Sprocket Security | Privacy Policy

Privacy Policy

Sprocket Security Privacy Policy

Last Updated: February 8, 2025

1. Acceptance of Privacy Policy

Welcome to Sprocket Security, Inc. (“Sprocket” “we” or “us”) and our Privacy Policy (“Privacy Policy”). This Privacy Policy is important and affects your legal rights, so please read carefully.

By accessing or using https://www.sprocketsecurity.c..., https://www.sprocket.io, https://portal.sprocketsecurit... and related pages and websites and by providing information to and our collection of same through any of our SaaS products and related services (collectively, the “Sprocket Services”), you agree to be bound by this Privacy Policy and all of the terms incorporated herein by reference. By using the Sprocket Services and/or submitting or collecting any personal data via the Sprocket Services, you accept and expressly consent and agree to our practices surrounding the collection, use, and sharing of your personal information in accordance with this Privacy Policy. IF YOU DO NOT CONSENT AND AGREE WITH THE TERMS OF THIS PRIVACY POLICY, YOU CANNOT, AND WE DO NOT AUTHORIZE YOU TO, ACCESS, BROWSE, OR USE THE SPROCKET SERVICES. Our processing of personal information, including but not limited to your name, address, e-mail address, IP address or telephone number, will be undertaken consistent with the requirements of applicable privacy laws, including, but not limited to, the California Consumer Privacy Act, the California Privacy Rights Act, the Virginia Consumer Data Protection Act of 2021, the Colorado Privacy Act of 2021, and the Utah Consumer Privacy Act of 2022, the Connecticut Data Privacy Act of 2022, the Texas Data Privacy and Security Act, the Oregon Consumer Privacy Act, the Montana Consumer Data Privacy Act, the Tennessee Information Protection Act of 2023, the Iowa Consumer Data Protection Act of 2023, the Delaware Personal Data Privacy Act of 2023, the Nebraska Data Privacy Act of 2024, the New Hampshire Privacy Act of 2024, and the New Jersey Data Privacy Act of 2024, the EU General Data Protection Regulation, the UK General Data Protection Regulation, and the Canadian Personal Information Protection and Electronic Documents Act.

2. Information We Collect

2.1 Personal Information We Collect Directly from You

We receive personal information as described to you at the point of collection, pursuant to your consent, and/or when you voluntarily provide us with personal information, including:

  • (1) individual information (such as your e-mail address, location, account information and phone number);
  • (2) company information (such as your company’s address); and
  • (3) other identifying information that you voluntarily choose to provide to us, including without limitation unique identifiers such as passwords, and personal information in messages you send to us.

We may also collect additional information, which may be personal information, as otherwise described to you at the point of collection or pursuant to your consent.

2.2 Information We Automatically Collect When You Use Sprocket Services

In order to access and use certain areas or features of the Sprocket Services, you consent to our collection and use of certain information about your use of the Sprocket Services through the use of tracking technologies or by other passive means, including when you receive, open, engage, forward, and/or click through the Sprocket Services. Your consent to our access and use of this “passively collected” information includes, but is not limited to, the domain name of the website that allowed you to navigate to the Sprocket Services, search engines used, the internet protocol (IP) address used, the length of time spent on the Sprocket Services, the pages you looked at on the Sprocket Services, other webpages you visited before and after visiting the Sprocket Services, the type of device, operating system and/or internet browser you have, the frequency of your visits to the Sprocket Services, and other relevant statistics (collectively “Traffic Data”).

3. How We Collect Information

We collect information (including personal information and Traffic Data) when you use and interact with the Sprocket Services, and in some cases from third party sources. Such means of collection include:

  • When you access, use, or contact us through the Sprocket Services.
  • When you voluntarily provide information through the Sprocket Services.
  • If you use a location-enabled browser, we may receive information about your location and device.
  • Through Cookies, Web Beacons, analytics services, and other tracking technologies (collectively, “Tracking Tools”).

4. Tracking Tools, Behavioral Advertising, and Opt Out Options

4.1 Tracking Tools

We may use tools outlined below in order to provide the Sprocket Services, advertise to, and better understand users.

