At HEXACT, Inc. (“HEXACT”), we appreciate your interest in our websites, products, services, and our mobile applications (collectively, our “Services”). Your privacy is very important to us and we have created this privacy statement in order to demonstrate our commitment to you, our customers and visitors who use our websites, products or services (collectively, our “Users”), through transparent, easy-to-understand information regarding our data practices. This privacy policy sets out information about how we collect, store, process, transfer, and use personal data, which is data that relates to an identified or identifiable natural person (“Personal Data”).

Information Covered by this Privacy Policy
This privacy policy covers personal information, including any information we collect, use and share from you, as described further below. This privacy policy applies to all HEXACT Services. This privacy policy does not cover how our Users may use or share data that they collect using our services.

1) Why, How and What Personal Data is collected?
HEXACT collects data in order to develop and offer Services dedicated to research, testing and monitoring of websites and domain names. In the context of our Services, we may collect Personal Data about you in several ways and may include:

Personal Data provided by you.
You may provide us with Personal Data voluntarily in connection with purchasing our Services, registering for a HEXACT user account, requesting information or support from HEXACT via phone, email, or our website. We may collect your name, company name, email address, phone number, geographic location and industry, information from correspondence with you, your account alias and password for user log-in, information related to the use of our Services, payment information such as billing address or credit card information, and additional Personal Data you provide to us. While you are free to choose what information you provide to us, some information, such as your name, address, payment information, and information about your Services usage or subscription may be necessary for the performance of our contractual obligations. If you do not provide such information to us, you will not be able to license or use certain Services.

Personal Data collected via technology.
As you use our Services, we may collect Personal Data through the use of cookies and other technologies. For detailed information about our use of cookies, please see the section of this Privacy Policy entitled “What cookies do we use?”

Personal Data we receive from third parties.
We may receive Personal Data about you from third parties such as social media sites, law enforcement agencies, promotional partners, and other marketing vendors. This information may include your name, address, email address, and phone number.

Personal Data associated with internet domain names.
We collect publicly-available domain and DNS related information (often referred to as Open Source Intelligence or OSINT) from entities tasked with coordinating the internet’s global domain name system. This information (“DNS related information”) may include the name, address, phone number, and email address of a domain registrant, administrative contact, or technical contact.

2) The reasons to collect and use your Personal Data?
The reasons we collect and use Personal Data differ depending on the purpose of the collection.

We use your Personal Data in order to offer or provide Services to you.
If you license Services from HEXACT or contact us to request Services or Services support, we use your Personal Data to provide Services to you. Personal Data we use for this purpose includes information we need to contact you and communicate with you, information to provide you with individualized offers, information to manage and execute your requests, and information necessary to obtain payment.

We use your Personal Data when supported by legitimate business interests.
We may use Personal Data in connection with a legitimate business interest, such as to evaluate and review our business performance or to identify potential cybersecurity threats to our Services, networks, or systems. If necessary, we may also use your Personal Data to pursue or defend ourselves against legal claims. If you use our Services, we may use your Personal Data to provide and improve those Services.

We collect and use DNS related information that is publicly available at the time of collection, and that may contain Personal Data, to provide Services to users, to maintain and improve those Services, and to develop new Services. These Services include tools to help our users prevent, detect, investigate, or mitigate cybersecurity threats, fraud, and misuse; protect intellectual property rights; research the history of a domain; or contact the registrant, administrative contact, or technical contact of a domain.

We use your information after obtaining your consent.
In some cases, we may ask you to grant us separate consent to use your information, for example, in connection with our marketing campaigns. In that event, you are free to deny your consent or withdraw your consent at any time without any negative consequences. If you have granted us consent to use your information, we will use it only for the purposes specified in the consent. You may unsubscribe from our marketing communications at any time by sending an email to [email protected] or clicking the “unsubscribe” link in communications you receive from us.

We use your information to comply with legal obligations.
We may be legally obligated to retain certain Personal Data.

We will only use your Personal Data for the purposes for which we have collected it. We will not use your Personal Data for other purposes. Your Personal Data will not be used for automated individual decision-making.

3) Does HEXACT share your Personal Data with third parties?
We share your Personal Data with your consent or as necessary to provide you with Services you have requested or purchased. Additionally, we may share Personal Data with our affiliates; vendors working on our behalf; where required by law; to maintain the security of our Services; or to protect the rights or property of HEXACT. We also share DNS-related information obtained from publicly available sources via our Services to our customers and users. Specifically, we may share Personal Data in the following circumstances:

Service providers and advisors.
Third party vendors and other service providers may have access to your Personal Data if they perform services for us or on our behalf. These providers may support our marketing efforts (including sales outreach, communications management, and event support), provide business productivity solutions and applications to us (such as tools for messaging, email, and document creation, accounting and payment processing, or customer relations management), offer professional services (such as tax, accounting, or legal services), or assist with network or systems support, maintenance, and security. These third party vendors include: Amazon Web Services, Inc., Google LLC, Stripe, Inc., Slack Technologies, Inc., Cisco Systems, Inc.

