June 07, 2024

Privacy Policy

ABOUT US

Trickest Hive d.o.o. based in Belgrade – Republic of Serbia and our existing affiliates (including our parent company Trickest Inc.) or future affiliates (collectively “Trickest” or "we," "us" or "our") are the controllers with respect to your data. This means that we determine the purpose and manner in which your personal data is processed. The contact entity for any questions regarding how your personal data is being processed is „Trickest Hive“ d.o.o. Belgrade – Republic of Serbia, a limited liability company, operating and registered under the laws of the Republic of Serbia, with its registered headquarters in Humska 6, Apt 28, Belgrade, Serbia, or at: privacy@trickest.com

TRICKEST AS CONTROLLERTRICKEST AS PROCESSOR
We are the data controller when we collect and use information as described herein. In this case we are responsible for determining use of the Platform, and for ensuring that all legal requirements applicable to processing of personal information through our Platform are ensured.We are the data processor when our customers collect and use information as described herein. In this case data controller is the customer who is solely responsible for determining how to use the Platform, and for ensuring that all legal requirements applicable to processing of personal information through our Platform are ensured.

WHAT DOES THIS PRIVACY POLICY COVER

This privacy policy describes how Trickest will make use of your information in the context of your use of our Platform (defined as our websites, software, support, including documentation) and for marketing, sales, and advertising initiatives.

WHAT ARE WE DOING AND WHAT INFORMATION DOES TRICKEST COLLECT ABOUT ME?

Trickest is a cybersecurity company developing ethical hacking and cybersecurity tools focused on empowering its users to proactively assess, identify and address information technology and system infrastructure vulnerabilities.

TRICKEST GENERAL USE, REGISTRATION, AND CUSTOMER SUPPORT

When you register to use Trickest website, create an account, or contact us for support or other offerings, we collect information that identifies you such as:

  • Natural or Legal Person: Full Name; Company name; Email address;
  • Hardware: IP address; User Agent; Operating System; Browser;
  • Activity: Security Enhancement Program “SEC” details; People with whom you communicate or share content or SEC requests; Types of apps and websites of interest; Activity on third-party sites and apps that use our services; Types of industries and services of interest; Content uploaded to the Platform; and Content of customer support communications.

We may combine information provided by you to ensure accuracy of the data with information from third party sources, and we may also collect information to detect, prevent, or otherwise address fraud, security, or technical issues, as well as to protect against harm to the rights, property or safety of our company, employees, users, vulnerable categories, or the public.

TRICKEST WEBSITE

We collect information about how you use our website. This information may be associated with your device or browser, or it may be associated with your Trickest account and includes:

  • Hardware: IP address; User Agent; Operating System; Browser;
  • Route: Webpage that led you to our website;
  • Activity: Search terms entered into a search engine which lead you to our website; Use and navigation of websites and apps (collected through cookies and similar technologies, or by our servers when you are logged in to the app or website); Analysis of your content (e.g., documents, workflows, photos, videos, activity logs, other data points and direct feedback from you) which is sent or received using an online feature of our website, or which is stored on our servers (e.g., usage logs regarding the use of the Platform, including logins and other actions taken, time stamps, and other usage data).

TRICKEST EMAILS AND TEXTS

Emails we send you may include web beacons through which we see if you have received or opened the email, or clicked a link in the email (you can opt out from collection and receiving our marketing).

TRICKEST ADVERTISING

We may advertise online, including displaying our ads to you on other companies' websites and on social media platforms, such as Facebook. Trickest website uses cookies and similar technologies that allow us to gather additional information to measure and improve the effectiveness of our advertising, such as:

Trickest uses the information we collect about you for the following purposes:

To comply with a contract, or take steps linked to a contract: this is relevant where you register to use an Trickest website (whether paid, or as a free trial). This includes:

  • Providing you with the requested websites;
  • Verifying your identity;
  • Processing payments;
  • Sending you communications (for example, related to payments);
  • Sending communication related to an SEC; and
  • Providing customer service or support.

