Privacy Policy
In this Privacy Policy we describe how Reason Cybersecurity Ltd. (“we”, “our” and “us”) collects, uses and handles your information when you use the website available at: https://reasonlabs.com/ (the "Website") and one or more of our RAV software editions (the "Software", and collectively, the "Services"). Your use of the Services indicates that such updated terms and conditions are accepted and agreed by you.
This Privacy Policy is incorporated into and is subject to the following terms and conditions ("TOS"), based on the edition you are using: https://reasonlabs.com/platform/products/rav/terms.
Please note that you are not legally required to provide us with any personal data, and may do so (or avoid doing so) at your own discretion. If you wish not to accept these terms and conditions or any update thereto, or you do not wish to provide us with your personal data, or to have it processed by us or any of our Third Party Service Providers (defined in Section 3) as described below, your only recourse is not to download or use the relevant Software and to uninstall it. As we may make available certain content, software or services of third parties, it is clarified that such content, software and services are not covered by this Privacy Policy. Any use or download of the Software by you, is indicating that you consent to our use of your information in accordance with this Privacy Policy.
Please note that in the event that you ask us to exercise any of your rights under this Privacy Policy or any applicable law, we may ask you to (i) provide us with certain credentials to make sure that you are the person you claim you are; (ii) provide us with further information, so we can understand the nature and scope of the information you request to access, and avoid the disclosure of personal information related to others. We will retain such additional information for legal purposes (e.g., as proof of the identity of the person submitting the request).
1. What kind of information we use and collect?
-
When using and accessing our Website, we may use and collect information of technical nature (as applicable), including your IP address, activity log of your use of the Website, user agent, information about your browser and operating system, and if you chose to upload a file or URL for scanning, we will also collect such files and URLs.
-
We use technologies like cookies and pixel tags to provide, improve, protect and promote the Services. For example, cookies help us understand how you are interacting with our Website and improve it based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Website.
-
Unless you disable the Software, it may access and/or collect certain data as specified below: (i) time and date of certain events related to the Software (such as launching and scanning, updating and uninstalling the Software), activity log of your use of the Software and the features of the Software you use the most. In addition, we may collect, use and access the files and URLs you upload for scanning, the files and URLs we detect as threats and the files that were removed by the Software; (ii) software installed on your computer including extensions and add-ons; (iii) certain information of technical nature, such as, your account information, online activity, machine activity, operating system, browser type and version, and, meta data on unknown files; and (iii) certain network identifiers such as IP Address. Further, if you choose to purchase the Premium Edition of the Software, we may combine your information with all the foregoing information. In addition, when purchasing the Premium Edition of the Software, your email address and name, as provided by you, will be collected by us and will be used by our Third Party Service Providers for processing payments, and by us for sending you messages about the Services, if applicable.
We may also collect and retain information related to any encryption process that affects the honeypot files deployed by our Anti Ransomware feature (applies to Premium Edition only).
The Software includes Endpoint Detection Response (EDR) tool which allows us to detect malicious activity early for prevention purposes and includes dynamic analysis of device data.
2. How we use the collected information
We use the information collected from you as necessary for the performance and facilitation of our Services, including for the following purposes:
- To provide, support and operate the Services as well as to further develop, enhance and improve our Services and your user experience with our Services.
- To communicate with you, including for support purposes, and for sending you Services-related information such as invoices, updates, security alerts.
- To comply with applicable legal obligations.
- To detect and prevent fraud, security and other issues of technical nature.
- We may also use or share your information to operate our business, including for debugging, support, security, billing and auditing, business analysis and improving our Services (as more fully described in Section 3(c) below).
3. How we share information?
-
If we have a good faith belief that disclosure is permitted by law or is reasonably required to: (i) comply with any law, regulation or legal requirement by any court or regulatory or governmental authority, or such other disclosures reasonable required to establish, protect, maintain or exercise our legal rights; or (ii) enforce this Privacy Policy or any agreement between you and us (including, but not limited to, the TOS).