  • Cookies: “Cookies” are small computer files transferred to your device that contain information such as user ID, user preferences, lists of pages visited and activities conducted while using the Sprocket Services. We use Cookies to: (i) improve and tailor the Sprocket Services, (ii) customize advertisements, (iii) measure performance, (iv) store authentication so re-entering credentials is not required, (v) customize user experiences, and for (vi) analytics and fraud prevention. For more information on Cookies, including how to control your Cookie settings and preferences, visit http://www.allaboutCookies.org. You can also manage Cookies in your web browser (for example, Edge, Explorer, Chrome, Safari). If you choose to change your settings, you may find that certain functions or features of the Sprocket Services will not work as intended. The following details the types of Cookies we use and why we use them:
    • Absolutely Necessary Cookies. These Cookies are essential to enable you to move around a website and use its features. Without these Cookies, services you have asked for, like adding items to an online order, cannot be provided.
    • Performance Cookies. These Cookies collect information about how you use the Sprocket Services. Information collected includes, the Internet browsers and operating systems used, the domain name of the website previously visited, the number of visits, average duration of visit, and pages viewed. These Cookies do not collect information that personally identifies you and only collect aggregated and anonymous information. Performance Cookies are used to improve the user-friendliness of a website and enhance your experience.
    • Functionality Cookies. These Cookies allow the Sprocket Services to remember choices you make (such as your username, language preference, or the area or region you are in) and provide enhanced, more personal features. These Cookies can also be used to remember changes you have made to text size, fonts, and other customizable parts of the Sprocket Services. The information these Cookies collect may be anonymized, and they cannot track your browsing activity on other websites.
  • Web Beacons:Web Beacons” (a.k.a. clear GIFs or pixel tags) are tiny graphic image files embedded in a web page or email that may be used to collect information about the use of the Sprocket Services. The information collected by Web Beacons allows us to analyze how many people are using the Sprocket Services, using selected publishers’ websites, or opening emails, and for what purpose.
  • Web Service Analytics: We may use third-party analytics services in connection with the Sprocket Services, including, for example, to register mouse clicks, mouse movements, scrolling activity and text typed into the Sprocket Services. We use the information collected from these services to help make the Sprocket Services easier to use and as otherwise set forth in Section 5 (How We Use Your Information). These analytics services generally do not collect personal information unless you voluntarily provide it.
  • Mobile Device Identifiers: As with other Tracking Tools, mobile device identifiers help Sprocket learn more about our users’ demographics and Internet behaviors to personalize and improve the Sprocket Services. Mobile device identifiers are data stored on mobile devices that may track activities occurring on and through it, as well as the applications installed on it. Mobile device identifiers enable collection of personal information (such as media access control, address, and location) and Traffic Data.

4.2 Behavioral Advertising

We may use a type of advertising commonly known as interest-based or online behavioral advertising. This means that some of our partners use Tracking Tools to collect information about a user’s online activities to display Sprocket ads to the user based on the user’s interests (“Behavioral Advertising”). Our partners may include third-party advertisers and other third-party service providers, and such partners may collect information when you use the Sprocket Services, such as IP address, mobile device ID, operating system, and demographic information. These Tracking Tools help Sprocket learn more about our users’ demographics and Internet behaviors.

4.3 Options for Opting out of Cookies and Mobile Device Identifiers

If we process Cookies based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any point in time by contacting us at privacy@sprocketsecurity.com. Please note, if you exercise this right, you may have to provide your consent on a case-by-case basis to enable you to utilize some or all of the Sprocket Services.

You may be able to reject Cookies and/or mobile device identifiers by activating the appropriate setting on your browser or device. Although you are not required to accept Sprocket’s Cookies or mobile device identifiers, if you block or reject them, you may not have access to all features available through the Sprocket Services.

  • You may opt out of receiving certain Cookies by visiting the Network Advertising Initiative (NAI) opt out page or the Digital Advertising Alliance (DAA) opt out page, or by installing the DAA’s AppChoices app (for iOS; for Android) on your mobile device. When you use these opt-out features, an “opt-out” Cookie will be placed on your device indicating that you do not want to receive interest-based advertising from NAI or DAA member companies. If you delete Cookies on your device, you may need to opt out again. For information about how to opt out of interest-based advertising on mobile devices, please visit https://thenai.org/opt-out/mobile-opt-out/. You will need to opt out of each browser and device for which you desire to apply these opt-out features.
  • Even after opting out of Behavioral Advertising, you may still see Sprocket advertisements that are not interest-based (i.e., not targeted toward you). Also, opting out does not mean that Sprocket is no longer using Tracking Tools. Sprocket still may collect information about your use of the Sprocket Services even after you have opted out of Behavioral Advertising and may still serve advertisements to you via the Sprocket Services based on information it collects through the Sprocket Services.

