Welcome to CloudGuard’s Privacy Policy

1. Introduction and scope

This Privacy Policy applies between you, the User of this Website, and CloudGuard Ltd and CloudGuard Inc (collectively ” CloudGuard “), the owner and provider of this Website and associated services. CloudGuard takes the privacy of your information very seriously.

This Privacy Policy applies to our use of any and all data collected by us or provided by you in relation to your use of the Website. You may opt out of any Cookie or data collection at any time by rejecting the request process. You may select only necessary data collection and subsequently request removal.

Additionally, this Privacy Policy extends to customer system data stored within CloudGuard’s Azure tenant for analytics and trending purposes. This includes system-related metadata collected from customer environments.

This Privacy Policy should be read alongside, and in addition to, our Terms and Conditions, available at: https://cloudguard.ai

2. Definitions and interpretation

In this privacy policy, the following definitions are used:

Data collectively all information that you submit to CloudGuard via the Website. This definition incorporates, where applicable, the definitions provided in the Data Protection Laws;
Cookies a small text file placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website. Details of the Cookies used by this Website are set out in the clause below (Cookies);
Data Protection Laws any applicable law relating to the processing of personal Data, including but not limited to the Directive 96/46/EC (Data Protection Directive) or the GDPR, and any national implementing laws, regulations, and secondary legislation, for as long as the GDPR is effective in the UK;
GDPR the General Data Protection Regulation (EU) 2016/679;
CloudGuard Ltd,

CloudGuard Inc or us

CloudGuard Ltd, a company incorporated in England and Wales with registered number 12813004 whose registered office is at CloudGuard, Room 202, Unit 6, Albion House, High Street, Woking, GU21 6BG;
UK and EU Cookie Law the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011;
User or you any third party that accesses the Website and is not either (i) employed by CloudGuard Ltd and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to CloudGuard and accessing the Website in connection with the provision of such services; and
Website the website that you are currently using, www.CloudGuard.ai, and any sub-domains of this site unless expressly excluded by their own terms and conditions.

 

In this privacy policy, unless the context requires a different interpretation:

  • The singular includes the plural and vice versa;
  • References to sub-clauses, clauses, schedules, or appendices are to sub-clauses, clauses, schedules, or appendices of this privacy policy;
  • A reference to a person includes firms, companies, government entities, trusts, and partnerships;
  • “including” is understood to mean “including without limitation”;
  • Reference to any statutory provision includes any modification or amendment of it;
  • The headings and sub-headings do not form part of this privacy policy.

3. Data collected

CloudGuard collects and processes the following categories of data:

a) Website data

  • Identity Data: First name, last name, username, title, job title, company name, number of employees and users.
  • Contact Data: Email address, phone number, company address, company website.
  • Transaction Data: Records of products and services purchased.
  • Technical Data: IP address, browser type, operating system, time zone settings, and session activity.
  • Profile Data: Username, password, preferences, feedback, survey responses.
  • Usage Data: Information about how you use our Website and services.
  • Marketing Data: Preferences for receiving marketing communications.

b) Customer system data

  • Server names/host names.
  • IP addresses.
  • Potential usernames (pseudonymised where applicable).
  • Contact names (if applicable).
  • System metadata for performance and security analytics (including file hashes, message IDs, and URLs).

This data is stored in CloudGuard’s Azure tenant for up to 12 months before automatic deletion.

  1. c) We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice
  2. d) We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

4. Legal basis for processing

We process personal data based on the following lawful bases:

  • Legitimate interests: For analytics, system performance monitoring, and security enhancement. Developing our services and growing our business through our marketing strategy.
  • Contractual obligations: Where data collection is necessary to fulfil a service agreement.
  • Legal compliance: To meet regulatory and security requirements.

5. Purposes for which we will use your personal data

Subject to section 5a, we will not share any of your data with any third parties. Your personal data will only be used for the reasons it was initially collected, unless we find a justifiable need to use it for a different purpose that aligns with the original intent. If you would like an explanation on how the processing for the new purpose aligns with the original purpose, feel free to reach out to us.

  1. In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, where we participate in legal proceedings, where we are complying with legal obligations, a court order, or a governmental authority.
  2. We may sometimes contract with third parties to supply products and services to you on our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising, and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.
  3. We may compile statistics about the use of our site including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.

6. Sharing of data

CloudGuard does not sell personal data. Data may be shared:

  • With affiliates or group companies.
  • With trusted third-party service providers for marketing and analytics (e.g., LinkedIn, Microsoft, SAP).
  • If legally required to comply with a court order or regulatory body.
  • With prospective buyers in the event of a business transfer.

7. Security and access controls

To protect stored customer data, CloudGuard employs:

  • Encryption: All stored data is encrypted at rest and in transit.
  • Access Control: Restricted access via Role-Based Access Control (RBAC).
  • Logging & Monitoring: Continuous tracking of access and modifications.
  • Anonymisation & Pseudonymisation: Data is anonymised where possible.
  • Data Segmentation: Logical separation of customer data.

8. Data retention and deletion

  • Unless a longer retention period is required or permitted by law, we will only hold your Data on our systems for the period necessary to fulfil the purposes outlined in this privacy policy or until you request that the Data be deleted. Customer System Data is retained for a maximum of 12 months before secure deletion.
  • Backup copies containing system data are securely erased following the retention period, however, some Data may persist on backup or archival media for legal, tax or regulatory purposes.
  • Users may request earlier deletion of their stored data, subject to verification.

9. Your rights

As a data subject, you have the following rights:

  • Right to access– the right to request (i) copies of the information we hold about you at any time, or (ii) that we modify, update, or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is “manifestly unfounded or excessive.” Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.
  • Right to correct– the right to have your Data rectified if it is inaccurate or incomplete.
  • Right to erase– the right to request that we delete or remove your Data from our systems.
  • Right to restrict our use of your Data– the right to “block” us from using your Data or limit the way in which we can use it.
  • Right to data portability– the right to request that we move, copy, or transfer your Data.
  • Right to object– the right to object to our use of your Data including where we use it for our legitimate interests.

To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your Data (where consent is our legal basis for processing your Data), please contact us via this e-mail address: [email protected].

10. Breach notification and incident response

If a data breach occurs, CloudGuard will:

  • Assess the impact and notify affected users promptly.
  • Inform the Information Commissioner’s Office (ICO) within 72 hours, if required.
  • Provide remediation steps as necessary.

11. Cookies

For details on our use of cookies, please refer to our Cookie Policy.

12. Changes of business ownership and control

CloudGuard may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of CloudGuard. Data provided by Users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use the Data for the purposes for which it was originally supplied to us.

We may also disclose Data to a prospective purchaser of our business or any part of it.

In the above instances, we will take steps with the aim of ensuring your privacy is protected.

13. External links

This Website may provide links to other websites. CloudGuard is not responsible for the privacy policies of external sites.

14. General

You may not transfer any of your rights under this privacy policy to any other person. We may transfer our rights under this privacy policy where we reasonably believe your rights will not be affected.

If any court or competent authority finds that any provision of this privacy policy (or part of any provision) is invalid, illegal, or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy policy will not be affected.

Unless otherwise agreed, no delay, act, or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.

15. Changes to this Policy

CloudGuard reserves the right to update this Privacy Policy as required. Changes will be communicated via the Website.

For queries, contact CloudGuard’s Data Protection Officer at [email protected].