Our privacy and security policies exceed industry standards. The nature of our services dictates that we restrict our use of information to only what is needed to deliver the best services in our industry, and no more. We encourage you to read our Privacy Statement as part of your evaluation process and to read it again when we notify you of changes from time to time.

If you have questions or concerns regarding this statement, please contact ScanAlert's Privacy Officer by sending an email to privacy@hackersafe.com. If you do not receive acknowledgment of your inquiry or your inquiry is not satisfactorily addressed, please contact TRUSTe through the TRUSTe Watchdog Dispute Resolution Process. TRUSTe will serve as a liaison with us to resolve your concerns.

About TRUSTe

ScanAlert is a licensee of the TRUSTe Privacy Program. TRUSTe is an independent, non-profit organization whose mission is to enable individuals and organizations to establish trusting relationships based on respect for personal identity and information by promoting the use of fair information practices including full and honest disclosure of specific practices in a Privacy Statement.

Each change to ScanAlertÂ’s Privacy Statement is reviewed by TRUSTe before publication to ensure compliance with their strict standards. However, our goal is always to raise the bar, and exceed industry standards wherever possible.

What is Covered in This Statement

Effective as of Jan 1, 2003, this privacy statement covers the site www.ScanAlert.com This site is operated by ScanAlert, Inc., a California corporation with its headquarters located at:

860 Napa Valley Corporate Way, Suite R
Napa CA 94558

Our Privacy Statement clearly discloses:

1. What personally or company identifiable information ScanAlert collects.
2. What personally and company identifiable information third parties collect through the Web site.
3. What organization collects the information.
4. How ScanAlert uses the information.
5. With whom ScanAlert may share user information.
6. What choices are available to users regarding collection, use and distribution of the information.
7. What types of security procedures are in place to protect the loss, misuse or alteration of information under ScanAlert control.
8. How users can correct any inaccuracies in the information.

Please note that our site contains links to other sites. ScanAlert is not responsible for the privacy practices, privacy statements, or content of these other sites.

Information Collection and Use

Information Collection

ScanAlert never collects personally identifying information from users of our site unless the user explicitly and intentionally enters it, or attempts to violate our security measures. ScanAlert is the sole owner of the information collected on the web sites listed in the What is Covered Section above. ScanAlert offers users the ability to enter personally identifying information at several different points on our web site.

Registration (Sign-Up)

In order to use ScanAlert's products and services, a user must first complete the registration form. During registration a user is required to give contact information such as name, company name, address, email address, URLs and/or IP addresses. We use this information to verify the ownership of servers, URLs, and IP addresses, to do non-invasive informational testing of user's servers, and to contact the user about services on our site for which he has expressed interest. In order to use the ScanAlert services, users must provide a username and password.

In addition to personally identifying and company information, a user must provide payment information (such as credit card number, expiration date). This information is used for one-time and recurring billing purposes according to requested services and terms of service agreement, and to fulfill customer's orders. If we have trouble processing an order, personal and company information is used to contact the user.

Our "IsItSafe" Service

ScanAlert will contact the sites where you have shopped, or plan to shop, when you enter your email address into our IsItSafe request form. Your email address will not be used for any other purpose or shared with anyone except the merchant in question. In this way the merchant will know their own customer instigated the request. We store this information to track the success of the program.

Delivery of Services

ScanAlert's services collect information about servers connected to the IPs or URLs given by the users during the registration process. IP's and URL's are checked to verify users authority to do invasive port scanning, and/or vulnerability and penetration testing. No invasive data is collected until the user requests it and is verified as having proper authority to request the data to be collected. Users can start and stop the ScanAlert scan and data collection process by changing their settings in their Account Settings web page available on the web site to registered users. ScanAlert only collects information that can be accessed from the internet about users computer(s) and does not install software on the users computer for this purpose. Information such as open ports, trace route, OS fingerprint, network and web services running on open ports, as well as detected security exposures and vulnerabilities is collected and stored in our computers for later use in delivering comprehensive reports and security verification related services to our users.

Information Use

User Profile

We store information that we collect through interrogation on the web or by phone, and log files to create a profile of our users. A profile is stored information that we keep on individual users that details their viewing and services preferences. Consequently, collected information is tied to the user's personally identifiable information to provide offers and improve the content of the site for the user. This profile is used to tailor a user's visit to our Web site, and to direct pertinent marketing promotions to them. User's must opt to receive such marketing and can opt-out at any time. We do not share your personally identifiable profile with other third parties. Your profile information is shared in aggregated form only.

