eBook Now Available: Using Farsight Passive DNS for Incident Response - Download now!

Privacy Policy

Version 2.0 – Updated 05.23.2018

Skip directly to the GDPR Appendix.

Introduction

This Privacy Policy identifies the privacy practices of Farsight Security, Inc. ("Farsight") with respect to our website ("Site") and subscription services ("Service"). This includes the information collected or obtained by us, including information that can be used to identify you or others personally ("Personal Information"), through your access or use of the Site or Service as a visitor, customer of Farsight or contributor of data for the Service. For more information about Farsight and EU General Data Protection Regulation (hereafter "GDPR"), see Appendix A on this page below.

Your Consent

Please read this Privacy Policy carefully. By accessing or using the Site or Service you acknowledge and consent to our Privacy Policy.

Information We Collect

When you visit the Site, or access or use the Service, we may collect or obtain the following information:
  • information provided with your communications to Farsight (for instance, emails and phone calls) including for sales support, technical support and requests for information and materials
  • information provided with your application for a subscription to the Service or when you seek to become a contributor of data for the Service
  • information regarding how you access, use or interact with the Site or Service
  • information sent by your browser, computer or device whenever you visit the Site, or access or use the Service, such as (i) your IP address (which may identify your general location), (ii) the type of browser, computer or device you use, (iii) technical information about the means of connection to the Site or Service (for instance, the operating system, the Internet service provider utilized and other similar information), (iv) the page that led you to the Site, and (v) the search terms you typed into a search engine that led you to the Site
  • information that you input, or provide to Farsight for inputting, to the Service (for example, search queries) when accessing and using the Service as a customer or trial user of the Service
  • data originating from your network, including but not limited to raw internet traffic flow data, that you select to send through the Farsight sensor array for the Service when you have consented to contribute data for the Service

Personal Information

During your visit to the Site, you may be requested to voluntarily provide certain Personal Information. You may refrain from submitting such Personal Information; however, failure to provide such Personal Information may prevent you from acquiring a subscription to the Service, receiving certain information or materials, receiving sales support or technical support, or engaging in other Site related activities. When you apply for a subscription to the Service, contact Farsight for information or materials, sales support or technical support, or seek to become a contributor of data for the Service, we may collect certain Personal Information, which may include your name, company name, mailing address, email address, phone number, payment information (including credit card information) and other information personal to you or your business.

Farsight has designed and deployed a sensor array for its Service that deliberately avoids capturing any Personal Information, including the identity of end users or the domain name system (DNS) lookup transactions caused by end users’ actions. The passive DNS sensors only listen to the cache miss resolution transactions between recursive name servers and internet-bound authoritative name servers, and specifically not between end user stub resolvers and recursive name servers. Therefore, the Service does not provide customers or potential customers with, and the data that you have agreed to contribute through the Farsight sensor array for the Service will not contain, any Personal Information.

How We May Use Collected Information

We may use the information that we collect or obtain from you to:
  • provide the Site and Service, and related sales support (including processing orders, billings and payments, and advising on account status), technical support and other requested information
  • improve the Site and Service, which may include diagnosing problems, developing new features and services, and responding more efficiently to service requests and support needs
  • send you emails and other communications providing you with information and updates pertaining to the provisioning, availability or reliability of the Service and responding to inquiries, questions and/or other requests initiated by you
  • send you emails, newsletters, information and materials about Farsight, the Service and other Farsight products and services
  • conduct market research about Farsight customers and their interests, and the effectiveness of Farsight marketing campaigns
  • aggregate and analyze the information collected or obtained by Farsight, including Personal Information, for the above stated purposes and for analyzing industry trends and sharing aggregated, anonymized information with third parties for marketing, advertising, research, analytics and similar purposes

Cookies and Tracking

Like most websites and many other service providers, we use cookies and other tracking mechanisms to track information about your access and use of the Site and Service. Cookies are small text files stored on your browser when you use websites and applications. You can control how websites use cookies by configuring the privacy settings within your browser. We honor ‘do not track signals’ and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place. However, if you disable cookies entirely, the Site and/or the Service may not function properly.

How We Protect Your Information

We maintain reasonable data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your Personal Information, username, password, transaction information and data stored on the Site or Service. All data exchanged between the Service and Farsight customers will happen over an encrypted channel.

Please be aware, however, that no security controls are 100% effective and no method of transmitting information over the internet or storing information is completely secure. Therefore, Farsight cannot, and does not, ensure, guarantee or warrant the security of any information, including your Personal Information.

Sharing Your Personal Information

We do not sell, trade, rent or otherwise transfer your Personal Information to outside parties. This does not exclude us from sharing the information with trusted third parties who assist us in the operation, performance, administration, marketing or distribution of this Site or the Service so long as these parties agree to keep this information confidential. Such parties are not permitted to use your Personal Information for their own purposes. We may also release your Personal Information when we believe release of such information is appropriate to comply with the law, enforce our policies, or protect our or others’ rights, property and safety.

We may share and publish aggregated information that does not specifically identify you and is not linked to any of your Personal Information, such as statistical information about visitors to the Site or statistical information about how customers access and use the Service.

Corporate Event Transfers

Information that we collect or obtain from you, including Personal Information, is considered a business asset. If we merge with or are acquired by another company or sell the Site or Service, or if all or a substantial portion of our assets are acquired by another company, your information will likely be one of the assets that is transferred.

