnerabilities.

Our provision of the Services may include the use of AI tools developed by Blackpoint Cyber. No PII is used to train Blackpoint AI in delivering our Services, nor is any PII shared for training any third-party AI.

We also personalize the Services to:

• improve and manage our relationship with you,
• improve our Service so that content is presented in an appropriate manner for you and your device(s),
• measure the effectiveness of our advertising to you, and
• make suggestions and recommendations to you about our other Services.

For Research and Development: We are always looking for ways to make our Services faster, integrated, secure, and useful. We use the information collected, including feedback, to:

• troubleshoot,
• identify trends, user utilization, and activity patterns to improve the Service, and
• develop new products, features, and technologies that better our users and the security of the public.

We also may use the information collected to create aggregated, anonymized, pseudonymized, or de-identified data sets for use of any purpose, including product improvement and development, trend analysis, research, marketing, and other purposes.

Communicate With You: In order to:

• respond to your requests for information,
• provide any co-managed Service such as threat alerts or incidents on your network,
• provide you with transactional updates and information about the Services, such as account or transaction information you conduct on the Service and subscription expiration,
• provide you with marketing materials to enable you to market and resell our Services,
• market or advertise to you by email or other means as permitted by applicable law,
• allow you to report a problem with the Service,
• provide information on changes to our Services, Terms, Conditions or Policies,
• provide you with information about other products and services similar to those that you have already purchased or inquired about, and
• communicate with you about our events, surveys, contests, sweepstakes and other promotions.

Secure our Services and Users This is done by monitoring for, preventing, and detecting fraud. We also do so by verifying your identity, enforcing our policies, and continually improving the security of our Services.

Fraud Detection and Prevention, Defending our Legal Rights, and Compliance with Law

• To comply with any applicable procedure, law, or regulation where necessary, or to defend our legal rights where necessary for our legitimate interest or the legitimate interest of others
• To protect the rights, property, and safety of Blackpoint and our employees, customers, affiliates or subsidiaries, their customers or other third parties. This includes exchange information with other companies and organizations for the purposes of fraud and network protection.

Business Administration: For our general business operations and for other business administration purposes, including:

• authenticating your identity,
• maintaining our records,
• monitoring your compliance with your agreements with us,
• collecting debts owed to us,
• financing our business and safeguarding our business interests, and
• managing or transferring our assets or liabilities (e.g., in the case of an acquisition, disposition or merger).

With Your Consent: We use information we collect where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or feature customer stories to promote the Services with your permission.

How We Share Your Information: When we transfer personal information to third parties such as our affiliates, business partners, or service providers, these third parties may process personal information outside of the U.S. Please see “Cross-Border Data Transfer” below for more information.

Depending on your place of residency, you may have certain rights related to your personal information, including:

• Access and Data Portability. You may confirm whether we process your personal information and access a copy of the personal information we process. To the extent feasible and required by applicable law, your personal information will be provided in a portable format. Depending on your place of residency, you may have the right to receive additional information and it will be included in the response to your access request.
• Correction. You may request that we correct inaccuracies in your personal information that we maintain, taking into account the information’s nature and processing purpose.
• Deletion. You may request that we delete personal information about you that we maintain, subject to certain exceptions under applicable law.
• Restriction and Objection. You may request that we restrict or limit our processing of your personal information, or object to further processing of your personal information, subject to certain exceptions under applicable law.
• Opt Out of Using Personal Information for Targeted Advertising, Profiling, and Sales. You may request that we do not use your personal information for these purposes.
• Limiting Sensitive Personal Information. If we use or disclose your sensitive personal information, you may request that we limit our use and disclosure to the permitted purposes set forth under applicable law.
• Withdraw Consent. Where the processing of your Personal Information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us. Information on how you can change your marketing preference is detailed in “Promotional & Marketing Communication” below.

We will take reasonable steps to verify your identity when exercising these rights in accordance with applicable law. To exercise these rights, you or your agent may be required to authenticate to your account or provide information contained in your account profile that is unique to the individual requesting authentication. Please ensure that you keep your profile information up to date and accurate so that we may verify your requests.

Your request and choices may be limited in certain cases. For example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. If your request of concern is not satisfactorily resolved by us, you may contact your local data protection authority. The exact scope of these rights vary under applicable law.

To exercise any of these rights or appeal a decision regarding your request, please send us an email at [email protected].

Non-Discrimination We will not discriminate against you for exercising any of your data subject rights under applicable laws. Unless permitted by applicable law, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

We use cookies and similar technologies such as pixel tags and web beacons (referred to together as “cookies”) to provide functionality and recognize you across different Websites, Services, and devices. Cookies, by themselves, do not tell us your e-mail address unless you choose to provide this information to us, for example, when you create an account. Once you choose to provide us with an e-mail address, this information may be linked to the data stored in the cookie.