As required by Trickest to conduct our business and pursue our legitimate interests, in particular:

  • Providing you with the website for which you have registered;
  • Analyzing your use and measuring effectiveness of our website;
  • Sending you information about our products and services and similar information;
  • For various events which we may organize;
  • For recruitment purposes;
  • Sharing your information with 3rd parties for their own marketing purposes (where your consent is not required);
  • Analyzing your use and content on the website to customize marketing communications (where your consent is not required);
  • Analyzing your content through techniques such as machine learning to improve our Platform (where your consent is not required);
  • Create aggregated statistical data, inferred non-personal data, or anonymized or pseudonymized data (rendered non-personal and non-identifiable), which we or our partners or customers may use to provide and improve our Platform.
  • Detecting, preventing, or otherwise addressing problems, fraud, security or technical issues, as well as protecting against harm to the rights, property or safety of the company, our users, or the public;
  • Conducting surveys and market research about our customers (unless we need consent to undertake such surveys, in which case we will only do this with your permission);
  • Investigating and responding to any comments or complaints;
  • Checking the validity of the account number and card number (we may use third parties for this);
  • If we merge with or are acquired by another company, sell a website or business unit, or if all or a substantial portion of our assets are acquired by another company, your information will likely be disclosed to our advisers and any other prospective purchaser's advisers and will be one of the assets that is transferred to the new owner;
  • In connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of information in connection with government agency requests, legal process or litigation).

Where we process your information based on legitimate interests, you can object to this processing in certain circumstances. In such cases, we will cease processing information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.

Where required, when you give us your consent (which you can withdraw at any time) or otherwise consistent with your choices:

  • Sending you information about our products and services, special offers and similar information, and sharing your information with third parties for their own marketing purposes;
  • Placing cookies and using similar technologies on our website and in email communications, in accordance with this policy and the information provided to you when those technologies are used;
  • Accessing information stored on your device relating to your use of the website and crash reports; and
  • Analyzing your content using techniques such as machine learning in order to improve our services and the user experience;

For legal reasons:

  • Responding to requests by government or law enforcement authorities conducting an investigation or to detect, prevent, or otherwise address misuse, fraud, security, potential illegal activities, or technical issues and software piracy. Where this processing and these disclosures are not strictly required by law, we may rely on our legitimate interests and those of third parties described above.

DOES TRICKEST SHARE MY PERSONAL INFORMATION?

1. SHARING WITH OTHER DATA CONTROLLERS

We will share your personal information within our group of companies (as identified on our website) for the purposes identified above. We will also share your personal information with other third-party data controllers. The types of third parties your information may be shared with include:

  • contractors
  • vendors
  • resellers
  • sales partners
  • advertisers
  • research org
  • information services providers
  • fraud monitoring providers
  • publishers
  • Cloud Providers

Related to Contributors who participate in certain Security Enhancement Programs, to be able to allow those Publishers to contact Contributors and interact directly or as otherwise authorized by the Contributor with respect to the specific SEC, we may share information to Publishers about those Contributors to the extent required for the SEC, such as:

  • Name
  • Company name(if any)
  • Contact data

Third-party data controllers may also use Trickest platform to collect and process your personal information. If you are using an email address that is associated with a business domain to access Trickest's website, or if you were invited to use the website by a business, we may share your information to that business.

2. SHARING FOR FRAUD PREVENTION, SAFETY AND SECURITY PURPOSES

We will share personal information with companies, organizations or individuals outside of Trickest if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to detect, prevent, or otherwise address fraud, security or technical issues, as well as to protect against harm to the rights, property or safety of the company and our employees, our users, vulnerable categories or the public as required or permitted by law.