Purchasers and third parties in connection with a business transaction.
Personal Data may be disclosed to third parties in connection with a HEXACT-related transaction, such as a merger, sale, reorganization, financing, change of control or acquisition of all or a portion of our business, or in the event of a bankruptcy or similar proceedings.

Law enforcement, regulators, and other parties for legal reasons.
We may disclose Personal Data to third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) enforce our legal claims or to protect the security or integrity of our Services; or (c) exercise or protect the rights, property, or personal safety of HEXACT, Services users, or others.

The public.
Certain Services make DNS related information available to the public without charge. Other Services, such as reporting, monitoring, and analysis of DNS related information are provided to registered customers for a fee.

4) How your Personal Data is kept?
We will store Personal Data as long as necessary to fulfill the purposes for which we collect it, in accordance with our legal obligations and legitimate business interests. We retain Personal Data related to a customer until the expiration of any legal retention requirement or limitations period for claims related to that relationship. We retain marketing-related information for potential customers until the conclusion of our relationship with that individual or the receipt of a request to delete such Personal Data. We retain DNS-related information for as long as it is used in connection with the delivery, maintenance, support, and development of our Services.

5) How do we protect your Personal Data?
We implement appropriate technical and organizational security measures to protect your Personal Data against accidental or unlawful destruction, loss, change, or damage, as well as any unauthorized access to or disclosure of Personal Data on our systems. All Personal Data we collect will be stored on our secure servers. When you provide sensitive information to us (such as payment information when purchasing a Service via our website), we undertake to encrypt this information using secure socket layer (“SSL”) or similar technology. In order to benefit from these protections you must use an SSL-enabled web browser.

6) How do we safeguard your Personal Data when there is an international transfer?
Because HEXACT is located in the United States, Personal Data provided to us will be processed and stored in the United States. If you are in the European Union, Switzerland, or European Economic Areas, this may mean that your Personal Data will be stored in a jurisdiction that offers a level of protection that may, in certain instances, be less protective than the jurisdiction in which you reside.

For this reason, we have entered into guarantees to ensure appropriate safeguards. If we transfer information of individuals who reside in the European Union, Switzerland, or European Economic Areas to third parties outside of those jurisdictions and to countries not subject to regulations that are considered to provide an adequate standard of data protection, we will either enter into contracts that are based on the EU Standard Contractual Clauses with these parties or we will rely on our certification to the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. HEXACT complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. HEXACT has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. As part of our participation in Privacy Shield, we are subject to the investigatory and enforcement powers of the US Federal Trade Commission. If you have questions or concerns about our Privacy Shield certification, please contact us at the address identified in the section of this Privacy Policy entitled “How to contact us.” HEXACT has further committed to refer unresolved Privacy Shield complaints to Judicial Arbitration and Mediation Services (JAMS), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaints to your satisfaction, please contact or visit www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles, available at https://www.privacyshield.gov/article?id=ANNEX-I-introduction. HEXACT remains responsible for any of your personal information that is transferred to third party agents or service providers that perform services on our behalf.

We will take reasonable steps to ensure that your personal information is treated securely and in accordance with applicable law and this Privacy Policy.

7) What cookies and tracking technologies do we use?
We, and our third-party partners, automatically collect certain types of usage information when you visit our Services or otherwise engage with us. We typically collect this information through a variety of tracking technologies, including cookies, web beacons, embedded scripts, location-identifying technologies, file information, and similar technology (collectively, “tracking technologies”). You may use browser controls or tools made available by third parties to control tracking technologies.

For more information about Cookies, how to manage and opt out from cookies, please visit Cookie Policy.

8) What rights and choices do you have?
If you are a resident of the European Union and we hold your Personal Data, you have specific rights under applicable privacy law:

Right of access.

The right to obtain access to your Personal Data.

Right to rectification.

The right to obtain rectification of your Personal Data without undue delay where that personal information is inaccurate or incomplete.

Right to erasure.

The right to obtain the erasure of your Personal Data without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed.

Right to restriction.

The right to restrict us from processing your Personal Data in certain circumstances, such as where you contest the accuracy of the Personal Data.

Right to object.

You have a right to object, on grounds relating to your particular situation, to processing based on our legitimate interests. You can object to marketing activities for any reason.

Additionally, EU residents have the right to lodge a complaint with their local data protection authority. Further information about how to contact your local data protection authority is available at https://ec.europa.eu/info/law/law-topic/data-protection_en.

9) How to contact us
If you have any questions or concerns about our Privacy Policy or if you want to exercise your rights, please send an email to [email protected] .

10) Online Privacy Policy Updates
We may update our privacy policy from time to time. When we change the privacy policy in a material manner, we will update the “last modified” date at the top of this page. Please review our policies regularly as updated policies will apply to your future use of our Services.