-
In the event of a merger, acquisition, reorganization or sale of assets, your information may be transferred or sold.
-
Third Parties. We have partnered with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting and server co-location services, communications and content delivery networks (CDNs), data and cyber security services, domain name registrars, fraud detection and prevention services, web analytics, audit services, maintenance services, development services, e-mail distribution and monitoring services, session recording and remote access services, performance measurement, data optimization and marketing services, content providers, and our legal and financial advisors (collectively, and including the “Payment Processors” listed under subsection (d) below, the “Third Party Service Provider(s)”). Such Third Party Service Providers may have access to your personal information, depending on their specific purposes and roles in enhancing and facilitating our Services, and may only use such information for limited purposes determined in our agreements with them.
The Third Party Service Providers we are currently engaging are: (i) Google Analytics, to analysis and monitor our performance. Google’s privacy policy is available at: http://www.google.com/intl/en/policies/privacy; (ii) Amazon Web Services, Inc. servers to process your information. You can read about the measures taken by Amazon to protect the security of their servers and your information at: https://aws.amazon.com/security/; (iii) Zendesk, to provide you with support services. Zendesk’s privacy policy is available at: https://www.zendesk.com/company/customers-partners/privacy-policy; (iv) Iterable, to provide you with updates and information. You can read about Iterable’s practices with respect to the protection and the security of their servers and your information at https://iterable.com/trust/privacy-policy/; (v) Microsoft Advertising, to promote our products. Microsoft Advertising’s privacy policy is available at https://privacy.microsoft.com/en-us/; (vi) Google Ads, to promote our products. Google Ads’s privacy policy is available at https://policies.google.com/privacy; (vii) Facebook Ads, to promote our products. Facebook Ads’s privacy policy is available at https://www.facebook.com/about/basics/; (viii) Verizon Media Native, to promote our products. Verizon Media Native’s privacy policy is available at https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/index.html; (ix) TeamViewer, solely for providing remote support access services. TeamViewer privacy notice is available at: https://www.teamviewer.com/en/privacy-notice/; (x) MixPanel, to analyze and monitor our performance. You can read about MixPanel practices with respect to the protection and the security of their servers and your information at: https://mixpanel.com/legal/privacy-policy; (xi) Tableau, to help us organize our data. You can read about Tableau practices with respect to the protection and the security of their servers and your information at: https://www.salesforce.com/company/privacy/; (xii) SendGrid, for providing us email and marketing services. You can read about SendGrid practices with respect to the protection and the security of their servers and your information at: https://www.twilio.com/legal/privacy; (xiii) Appsflyer, to help us manage and track our campaigns. You can read about Appsflyer practices with respect to the protection and the security of their servers and your information at: https://www.appsflyer.com/legal/privacy-policy/; (xiv) Hotjar, to analyze and monitor our performance. You can read about Hotjar practices with respect to the protection and the security of their servers and your information at: https://www.hotjar.com/legal/policies/privacy/; (xv) TikTok, to promote our products. You can read about TikTok practices with respect to the protection and the security of their servers and your information at: https://www.tiktok.com/legal/page/row/privacy-policy/en; (xvi) Databricks, to provide us with server data management. Databricks privacy notice is available at: https://www.databricks.com/legal/privacynotice; (xvii) Vercel, to provide hosting services. Vercel privacy policy is available at: https://vercel.com/legal/privacy-policy; (xviii) Coralogix, to monitor our servers. Coralogix privacy policy is available at: https://coralogix.com/privacy-policy/; (xix) Sentry.io, to monitor our frontend. Sentry.io privacy policy is available at: https://sentry.io/privacy/.
Please note that we may share the following categories of personal information with Third Party Service Providers for a business purpose: online identifier, internet protocol address, country, state and city, external ID, Zip Code, Facebook Click ID or other similar identifiers; commercial information, for example information regarding products or services purchased, obtained, or considered.