3. Other Information Sharing

Trickest may also share your personal information based on:

  • Legal Process: When we have a good faith belief that we are required to provide information in response to a subpoena, court order, or other applicable law or legal process, or to respond to an emergency.
  • Corporate Restructuring: Merger or acquisition by another company, sell of all, or a substantial portion of our assets or business to another company, your information will likely be disclosed to our advisers and any prospective purchaser's advisers and will be one of the assets that is transferred to the new owner.
  • Statistics: We may share or publish aggregate information that doesn’t specifically identify you, such as statistical information about visitors to our websites or statistical information about how customers use the website.

IS MY PERSONAL INFORMATION SECURE?

We employ administrative, technical, and physical security controls where appropriate, and strict contractual confidentiality obligations for employees and contractors. Nevertheless, no security system is impenetrable, and system failures or bad actors activity may happen which prevents us from making any guarantees that the information and data within our control, is absolutely secure.

WHERE DOES TRICKEST STORE MY PERSONAL INFORMATION?

Your personal information and files are stored on our servers and the servers of companies we hire to provide services to us, such as hosting providers.

DOES TRICKEST TRANSFER MY PERSONAL INFORMATION ACROSS NATIONAL BORDERS?

The main locations where we process your personal information are in the Republic of Serbia and the US, but we may also transfer personal information to other countries in the world where our platform is available or we are engaged in business development.Currently, all our servers from hosting providers are based in Frankfurt, Germany, Europe. We carry out these transfers in compliance with applicable laws – for example, by putting data transfer agreements in place to help protect your personal information. We rely on one or more of the following legal mechanisms to ensure adequate protection: European Commission approved Standard Contractual Clauses, or your consent in certain circumstances. A copy of the relevant mechanism can be provided for your review upon request, using the contact details.

WHAT RIGHTS DO I HAVE IN RESPECT OF MY PERSONAL INFORMATION AND HOW CAN I EXERCISE THESE?

We process your personal data in accordance with the applicable law and you have the right:

Access

  • you have the right to obtain a confirmation whether or not we process your personal data;
  • to have access to the type of personal data and to the conditions of processing;
  • you have the right to obtain the personal information you provide to us for a contract or with your consent in a structured, machine-readable format.

Rectification

  • you have the right to request, the rectification of inaccurate or incomplete personal data which we have about you

Erasure

  • you have the right to request erasure of your personal data in case
    • the data are no longer necessary for their original purpose (and no new lawful purpose exists),
    • twe initially process your data based on your consent and you withdraw your consent and therefore no lawful ground exists anymore,
    • tyou object and we have no overriding grounds for continuing the processing,
    • the data have been processed unlawfully,
    • erasure is necessary for compliance with applicable law

Restriction

  • you have the right to ask for the restriction of processing in cases where you consider that the personal data processed is inaccurate or unlawful

Withdraw

  • you have the right to withdraw your consent for processing

Object

  • you have the right to object to the data processing and to object at any moment to the data processing for direct marketing purposes and the right not to be subject to a decision based solely on automated processing

Portability

  • you have the right to ask us to port your information to another controller in a structured, machine-readable format

Complain

  • you have the right to file a complaint with the Data Protection Authority and the right to address to the competent courts of law.

WHAT RIGHTS DO I HAVE IF I AM A CALIFORNIA CONSUMER?

In addition to the rights above, see California Consumer Privacy Rights for additional information. Please note that we do not sell the personal information we collect to other parties.

We and the companies we hire may use your information to provide you with information and offers related to Trickest. Where we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your information for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have the right to opt-out of direct marketing, at any time by:

  • Updating your preferences in your account
  • Clicking the unsubscribe link at the bottom of our marketing emails
  • E-mail us using the details provided here

HOW LONG DOES TRICKEST RETAIN MY INFORMATION?

We will store your personal data for the period of time necessary to achieve the purposes described in this policy and in accordance with our legal obligations, our contractual obligations or the industry practices. When you register for an account, we process and keep most personal information we have about you for as long as you are an active user. When you close your account, we begin deleting (in accordance with our procedures, which may involve archiving, anonymizing or destroying it) certain personal information that we no longer have a business reason to retain. However, we will retain personal information related to our contract and business transactions with you for 5 years from the termination of our agreement with you, unless the applicable law specifies otherwise.