How Blackpoint Uses Cookies and Other Tracking Technology

• When strictly necessary: These cookies are essential to operate the Services and features you have requested, such as remembering your logged in state.
• For functionality: These cookies remember choices you make such as search parameters and filters. We use these cookies to provide you with an experience more appropriate with your selections and to make the Service more tailored.
• For performance and analytics: These cookies collect information on how users interact with the Services and enable us to improve how the Services operate. For example, we use Google Analytics cookies to help us understand how visitors arrive at and use our Websites. This helps us identify areas for improvement such as navigation, user experience, and marketing campaigns. To learn more about Google’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy/. You can also download the Google Analytics Opt-out Browser Add-on to prevent their data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.
• Targeting cookies or Advertising cookies: These cookies collect information about your browsing habits to make advertising relevant to you and your interests. They remember the websites you have visited and share that information with other parties such as advertising technology service providers and advertisers.
• Social media cookies: These cookies are used when you share information using a social media sharing button or engage with our content on or through a social media site. The social network will record that you have done this. This information may be linked to targeting/advertising activities.

How Can You Opt-Out?

• Cookie Control: Most browsers automatically accept cookies. You can set your browser option so that you will not receive cookies and you can also delete existing cookies from your browser. Each browser is different in how this is performed and making these changes is your responsibility. However, you may find that some parts of the Services will not function properly if you have refused cookies or similar tracking technologies. Disabling cookies or similar tracking technologies may prevent you from accessing some of our content. You will not be able to opt-out of any cookies or other technologies that are strictly necessary for the Services.
• Advertising Cookies: Users may use advertising industry opt-out tools to opt out of certain advertising networks. For example, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page for information about opting out of interest-based advertising and their choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative (“NAI”) Consumer Opt-Out Page for information about opting out of interest-based advertising and their choices regarding having information used by NAI members.
• Other Tracking: We and our service providers also use clear GIFs in HTML emails to our customers to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
• Send “Do Not Track” Signals: Blackpoint Websites and Services do not recognize the “do not track signals” that some browsers may employ.

Blackpoint does not knowingly collect any personal information from children under 13 years old. If a child under 13 has provided Blackpoint with personal information, the parent or guardian of that child should contact Blackpoint immediately at [email protected] to delete this personal information.

Our Services may contain links to non-affiliated websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those non-affiliated websites. We are not responsible for the information practices of such websites.

Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal information collected in the context of our Website or in offering our Services for marketing analysis and to provide you with promotional update communications by email about our Services.

You can object to further email marketing at any time by updating your communication preferences by clicking the “Manage Subscription” link at the end of all our marketing and promotional email communications to you, or by sending us an email to [email protected].

In connection with our provision of the Services, we may receive personal information that is subject to international privacy laws, including the General Data Protection Regulation (“GDPR”) in the European Union, the UK General Data Protection Regulation (“UK GDPR”) in the United Kingdom, the Personal Information Protection and Electronic Documents Act (“PIPEDA”) in Canada, the Privacy Act 1988 in Australia, and the Privacy Act 2020 in New Zealand. This personal information is transferred to and processed in the United States.

When processing personal information in connection with the Services, we act as a data processor (or equivalent term under applicable law, such as “service provider” under PIPEDA or “agency” under the Australian Privacy Act), processing personal information solely on the basis of, and strictly in accordance with, the documented instructions of the data controller (or equivalent term under applicable law). We do not process personal information for any purpose other than as instructed by the data controller, unless required to do so by applicable law. As a Data Subject, you may contact the data controller to learn about their processing of your personal information and to exercise your rights under applicable law. Please see “Your Privacy Rights” for information on the rights that may be available to you.

Cross-Border Data Transfers

In connection with our provision of the Services, we may transfer personal information to recipients located in countries outside of your country of residence, including the United States, where our primary operations are located. We may also transfer personal information to service providers, affiliates, and business partners located in other countries. Additionally, if you are located in a jurisdiction outside the United States that has enacted data protection laws (such as the European Union, the United Kingdom, Canada, Australia, New Zealand, or other countries with similar regulations), we may receive and process your personal information in the United States, which may not offer the same level of data protection as your home jurisdiction.

When we transfer personal information across borders, or when we receive personal information in the United States from individuals located in other countries, we take reasonable steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it. These steps may include: (i) entering into data processing agreements that include appropriate data protection obligations; (ii) implementing standard contractual clauses or other approved transfer mechanisms; (iii) ensuring that recipients are bound by privacy laws that provide comparable protection; (iv) obtaining your consent to the transfer where required by applicable law; or (v) relying on other lawful bases for cross-border data transfers recognized under applicable privacy laws, such as adequacy decisions.

We maintain a robust information security program, which includes numerous technical and organizational measures to ensure your data is appropriately protected. Our security policies, standards, and procedures ensure the continued confidentiality of your data. We encrypt data in transit and at rest to make sure your information remains protected. For additional information regarding our internal information security program, please see our Trust Center.

We store your personal information for a period of time that is consistent with our business purposes to deliver our MDR Services. We will retain your personal information for the length of time needed to fulfill the purposes outlined in this privacy policy unless a longer retention period is required or permitted by law. When the data retention period expires for a given type of data, we will delete or destroy it in accordance with our established Data Retention and Disposal Policy.

This Privacy Policy may be changed by Blackpoint at any time in its discretion. The revised Privacy Policy will be posted to this page so that you are aware of the information we collect, how we use it, and under what circumstances we may disclose it.

If you have any questions or concerns about the Blackpoint Holdings, LLC Privacy Policy or its implementation please contact us via email at [email protected] or by writing to:

Blackpoint Holdings, LLC 1099 18th Street, Suite 3050 Denver, CO 80202 USA