Security Vulnerability Data

Security Vulnerability Data is data collected by our ScanAlert service in a secure database. ScanAlert maintains a link between security vulnerability information to personally and company identifiable information only for the purposes of delivering reports to the user. Information about a user's security vulnerabilities that is linked to personally or company identifiable information is not shared with any third party for any reason by ScanAlert. However, a user with the proper authority may elect through Account Settings to share their security vulnerability information with others by adding users to their account and giving them the authority and access to view the information on-line using a 128-bit SSL connection. Security vulnerability data is aggregated across users to develop important security statistical information which may be presented to third parties on our web-site, in publications, or other external communications.

User Payment Information

When users register for service, they must provide payment information. Payment information is stored in our high security database in encrypted format and is used only to send to our credit card processor, Verisign, for the purposes of collecting payment for services rendered or to be rendered. We never make this information visible to anyone other than our credit card processor and payment gateway and never communicate it over a non-encrypted connection. The last four digits of the credit card number are displayed in certain reports and forms on the web site that are visible to our customer service personnel as well as the Registered User, and are sent in email to Registered Users each time a charge is made. The full credit card number is never seen by anyone inside our outside our company, once entered and submitted, except by the credit card processing and gateway companies for the purposes of authorizing, clearing and reversing charges to your credit card.

Cookies

A cookie is a piece of data stored on the user's computer tied to information about the user. We use only session cookies and do not use persistent cookies. A session cookie simply terminates once users close the browser.

Session cookies are used to track information about the session that helps us build a consistent user experience as the user moves from page to page in the web site. We store information in the cookie such as session mid, user personally identifying information, such as the internal account id, account settings, and information needed to generate a new page requested by the user. Session cookies containing personally identifiable information are created when a registered user logs in or completes the registration process. The session cookie obtains the personally identifying information from the users account stored on our computers during the registration process. Information that would allow others to obtain access to the user account is not stored in session cookies. Session cookies are terminated upon closure of the last browser window associate with the user session.

This privacy statement covers the use of cookies by ScanAlert only and does not cover the use of cookies by any Third Parties.

Some of our business partners may use cookies on our site in the future. However, we will have no access to or control over these cookies, and users should review business partner privacy statements if available to discover their use of cookies and other privacy related information. Please refer to our Partner's page to see a list of our partners.

Third Party Advertising

ScanAlert does not allow any third parties, including partners or advertisers, to collect information about users that can be linked to their company or personally identifying information.

Log Files

Like most standard Web site servers we use log files. This includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the site, track user's movement in the aggregate, and gather broad demographic information for aggregate use. Session_Ids, IP addresses, etc. are not linked to personally identifiable information in our database, except as entered by the user during registration. IP addresses entered during registration time by the user are tied to personally identifiable information to enable our Web-based security scanning services.

Clear Gifs (Web Beacons/Web Bugs)

A clear GIF is an invisible image which can be used to capture session or user behavior information without the user's knowledge or consent. We do not employ the use of Clear Gifs on our site.

Communications from the Site

Service Alerts

Established Registered Users will regularly receive alerts pertaining to new security vulnerabilities that may impact their servers. They also receive alerts that new threat analysis scans have been completed and to access their account for results.

Service Announcements

We send all new Registered Users a welcoming email to verify registered email address entry as an identity check. It is often necessary to send out a strictly service-related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account. However, these communications are not promotional in nature.

Special Offers and Updates

Users can elect to (opt-in) to receive information on products, services, special deals, and a newsletter. Out of respect for the privacy of our users we present the option to not receive these types of communications. Please see the Choice/Opt-out section.

Newsletter

If a user wishes to subscribe to our newsletter, we ask for contact information such as name and email address. Out of respect for our users privacy we provide a way to opt-out of these communications. Please see the Choice/Opt-out sections.

Customer Service Communications

We communicate with users on a regular basis to provide requested services and in regards to issues relating to their account we reply via email or phone.

Surveys

From time-to-time our site requests information from users via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. The requested information typically includes contact information (such as name and shipping address), and demographic information (such as zip code). Survey information will be used for purposes of monitoring or improving the use and satisfaction of this site. Users. personally identifiable information is not shared with third parties unless we give prior notice and choice. Though we may use an intermediary to conduct these surveys, they may not use users. personally identifiable information for any secondary purposes.