Where we process personal information for marketing purposes or with your consent, we process the information until you request us to stop the processing. We also keep a permanent record of the fact that you have asked us not to send you direct marketing or to process your information so that we can respect your request in future.

HOW DATA RETENTION AND DELETION POLICY FOR COMMUNITY USERS

WORKFLOW RUN DATA

For our community users, we maintain a stringent data retention policy to ensure that your data is managed responsibly:

  • Automated Deletion of Workflow Runs: All workflow runs, including all associated data, are automatically deleted from our systems after 14 days. This includes:

    • Details and metadata about the workflow run (e.g., run status, run dates).
    • All jobs within that workflow run, along with all related data.
    • All files generated from each job or workflow run. This includes files stored in external storage services (e.g., Amazon S3).
    • Any data and outputs generated while the workflow run was active.
  • Limitation on Workflow Runs: Each workflow is limited to a maximum of 10 runs to ensure optimal performance and resource allocation across our platform. This measure is in place to maintain the efficiency and reliability of our services for all community users.

RETENTION OF OTHER USER DATA

It is important to note that some data are not subject to automatic deletion. These data are retained to support ongoing user needs and platform functionality.

  • User-Requested Data Deletion: Users wishing to delete their data, must contact our support team directly. Upon receiving a deletion request, we commit to deleting the requested data within 7 days after confirming receipt of the request. This ensures that users have control over their data and can manage their privacy according to their preferences.

CONTACTING SUPPORT FOR DATA DELETION

To request data deletion, please reach out to our support team through the contact information provided on our platform. Our dedicated team will guide you through the process and ensure your data is handled according to your instructions.

UPDATES TO OUR DATA RETENTION AND DELETION POLICY

We reserve the right to update this policy as necessary to reflect changes in our practices or for other operational, legal, or regulatory reasons. Users will be notified of any significant changes to our data retention and deletion practices.

DOES TRICKEST USE COOKIES AND SIMILAR TECHNOLOGIES?

Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. We use cookies and similar technologies for storing and honoring your preferences and settings, enabling you to sign in, combating fraud, analyzing how our Platform perform, remembering your preferences, measuring your use of our Platform, understanding your interests so we can provide you more relevant content, running the solutions that help our customers improve the security and performance of their websites and digital infrastructure.

We also use “web beacons” (or “tags” bits of programming code included in web pages, emails, and ads that notify us or our partners when those web pages, emails, or ads have been viewed or clicked on) to help deliver cookies and gather usage and performance data. Our Platform may include web beacons, cookies, or similar technologies from third-party service providers. Depending on the purpose for which they are used cookies can be: essential (for the functionality of the website); functional (for enhancement of your experience and remembering your preferences); analytical (for understanding how the website is used), advertising (for providing offers and services). Cookies can also be “first” or “third” party based on the website or domain placing it. Third party cookies are set by third parties’ websites or domains that you are visiting and are other entities than Trickest. You have the tools to control the data collected by cookies, web beacons, and similar technologies. For example, you can use the settings in your internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies.

Check out the cookies we are using on our Platform.

WILL THIS PRIVACY POLICY CHANGE?

We may update this privacy policy (or other related documents) to allow Trickest to accommodate new technologies, industry practices, regulatory requirements or for other purposes. We will change the "last updated" date at the top of this policy and the revised policy will be posted to this page so that you are aware of the information we collect, how we use it, and under what circumstances we may disclose it. Under certain circumstances (for example with certain material changes) we will provide notice to you of these changes and, where required by applicable law, we will obtain your consent. Notice may be by email to you, by posting a notice of such changes on our apps and websites, or by other means consistent with applicable law.

WHO CAN I CONTACT WITH QUESTIONS OR CONCERNS?

If you have a privacy question or request, please send us an e-mail at: privacy@trickest.com