Privacy and Security Policy
Clear Edge Software Ltd. (“We”, “Us”, “Our”) understands that your privacy is important and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website and any other sites related to this one provided by Clear Edge Software Ltd., (“Our Site”) and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
We take security incredibly seriously. Although this article describes a number of our practices please feel free to contact us for more details or to request a copy of our security white-paper.
We employ both automated and manual scans of our applications for vulnerabilities and security issues. If an issue should arise we attempt to promptly deal with it as appropriate.
Data Center Security
The security of our Data depends on the Provider in use. By default account information is held within Amazon Web Services (AWS).
AWS has a robust and dedicated team constantly monitoring their data centers and security. AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. More information can be found at https://aws.amazon.com/compliance
AWS’s data center operations have been accredited under:
HIPAA, CSA, ISO 9001/27001/27017/27018, SOC 1/2/3, PCI Level 1, FISMA, Sarbanes-Oxley (SOX) And many others
We're also very careful about access to our infrastructure. Please contact us if you need to know more.
Each cluster stores all of the data it needs to operate. This means that data stored within a cluster, such as file and scan information never leaves the region of the cluster itself.
This helps significantly when regional data concerns such as GDPR are in play.
Clusters are created in AWS by default but can also be created in Azure and Google platforms among others. Please contact us for information about specific suppliers.
Communication with our customer-facing website takes place over HTTPS and TLS.
All scanning clusters communicate with the core API and customers over HTTPS and TLS.
Communication within the cluster between scanning engines happens over TLS encrypted channels.
Communication between clusters and their storage system (database) happens over TLS.
When provided with a URL to scan we will use TLS if an HTTPS URL is provided.
Our billing provider independently stores all credit card and billing data at the highest levels of security.
Where possible all data (including uploaded/downloaded files) is stored encrypted at rest.
GDPR & Privacy Shield
Retained Scan Information
To provide our service we must store the following information:
Attribute Description URL The URL of the file (if it was passed) filename The filename of the file MD5 An MD5 hash of the file. This helps identify the file but cannot be used to determine the content of the file. SHA256 An SHA256 hash of the file. Like the MD5 hash, this helps identify the file but cannot be used to determine the content of the file. Status The scan status. Content-Length The size of the file. Matches The name of the virus/malware found (if any).
By using hashing we can create a unique identifier for a file without actually referencing the contents. For more information about hashing feel free to contact us.
Additional fields may be added as the product continues to improve. More information regarding the information stored can be found in the documentation.
As outlined above, where possible this data and the content of any files we scan are stored encrypted. The actual file contents will be deleted as soon as a scan has been completed.
Security Document Last updated: 2020/03/13
Data and Privacy
This section outlines some of the data we collect, how we use it and how it's stored. We always recommend contacting us if you have specific questions.
Data We Collect
Data you provide
Customer Data The email and account information you give to us when you sign up. Billing Data Company, Address and Payment data provided by you to enable us to bill for our service. Scan Results The results returned and retained after a scan is made. More details can be found in the documentation. File Content The data you pass to us by file upload or URL download. This information is needed to perform your scan and is deleted as soon as the scan is complete.
If you interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails (such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Data.
If you use and interact with our services, we automatically collect information about your device and your usage of our services through log files and other technologies, some of which may qualify as Personal Data;
If you voluntarily submit certain information to our services, such as filling out a survey about your user experience, we collect the information you have provided as part of that request.
If you provide us or our service providers with any Personal Data relating to other individuals, you represent that you have the authority to do so and acknowledge that it may be used in accordance with this Privacy Statement. If you believe that your Personal Data has been provided to us improperly, or want to exercise your rights relating to your Personal Data, please contact us.
We also collect information about you from other sources including third parties from whom we purchase Personal Data and from publicly available information. We may combine this information with Personal Data provided by you. This helps us update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. The Personal Data we collect from other sources includes identifiers, professional or employment-related information, education information, commercial information, visual information, internet activity information, and inferences about preferences and behaviours. In particular, we collect such Personal Data from the following sources:
Third-party providers of business contact information, including mailing addresses, job titles, email addresses, phone numbers, intent data (or user behaviour data), IP addresses, social media profiles, LinkedIn URLs and custom profiles, for purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility and verifying contact information
Another individual at your organisation who may provide us with your business contact information to obtain services
Platforms such as GitHub to manage code check-ins and pull requests. If you participate in an open source or community development project, we may associate your code repository username with your account so we can inform you of program changes that are important to your participation or relate to additional security requirements.
Information about us
Our Site is owned and operated by Clear Edge Software Ltd. a limited company registered in England under company number 12438621.
Our contact information can be found on the Contact Us page.
What Is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
How Long Will You Keep My Personal Data?
We may retain your Personal Data for a period of time consistent with the original purpose of collection (see the “Purposes for which we process Personal Data and the legal bases on which we rely” section, above) or as long as required to fulfil our legal obligations. We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorised use or disclosure of the Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiry of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.