Information Sharing

Legal Disclaimer

Though we make every effort to preserve user privacy, we may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on our Company.

Aggregate Information (non-personally identifiable)

We share aggregated demographic and security vulnerability information with our users, partners and advertisers. This is not linked to any personally identifiable information.

These are the instances in which we will share users. personal information:

Third Party Intermediaries

We use an outside shipping company to ship orders for any shippable products we may offer now or in the future, and a credit card processing company to bill users for goods and services. These companies do not retain, share, store or use personally identifiable information for any secondary purposes.

Business Transitions

In the event ScanAlert goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, users. personal information will, in most instances, be part of the assets transferred. Users will be notified via email prior to a change of ownership or control of their personal information. If as a result of the business transition, the users. personally identifiable information will be used in a manner different from that stated at the time of collection they will be given choice consistent with our notification of changes section.

Choice/Opt-out

Our users are given the opportunity to .opt-out. of having their information used for purposes not directly related to our site at the point where we ask for information. For example, our order form has an .opt-out. mechanism so users who buy a product from us, but don't want any marketing material, can keep their email address off of our lists. For any non-service related communications or information uses, our opt-out mechanism defaults to the opted-out status until users explicitly .Opt-In. for the first time.

Users who no longer wish to receive our newsletter and promotional communications may opt-out of receiving these communications by replying to unsubscribe in the subject line in the email or email us at unsubscribe@hackersafe.com We also offer an opt-out mechanism on the Registered User Account Settings pages.

Users of our site are always notified when their information is being collected by any outside parties. We do this so our users can make an informed choice as to whether or not they should proceed with services that require an outside party.

Links

This Web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every Web site that collects personally identifiable information. This privacy statement applies solely to information collected by this Web site.

Security

This Web site takes every precaution to protect our users. information. When users submit sensitive information via the Web site, their information is protected both on and off-line.

When our registration/order form asks users to enter sensitive information (such as credit card number and/or social security number), that information is encrypted and is protected with the best encryption software in the industry . 128bit SSL. While on a secure page, such as our order form, the lock icon on the bottom of Web browsers such as Netscape Navigator and Microsoft Internet Explorer becomes locked, as opposed to un-locked, or open, when users are just .surfing..

While we use SSL encryption to protect sensitive information online, we also do everything in our power to protect user information off-line. All of our users. information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example, our billing clerk or a customer service representative) are granted access to personally identifiable information. Our employees must use password-protected screen-savers when they leave their desk. When they return, they must re-enter their password to re-gain access to user information. Furthermore, ALL employees are kept up-to-date on our security and privacy practices. Every quarter, as well as any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, information, and server security, and what they can do to ensure our users. information is protected. Sensitive information such as credit card information is stored in encrypted format only. Every precaution is made to protect our servers from hackers and crackers, including firewalls and regular checks for viruses, trojans, backdoors, and open ports. Finally, the servers that store personally identifiable information are in a locked facility with access limited to technical operations personnel.

If users have any questions about security, users can send an email to privacy@hackersafe.com.

Supplementation of Information

In order for this Web site to properly fulfill its obligation to users it is necessary for us to supplement the information we receive with information from 3rd party sources.

We use Verisign Inc. as both a certificate authority and Payment Gateway to process our user's credit card and virtual check transactions. Click here to view their current privacy statement.

Correcting/Updating/Deleting/Deactivating Personal Information

If a user's personally identifiable information changes (such as zip code, phone, email or postal address), or if a user no longer desires our service, we provide a way to correct, update or delete/deactivate users. personally identifiable information. This can usually be done at the Registered User account settings page or by emailing our Customer Support at support@hackersafe.com.

Notification of Changes

If we decide to change our privacy policy, we will post those changes to this privacy statement, the homepage, and other places we deem appropriate so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We will use information in accordance with the privacy policy under which the information was collected.

If, however, we are going to use users. personally identifiable information in a manner different from that stated at the time of collection we will notify users via email. Users will have a choice as to whether or not we use their information in this different manner. However, if users have opted out of all communication with the site, or deleted/deactivated their account, then they will not be contacted, nor will their personal information be used in this new manner.

Contact Information

If users have any questions or suggestions regarding our privacy statement including privacy, information use, collection, or security, please contact us at: