PRIVACY POLICY

Scytale AI Ltd. (“Scytale”, “we”, “our”) is committed to maintaining the privacy of its users (“user”, “you”). The following information describes how Scytale collects and processes information about you when you use our website (the “Website”) and Platform (as defined below).

Our Privacy Policy explains:

• What information we collect and why we collect it.
• How we use that information.
• Your rights with regard to the collection of such information.

By using our Website and Platform, you agree to this Privacy Policy.

Scytale provides a data security compliance platform (“Platform”) to its customers (“Customer/s”) which collects data from the Customer’s systems, automatically and through integrations and manual uploads, for generating applicable data security policies and procedures, risk assessments, controls, information assets mapping, security awareness training, access control, change management, monitoring and more (“Services”). The Website provides information about Scytale, the Platform and Services and enables its users to log in to the Platform and contact Scytale with respect to the Services. 

Collecting Information

Please note that the scope of this Privacy Policy is limited only to information collected by Scytale through your use of its Website and Platform. Some information may be automatically collected, and some is collected when you interact with our Website and Platform. Information from which you can be personally identified may be collected (“Personal Information”). The Personal Information we may collect about you includes the following: 

1. Account information:

If you wish to register to receive the Services and create an account with Scytale (“Account”), we will collect your Personal Information such as your full name, email address, work/occupational start dates, termination date, type of employment and professional job title. 

2. Profile Information:

When we set your Account, you will be required to choose a username and password so we can create your user profile. We will also collect any feedback you submitted or comments posted.

3. Log-In to the Platform:

If you wish to log-in to your Account to use the Platform via the Website, we may also use a Single Sign-On account (“SSO”) such as Google or other available SSO services. Signing in via the SSO will provide us with access to information these SSO services obtain about you, and all in accordance with your specific SSO’s privacy settings. 

4. Third-Party Services Information:

Typically, Third-Party Services are software services that integrate with Scytale Services. Each Customer can permit its authorized users (“Authorized Users”) to enable and disable these integrations in accordance with the Customer’s needs. Scytale may also develop and offer Scytale applications that connect the Platform with a Third-Party Service. Once enabled, the provider of a Third-Party Service may share certain information with Scytale. Please note that Authorized Users should check the privacy settings and notices in these Third-Party Services to understand what data may be disclosed to Scytale. 

5. Contact Form:

If you wish to contact us for support regarding our Services, Website, Platform, this Privacy Policy or any other matter, we will collect your name, email address, company, position and the content you submitted to facilitate your inquiry.

6. Live Chat:

If you wish to contact one of our agents via our live chat, we will collect your name, email address, and the content you submitted to facilitate your inquiry.

7. Newsletter:

If you wish to register to our newsletter and to be provided with information on the Services, subject to your consent, we will collect your email address, and will send you the required materials.

8. Interactions

Scytale may receive other Personal Information when submitted to our Websites or Platform or in other ways, such as if you participate in a focus group, contest, activity or event, apply for a job, enroll in an educational program hosted by Scytale or a vendor, request support, interact with our social media accounts or otherwise communicate with Scytale.

9. Usage information:

• Log Data: 

As with most technology services delivered over the Internet, our servers automatically collect information when you access or use our Websites or Platform and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Platform, browser type and settings, the date and time the Platform or Website were used, information about browser configuration and plugins, language preferences and cookie data.

• Device Information:

Scytale collects information about devices accessing the Platform or Website, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether Scytale collects some or all of this information often depends on the type of device used and its settings.

• Location Information: 

Scytale receives information from Authorized Users, Customers and other third parties that may help Scytale approximate user location. Scytale may, for example, use a business address submitted by a Customer, or an IP address received from the Authorized User browser or device to determine approximate location. Scytale may also collect location information from devices in accordance with the consent process provided by the user device.

Please note that with regard to information collected when providing our Services to Customers, any notification requirements towards employees and Authorized Users shall apply on the respective Customer, and all to the extent required under the applicable law. 

Use of Information

We use the Personal Information we collect from you for a range of different business purposes according to different legal bases of processing. We may use or process your Personal Information for the following purposes. One or more purposes may apply simultaneously.

1. Providing the Requested Services

• We collect Personal Information of Authorized Users to enable them to operate the Platform and facilitate the Services for the Customer who authorized them to use the Platform on its behalf. 
• We collect the Personal Information, included in your Account and Profile to enable you to use the Platform.
• We will collect your Personal Information when you contact us via the contact form or online chat to facilitate your inquiry regarding Scytale, the Platform, Website or Services.
• We may collect the Personal Information of Customer’s employees or other individuals whose Personal Information is included in the systems and files that Scytale is provided access to when providing its Services.
• Such collection of information will enable us to provide you with the Services as well as technical and professional assistance, with regard to the Website and Platform you use or intend to use. 

We process the Personal Information where it is necessary for the adequate performance of the contract we have with our Customers.

2. Improvement and Development of the Services

• We collect Personal Information to improve and develop our Services and understand feedback on Scytale Website and Platform and to help provide more information on the use of our Services quickly and easily.
• We collect Personal Information for ongoing review and improvement of the information provided on our Website and Platform to ensure it is user friendly. 
• We collect Personal Information to improve the management and administration of our business and maintain compliance with our internal policies and procedures.
• We conduct surveys and research, test features in development, and analyze the information we have to evaluate and improve our Website and Platform, develop new features, and conduct audits and troubleshooting activities. 

We process this information in light of our legitimate interest in improving the Website and Platform, to allow our users to have the best experience.

3. Maintain a Safe and Secure Environment

We may use your information to detect and prevent fraud, abuse and security incidents in the following ways;

• Verify and authenticate your identity and prevent unauthorized or illegal activity;
• Enhance the safety and security of our Website and Platform;
• Conduct security investigations and risk assessments;
• Prevent or take action against activities that are, or may be, in breach of our terms of service or applicable law. 

We process this information in light of our legitimate interest in improving our Website and Platform by enabling our users to browse in a secure environment.

4. Personalize Content, Advertising and Marketing

• If you have used Scytale’s Services in the past, we have a legitimate business interest for matching the data we collect with other data we had already collected. 
• This enables us to understand your needs and interests, optimize the content we send you and make it more suitable and relevant to your needs.
• This also enables us to improve your experience on the Website and Platform by providing you with personalized content, recommendations, and features.

We process this information in light of our legitimate interest to personalize your experience and customize our content.

5. For compliance, fraud prevention, and safety

We may use your Personal Information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: 

• Protect our, your or others’ rights, privacy, safety or property (including legal claims); 
• Enforce the terms and conditions that govern the Service; and 
• Protect, and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

We process this information for compliance with a legal obligation that we may be subject to.  

6. With your consent

In some cases we may specifically ask for your consent to collect, use or share your Personal Information, such as when we send you our newsletter or when required by law.

Disclosure of Information and Transfer of Data 

Except as otherwise provided in this Privacy Policy, we reasonably attempt to ensure that we never intentionally disclose any of your Personal Information, to any third party without having received your permission, except as provided for herein or otherwise as permitted or required under law.

In order to perform our contractual and other legal responsibilities or purposes, we may, from time to time, need to share your Personal Information with third parties as detailed below. 

• Corporate Affiliates:

We may share your Personal Information with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

• Service providers: 

We may share your Personal Information with third party companies and individuals that provide services on our behalf or help us operate the Service (such as customer support, hosting, analytics, email delivery, marketing, and database management services). These third parties may use your personal information only as directed or authorized by us and in a manner consistent with this Privacy Policy, and are prohibited from using or disclosing your information for any other purpose. 

• Professional advisors:

We may disclose your Personal Information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

• For compliance, fraud prevention and safety. 

We may share your Personal Information for the compliance, fraud prevention and safety purposes described above. Furthermore, information about you may also be released in order to comply with any valid legal obligation or inquiry or process such as a search warrant, subpoena, statute or court order. We will also release specific information in special cases, such as if you use the Website or the Platform to perform an unlawful act or omission or take any act or omission that may damage Scytale, its property and goodwill, or if there is an attempted breach of the security of the Website or Platform or a physical or property threat to you or others.

• During a change to Scytale’s business. 

If Scytale AI engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Scytale’s assets or stock, financing, public offering of securities, acquisition of all or a portion of Scytale’s business, a similar transaction or proceeding, or steps in contemplation of such activities, some or all Personal Information may be shared or transferred, subject to appropriate and commercially reasonable confidentiality arrangements.

The above mentioned third parties may be located in countries other than your own, and we may send them information we receive. When such third party service providers process your Personal Information on our behalf, we will assure that they comply with obligations similar to those which are set forth in this Privacy Policy. We will also assure that they will abide by our data privacy and security requirements, and will be allowed to use the Personal Information solely for the purposes we set. We will transfer your Personal Information while using appropriate and suitable safeguards, while using a variety of legal mechanisms, including contracts, to ensure your rights and protections travel with your data. 

Your Rights

In case you feel that any of your rights have been compromised, you have the right to file a complaint to the relevant supervisory authority.

You have the right at any time to request to access or modify your information. To exercise these options, please contact us at info@scytale.ai.

In some jurisdictions, in particular those located within the European Union (the “EU“) or within the European Economic Area (the “EEA“), you may be afforded specific rights regarding your Personal Information. Subject to such eligibility, you may have the following rights to:

1. Request a rectification of your Personal Information where the information we hold about you is incorrect or incomplete.
2. Object to the processing of your Personal Information for direct marketing purposes.
3. Object to the processing of your Personal Information where our legal basis for that processing is that such processing is necessary for our legitimate interests.
4. Object to automated decision-making (including profiling) in certain circumstances.
5. Request the erasure of your Personal Information in certain circumstances, such as where processing is no longer necessary for the purpose it was originally collected for, and there is no compelling reason for us to continue to process or store it;
6. Receive your Personal Information, or ask us to transfer it to another organization that you have provided to us, which we process by automated means, where our processing is either based on your consent or is necessary for the performance of a contract with you.

Generally, with regard to information collected on our Website, Scytale is a “Data Controller”. Therefore, if you wish to exercise the above mentioned rights, please contact us, and we will make our best efforts to fulfill your request. 

With regard to information collected on employees or Authorized Users via the Platform and Services, Scytale is a “Data Processor”. Therefore, if you are an employee or Authorized User and wish to exercise the above mentioned rights, please contact the relevant Customer, and we will make our best efforts to assist the Customer to fulfill your request. 

Cookies

We may use “cookies” and/or other technologies or files (collectively, “Cookies”) to identify how visitors make use of our Website and Platform. This aggregated tracking information may be used to help us improve and enhance the Website and Platform experience for all of our users. In addition, Cookies are used for adjusting the Website and Platform to your personal preferences. Cookies contain information such as the pages you visited, the length of time you stayed on the Website and Platform, the location from which you accessed the Website and Platform and more. If you would prefer not to have Cookies stored on your computer, you may modify your browser settings to reject most Cookies, or manually remove Cookies that have been placed on your computer. However, by rejecting the Cookies, you may be unable to fully access the offerings on our Website and Platform. To find out more about Cookies, visit www.allaboutcookies.org. For more information on Scytale’s Cookie practices please see Scytale’s Cookie Policy available at: info@scytale.ai.

Opt In or Opt Out

You are always in control of your data, and if you choose to receive information from us, or others, you can change your mind later. If, at any time, you would like to stop receiving such information or opt out of a feature, you may notify us by writing to info@scytale.ai. You should be aware, however, that it is not always possible to completely remove or modify information in our databases and servers, although we will always make reasonable efforts to do so upon your request. 

Links to Other Websites

This Website and/or Platform may provide links to other websites. Please be aware that these other websites are not covered by our Privacy Policy. This Privacy Policy does not cover the information practices exercised by other providers of products or services, advertisers or other websites, companies or individuals, which are not owned or controlled by Scytale. We suggest that when linking to another website, you always read that website’s privacy policy before volunteering any personally identifiable information. 

Data Security

Security is critical to Scytale’s objectives, and Scytale takes security of data seriously and as a priority item. Scytale uses good industry-standards and practices to protect Personal Information from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Personal Information Scytale collects, processes, and stores, and the current state of technology. Given the nature of communications and information processing technology, Scytale cannot guarantee that Personal Information in our care will be absolutely safe from intrusion by others during transmission through the Internet or while stored on our systems or otherwise. When you click a link to a third-party site, you will be leaving our site and Scytale doesn’t control or endorse what is on third-party sites in any way whatsoever

Data Retention 

Scytale will retain Personal Information in accordance with applicable laws, regulations, and contractual agreements. Generally, Scytale does not retain information longer than necessary to provide its Services and for its reasonable business and lawful needs. This may include keeping Interaction Information for the period of time needed for Scytale to pursue legitimate business interests, conduct audits, comply with legal obligations, resolve disputes, and enforce our agreements.

When we no longer require the Personal Information we have collected from you, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible. 

California Online Privacy Protection Act

CalOPPA requires commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers, to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf. 

According to CalOPPA, we agree to the following:

• Once this Privacy Policy is created, we will add a link to it on the first significant page after entering our Website and Platform.
• Our Privacy Policy link includes the word ‘Privacy’ and can easily be found on the Website and Platform. 
• You can request to change your Personal Information by emailing us.

California Privacy Rights

The California Consumer Privacy Act of 2018 (“CCPA”) permits users who are California residents to request to exercise certain rights. If you are a California resident, the CCPA grants you the right to request certain information about our practices with respect to your Personal Information. In particular, you can request to receive information on the following:

• The categories and specific pieces of your Personal Information that we have collected.
• The categories of sources from which we collected your Personal Information.
• The business or commercial purposes for which we collected your Personal Information.
• The categories of third parties with which we shared your Personal Information.

You can be rest assured that we do not sell your Personal Information. If you choose to exercise your rights, we will not charge you different prices or provide different quality of our Services, unless those differences are related to your provision of your Personal Information.

Please note that you must verify your identity and request before further action is taken. As a part of this process, government identification may be required. Moreover, you may designate an authorized agent to make a request on your behalf. 

We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide, will only cover the 12 month period preceding your verifiable request’s receipt. If, for some reason, we cannot reply within such timeframe, our response will include an explanation for our inability to comply. If you wish to exercise your CCPA rights, please contact us at: info@scytale.ai.

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

1. Deny you goods or services.
2. Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
3. Provide you with a different level or quality of goods or services.
4. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

CAN SPAM Act

The CAN-SPAM Act is a Federal US law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

To be in accordance with CAN SPAM, we agree to the following:

• Not use false or misleading subjects or email addresses.
• Identify the commercial message sent to you as an advertisement when required. 
• Include the physical address of our business or site headquarters.
• Monitor third-party email marketing services for compliance, if one is used.
• Honor opt-out/unsubscribe requests quickly.
• Allow users to unsubscribe by using the link at the bottom of each email.

If at any time you would like to unsubscribe from receiving future emails, you can email us at info@scytale.ai and we will promptly remove you from ALL correspondence.

Children’s Privacy

The Website and Platform are not intended for children under the age of 16. We do not, knowingly or intentionally, collect information about children who are under 16 years of age. 

IF YOU ARE UNDER THE AGE OF 16 YOU MAY NOT USE THE WEBSITE AND PLATFORM, UNLESS PARENTAL CONSENT IS PROVIDED.

If you believe that we may have any Personal Information from or about a person under the age of 16, please contact info@scytale.ai.

Questions Regarding Our Privacy Policy

If you would like to contact us to discuss any queries or concerns about this Privacy Policy or Scytale’s data protection practices, or if you are seeking to exercise any of your statutory rights, contact us on info@scytale.ai. Scytale will respond within a timeframe that is compliant with all applicable regulations.

Revisions and Modifications to our Privacy Policy

We reserve the right to revise, amend, or modify this Privacy Policy at any time. When changing the policy, we will update this posting accordingly. Please review this Privacy Policy often so that you will remain updated regarding our current policies.

Governing Law and Jurisdiction

This Privacy Policy will be governed and interpreted pursuant to the laws of the State of Israel without giving effect to its choice of law rules. You expressly agree that the exclusive jurisdiction for any claim or action arising out of or relating to this Privacy Policy shall be to the competent courts in Tel Aviv, Israel only, to the exclusion of any other jurisdiction.

List of Sub-Processors

Sub Processor	Purpose of Processing
AWS	Cloud infrastructure for our app and services
MongoDB Atlas	DB infrastructure for our app and services
Snowflake	DB infrastructure for our app and services
Matomo	Site analytics (app)
Google, Inc.	Site analytics (web) and customer interactions (email) and business materials (Drive)
Slack	Customer interactions
Merge	Developers integrations through unified APIs
Intercom	Customer support
Hubspot	Sales and marketing activities
Typeform	Surveys for our app and services

This page was updated in June, 2022.