Links to Third Party Websites and Services

You may find content on the Site or Service that links to the websites or services of our partners, suppliers, licensors or other third parties. We do not control the content or links that appear on these websites or services and are not responsible for the practices employed by websites or services linked to or from our Site or Service. In addition, these websites or services, including their content and links, may be constantly changing. These websites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website or service, including websites or services which have a link to the Site, is subject to that website's own terms and policies.

Changing or Deleting Stored Information

If you believe that we have recorded inaccurate Personal Information about you, or wish to delete certain Personal Information, please report this via e-mail to privacy@farsightsecurity.com. We will take steps to delete your information as soon as is practicable, but some information may remain in archived/backup copies for our records or as otherwise required by law. We may need to retain certain information about you for legal and internal business reasons, such as fraud prevention. We will retain your Personal Information for as long as it is necessary to provide you with the Site and Service that you are eligible to use with your Farsight ID and as needed to comply with our legal obligations and enforce our agreements.

COPPA (Children Online Privacy Protection Act)

The Site and Service are not directed to children under 13 years of age and we do not knowingly collect Personal Information from children under 13 years of age. If we learn that we have collected Personal Information of a child under the age of 13 we will take steps to delete such information from our files as soon as possible.

Notification of Breach of Security

We will make any legally required disclosures of any breach of the security, confidentiality or integrity of your unencrypted electronically stored “personal data” (as defined in the applicable statutes) to you via email or conspicuous posting on the Site in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

Removal from Email and Newsletter Lists

We will include detailed unsubscribe information at the bottom of each email or newsletter we send if you wish to unsubscribe from receiving future emails. Additionally, you may unsubscribe and stop receiving future emails from us by emailing Farsight at: privacy@farsightsecurity.com

International Transfer

Your Personal Information may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your Personal Information to us, we may transfer your Personal Information to the United States and process it there. Your use of any of the Service followed by your submission of any Personal Information represents your agreement to that transfer.

Changes to this Privacy Policy

We may, at our sole discretion, update this privacy policy at any time. We encourage you to frequently check this page for any changes. Your further use of the Site or the Service will constitute your acknowledgement and agreement to the new current privacy policy.

Appendix A. GDPR

The EU General Data Protection Regulation (hereafter "GDPR") went into effect on May 25th, 2018, helping to protect the privacy of European Union data subjects' personal information. We are providing the following information to help clarify Farsight's position vis-a-vis the GDPR. All references to "articles" or "articles and sections" relate to the text of the GDPR as available from http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC.

  • Territorial Scope ("Is The GDPR Applicable to Farsight?")
    • Farsight Security, Inc. (hereafter "Farsight") is not a company established in the EU (relevance: GDPR Art. 3 Sec. I).
    • Farsight does not monitor the behavior of EU data subjects (relevance: GDPR Art. 3 Sec. 2(b)).
    • Farsight does offer goods or services to EU data subjects (relevance GDPR Art. 3. Sec. 2(a)). Therefore, Farsight does have obligations under the GDPR to natural persons who are EU data subjects and to whom Farsight has offered goods or services.
  • GDPR-Required Article 13 Notices:
    • The controller for personal data (as defined in GDPR Art. 4 Sec. 1) collected by Farsight is Farsight itself. Farsight can be contacted at Farsight Security, Inc., 177 Bovet Road, Suite 180, San Mateo, CA 94402. Email: privacy@farsightsecurity.com (GDPR Art 13. Sec. 1(a))
    • With respect to GDPR Art 13. Sec. 1(c), personal data is collected for billing purposes and general business-related correspondence, customer support, and operational notifications (including privacy- and security-related notices). Lawful bases for collecting this information are:
      • Farsight collects customer/user data when "necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract," see GDPR Art. 6. Sec 1(b).
      • Farsight seeks explicit informed consent for all other data collection and processing involving natural persons who are EU data subjects and to whom Farsight has offered goods or services, see GDPR Art. 6 Sec. 1(a).
    • Recipient of the personal data consists of management-approved company employees. (GDPR Art. 13 Sec. 1(e))
    • Personal data is stored for the duration of pre-contractual negotiations, plus the duration of any contracted services, plus a further period consistent with industry-standard record-retention practices (e.g., normally three years for routine correspondence). (GDPR Art. 13 Sec. 2(a))
    • If you are a natural person who is an EU data subject and someone to whom Farsight has offered goods or services, you have the right to: access your data, correct any inaccuracies, request erasure of your personal data, restrict processing of your data, and to object to its processing. You also have the right to data portability. You may withdraw your consent at any time. You may lodge a complaint with a supervisory authority. (GDPR Art. 13 Sec. 2(b)-(d))
    • Without your personal data we cannot enter into a contract with you. For example, without your contact information such as name, phone number and email address, it will be impossible for us to communicate with you for billing purposes and general business-related correspondence, customer support, and operational notifications (including privacy- and security- related notices). (GDPR Art. 13 Sec. 2(e))
  • GDPR Art. 30 Sec. 5 Status:
    • Farsight is an enterprise employing fewer than 250 persons.
  • GDPR Art. 37 Sec. 1 Data Protection Officer Determination:
    • None of the "trigger conditions" from Art. 37 Sec. 1 exist, therefore Farsight is not required to name a Data Protection Officer.
  • Conflicts:
    • In the event of a conflict between this Appendix and the main body of the Privacy Policy, the terms of this Appendix shall prevail.

Version 1.0
Updated 05.23.2018

Contacting Us

If you have any questions about this Privacy Policy, the practices of this Site, or your dealings with this Site, please contact us at:

Farsight Security, Inc.
177 Bovet Road, Suite 180
San Mateo, CA 94402

privacy@farsightsecurity.com