-
Payment Processors. If you choose to use our Premium Edition, we will use a third- party payment processor/provider (the “Payment Processor(s)”) in order to collect your payment. The Payment Processors are authorized and regulated to handle your payment details and may not use your personal information for any purposes other than providing you with these services. Please note that the Payment Processors are independent controllers of your data, and will process your payment information in accordance with the applicable Payment Processor’s privacy policy. Please note that the Payment Processor may (as applicable) save and reuse your payment details for subsequent payments, in the event of a recurring transaction. The Payment Processors we are currently engaging are:
Payment Processor/Provider Privacy Policy Cleverbridge https://store.reasonsecurity.com/1679/?scope=opprivacy Stripe https://stripe.com/privacy Paypal https://www.paypal.com/us/legalhub/privacy-full -
With our corporate affiliates - from which we receive services, such as IT, security, storage, and other internal operations.
-
To detect and prevent fraud, security and other issues of technical nature.
-
To protect our rights as well as the rights of our users.
4. Information about children
This site is not intended for, or designed to attract, children. We do not collect personally identifiable information from any person we actually know is an individual under the age of 13. If you become aware that your child has provided us with personal information, please contact us at support@reasonlabs.com.
5. About our advertising policies
We utilize third party vendors such as Google to provide advertising on our Website. These vendors, including Google, use cookies to serve ads based on a user's prior visits. Further, cookies are set in order for us to provide our Service and ensure that it performs properly, to analyze our performance and marketing activities, and to personalize your experience. Google's use of cookies enables them and their partners to serve ads to users based on their visit to our web site and/or other sites on the Internet. Users may opt out of the use of the DoubleClick cookies for interest-based advertising by visiting the ads preference manager. You may also visit aboutads.info to opt out of a third-party vendor's use of cookies for interest based advertising.
Please note that we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application, however, most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser.
6. Data Subject Rights
If you wish to exercise your privacy rights under any applicable law, including the EU or UK General Data Protection Regulation (collectively, the “GDPR”), the Swiss Federal Act on Data Protection (the “FDPA”), the California Consumer Privacy Act (the “CCPA”), the California Privacy Rights Act (the “CPRA”), the Virginia Consumer Data Protection Act (the “VCDPA”), the Utah Consumer Privacy Act, Utah Code Ann. §13-61 ("UCPA"), the Connecticut Personal Data Privacy and Online Monitoring Act § 42-518 ("CTDPA"), or the Colorado Privacy Act Code § 6-1-1301 (2022) ("CPA"), please send us an email to: support@reasonlabs.com. We will make reasonable efforts to accommodate your request, as applicable to privacy laws. Please note that we may ask for additional information, in order to authenticate and validate your identity and process your request (including personal data).
You may have different privacy rights, depending on your country or state of residence, please see further details in the sub-sections below (as applicable to you):
-
European Economic Area (“EEA”) and United Kingdom (“UK”) and Switzerland:
If you are located in the EEA, UK or Switzerland, the GDPR or FDPA (as applicable) apply to you.
We act as controllers and process personal information as necessary for the performance of our agreement with you.
When we process your personal information upon your usage of our Services, we do so on the basis of your consent. Providing such personal information and using our Services, as well as your acceptance of this Privacy Policy and our TOS, shall be deemed as your consent to the processing of your personal information for all purposes detailed under this Privacy Policy. If you wish to revoke your consent, please contact us at Support@reasonlabs.com.
We may also process your personal information to comply with applicable legal requirements and/or obligations, and to support our legitimate interests in developing, maintaining, and improving our Services to allow better threat intelligence resources.
Please note that under the GDPR or FDPA you may the following rights (each, to the extent available under the law which applies to you):
-
Right to Access: You have the right to request access to the personal information that we hold about you.
-
Right to Receive Information: You have the right to receive information concerning the processing of your personal information.
-
Right to Block: You have the right to request to block or restrict the processing of your personal information.