For more information on data retention periods, please contact us.
How and Where Do You Store or Transfer My Personal Data?
We store or transfer some of your personal data within the UK. This means that it will be fully protected under the Data Protection Legislation.
We will store or transfer some of your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the Data Protection Legislation, GDPR, and/or to equivalent standards by law.
We may store or transfer some or all of your personal data in countries that are not part of the EEA. These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA.
Therefore, your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the EEA.
We may share your data with external third parties, that are based outside of the EEA. When this occurs we will only transfer your personal data to third countries whose levels of data protection are deemed ‘adequate’ by the European Commission. More information is available from the European Commission.
We may also use specific contracts with external third parties that are approved by the European Commission for the transfer of personal data to third countries. These contracts require the same levels of personal data protection that would apply under the Data Protection Legislation. More information is available from the European Commission.
Where we transfer your data to a third party based in the US, the data may be protected if they are part of the EU-US Privacy Shield. This requires that third party to provide data protection to standards similar to those in Europe. More information is available from the European Commission.
Please contact us using the details below for further information about the particular data protection mechanism used by us when transferring your personal data to a third country.
The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:
limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;
procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so;
While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices and signing out of websites after your sessions. If you have any questions about the security of our websites, please contact us.
What Are My Rights?
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
The right to access the personal data we hold about you.
The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us to find out more.
The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us to find out more.
The right to restrict (i.e. prevent) the processing of your personal data.
The right to object to us using your personal data for a particular purpose or purposes.
The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
For more information about Our use of your personal data or exercising your rights as outlined above, please contact us.
It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about Our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. we would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first.
Can I Withhold Information?
You may access certain aspects of Our Site without providing any personal data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.
How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email on the contact us page.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover Our administrative costs in responding.
We will respond to your subject access request within less than one month and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of Our progress.
How Can I Control My Personal Data?
In addition to your rights under the Data Protection Legislation, when you submit personal data via Our Site, you may be given options to restrict our use of your personal data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and by managing your Account.
If you want your phone number to be added to our internal Do-Not-Call telemarketing register, please contact us by using the information in the “Contacting us” section, below. Please include your first name, last name, company and the phone number you wish to add to our Do-Not-Call register.
Alternatively, you may also contact us directly to let us know that you do not wish to be contacted via email or telephone.
Cookies and Tracking
By using Our Site, you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by websites, services, and/or parties other than us. Third-party Cookies are used on our Site.
For more details, please refer to the table below. These Cookies are not integral to the functioning of Our Site and your use and experience of Our Site will not be impaired by refusing consent to them.
All Cookies used by and on Our Site are used in accordance with current Cookie Law.
Before Cookies are placed on your computer or device, you will be shown a dialogue requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of Our Site may not function fully or as intended.
Certain features of Our Site depend on Cookies to function. Cookie Law deems these Cookies to be “strictly necessary”. These Cookies are shown in the table below. Your consent will not be sought to place these Cookies, but it is still important that you are aware of them. You may still block these Cookies by changing your internet browser’s settings, but please be aware that Our Site may not work properly if you do so. We have taken great care to ensure that your privacy is not at risk by allowing them.
The following Cookies may be placed on your computer or device:
Type of Cookies Description Required cookies Required cookies are necessary for basic website functionality. Some examples include session cookies needed to transmit the website, authentication cookies, and security cookies. Functional cookies Functional cookies enhance functions, performance, and services on the website. Some examples include cookies used to analyse site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual. If you have chosen to identify yourself to us, we may place on your browser a cookie that allows us to uniquely identify you when you are logged into the websites and to process your online transactions and requests.
Functional cookies may also be used to improve how our websites function and to help us provide you with more relevant communications, including marketing communications. These cookies collect information about how our websites are used, including which pages are viewed most often. We may use our own technology or third-party technology to track and analyse usage information to provide enhanced interactions and more relevant communications and to track the performance of our advertisements.
Advertising cookies Advertising cookies track activity across websites in order to understand a viewer’s interests and to direct marketing to them.
These technologies may recognise you across the different devices you use. When we work with third-party advertising networks, we require them to restrict their data processing to only what is necessary to provide us with the advertising services we request.
Because required cookies are essential to operate the websites, there is no option to opt-out of these cookies.
To opt-out from data collection by Google Analytics, you can download and install a browser add-on, which is available at https://tools.google.com/dlpage/gaoptout.
We use both session-based and persistent cookies on our websites. Session-based cookies exist only during a single session and disappear from your device when you close your browser or turn off the device. Persistent cookies remain on your device after you close your browser or turn your device off.
To learn how to control functional cookies via your individual browser settings, find more information at http://www.aboutcookies.org/.
How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the details on the Contact Us page.
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change Our business in a way that affects personal data protection.
Last updated: 2020/03/13