-
Right to Erasure (Deletion): You have the right to ask that we erase (the “right to be forgotten”) and rectify your personal information (that we process as controllers).
-
Right to Object: You have the right to object to processing, which is based on our legitimate interests.
-
Right to Withdraw Your Consent: You have the right to withdraw your consent for the processing of your personal information.
To submit a request for exercising your rights, please contact us at the following address: support@reasonlabs.com. Note that the processing of your request is subject to verification of your identity.
If we have not addressed your concerns, note that you also have a right to file a complaint with the applicable supervisory authority (e.g., of your domicile or country).
-
United States of America:
If you are a resident of California/Virginia/Utah/Connecticut/Colorado, the CCPA, CPRA, VCDPA, UCPA, CTDPA or CPA (and/or similar state laws, as applicable) apply to you, and this section explains your rights under State privacy laws and contains disclosures required by law.
For the purposes hereof,** we collect personal information as a business (as defined under applicable privacy state laws). Such information is used and disclosed for “business purposes”.
Please note that under the CCPA, CPRA, VCDPA, UCPA, CTDPA or CPA (and/or similar state laws, as applicable) you may the following rights (each, to the extent available under the law which applies to you):
-
Right to Know: You have the right to know the categories and specific pieces of personal information that are being collected about you.
-
Right to Disclose: You have the right to ask that we disclose certain information about our collection and/or use of your personal information during the past 12 months.
-
Right to Delete: You have the right to ask that we delete the personal information we have collected from you and retained.
-
Right to Opt-Out: You have the right to opt out of the 'sale' of your personal information by a business.
-
Right to Equal Service and Price: You have the right not to receive discriminatory treatment for exercising the mentioned rights.
To submit a request for exercising your rights, please contact us at the following address: support@reasonlabs.com. Note that the processing of your request is subject to verification of your identity. You may also appoint an authorized agent to exercise these privacy rights on your behalf (subject to certain limitations such as identity verification process and the submission of written approval to act on your behalf).
This Privacy Policy describes what personal information we may collect and its sources, how it is deleted and retained. Furthermore, we have provided information about our processing of your information. Note that we may share (as such term is defined under the CPRA) information with third parties such as business partners who have accepted our contractual limitations as to their disclosure, use, and retention of such personal information. Nevertheless, for the purposes and intents of the CCPA or CPRA, we do not sell your personal information.
7. Retention
We will store information collected from you for as long as you are using our Software. If you decide to uninstall the Software, your data will be retained for an additional period of 30 days, following which, it will be deidentified.
8. Storage and Cross-Border Transfers of Personal Information
The nature of our products requires us and our service providers to store, maintain and process your data globally, in order to meet our legal obligations and to provide you with our Services effectively.
Several countries can be involved, including the U.S., European countries, Israel, and others. In some cases, countries outside of the EEA might be involved in the data transfer process.
While privacy laws may differ from country to country, we and our service providers will adhere to the standards we have set for ourselves in this Privacy Policy, and apply appropriate measures to prevent misuse of your personal information (such as the standard contractual clauses approved by the European Commission for data transfers) and ensure that it remains secure, regardless of whether or not the data laws of that country require us to do so.
Situations in which we transfer personal information outside the EEA include (but are not limited to): providing our products, processing transactions and payment details and providing support Services. Moreover, a transfer outside the EEA can also occur as part of M&A transactions, where the purchaser is located outside the EEA.
9. How can we modify this Privacy Policy?
We may revise this Privacy Policy from time to time, and will post the most current version on our website. Accordingly, please visit this Privacy Policy regularly to check for any changes.
10. How can you contact us?
If you have any questions, comments or concerns regarding this Privacy Policy and/or our practices, please send an e-mail to support@reasonlabs.com.
11. Representative for Data Subjects
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:
- United Kingdom (UK)
- European Union (EU)
- Switzerland
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://prighter.com/q/12015696620