This Privacy Policy does not cover the use of Cookies and other Tracking Tools by any third parties, and we are not responsible for the privacy practices of any third party. Please be aware that some third-party Cookies can continue to track your activities online even after you have left the Sprocket Services.

4.4 “Do Not Track” (DNT) and Universal Opt-Out Preference Signals

Some web browsers (including Safari, Internet Explorer, Firefox, and Chrome) incorporate a “Do Not Track” (DNT) or similar feature that signals to web services that a visitor does not want to have their online activity and behavior tracked. If a web service operator elects to respond to a particular DNT signal, the web service operator may refrain from collecting certain personal information about the browser’s user. Not all browsers offer a DNT option and there is currently no industry consensus as to what constitutes a DNT signal. For these reasons, many web service operators, including Sprocket, do not proactively respond to DNT signals. For more information about DNT signals, visit http://allaboutdnt.com.

New standards are being developed for a Universal Opt-Out Mechanism, such as the Global Privacy Control (GPC), which allow users with GPC-enabled browsers and devices to send a signal that will communicate the user’s request to opt-out of sales of their personal information and to opt-out of certain sharing of their personal information. The CPRA and other laws allow for the acceptance of Opt-Out Preference Signals such as the GPC, as an option for users to transmit an Opt-Out of selling/sharing personal information. If we detect and recognize such a signal from your device or browser, we will honor it.

5. How We Use Your Information

We do not engage in automated decision making. We may use information (including information that has been de-identified and/or aggregated) to better understand who uses the Sprocket Services and how we can deliver a better user experience. We use information, including personal information, to provide the Sprocket Services and to help improve the Sprocket Services, to develop new services, and to advertise our services. Specifically, such use may include:

  • Providing you with the products, services, and information you request, including authenticating access to the products or services and supporting same.
  • Corresponding with you.
  • Providing, maintaining, administering, personalizing or expanding the Sprocket Services, performing business analyses, and for other internal purposes.
  • Combining information received from third parties with information that we have from or about you and using the combined information for any of the purposes described in this Privacy Policy.
  • Showing you advertisements, including interest-based or online behavioral advertising.
  • To provide you with additional information about our company, products and/or services, updates, notifications, and details of offers or promotions.
  • Fulfilling and complying with our legal obligations, such as preventing, detecting, and investigating security incidents, fraud, and potentially illegal or prohibited activities.
  • Enforcing our Privacy Policy and other agreements.
  • As part of due diligence for, or the consummation of, a transaction involving the merger, sale, divestiture, or other transaction involving the equity or assets of Sprocket.

By providing your e-mail and/or phone number and checking a box, clicking the “complete” button, or some other affirmative act, you are consenting to receive e-mails and/or calls and text messages, including live, prerecorded, and/or automated calls and messages, to that email or phone number. After signing up, you will receive a confirmation e-mail or text message from Sprocket on your mobile number. This agreement is not entered into as a term or requirement of any purchase or promotion. Normal message and data rates may apply. Message frequency may vary. Neither we nor the participating carriers guarantee that messages will be delivered. We may discontinue these programs at any time without notice.

6. How We Share Your Information

In certain circumstances, and in order to perform the Sprocket Services, we may share certain information about you as described in this section:


We do not sell your personal information to third parties.

We do not share your personal information with our partners to customize or display our advertising.

We do not share your personal information and/or Traffic Data with our partners who perform operational services for us (such as hosting, billing, fulfillment, data storage, security, insurance verification, web service analytics, or ad serving).

We do not share your personal information and/or Traffic Data with our partners to analyze device activities and generate targeted advertisements.

  • We may transfer your personal information to another company in connection with a proposed merger, sale, acquisition or other change of ownership or control by or of Sprocket (whether in whole or in part). We will make reasonable efforts to notify you before your information becomes subject to different privacy practices.
  • We also may need to disclose your personal information or any other information we collect about you if we determine in good faith that such disclosure is needed to: (1) comply with or fulfill our obligations under applicable law; (2) protect the rights, property or safety of you, Sprocket or another party; (3) enforce this Privacy Policy or other agreements with you; or (4) respond to claims that any posting or other content violates third-party rights.

7. Collection and Use of Sensitive Information

We have collected the following categories of sensitive personal information from consumers within the last twelve months:

  • Complete account credentials

We do not use or disclose sensitive personal information for purposes other than those specified in the CCPA/CPRA.

8. Storage and Security of Information

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.

Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security. In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.

You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring you do not make your personal information publicly available via our platform.

9. Your Choices

9.1 Information You Provide

You can choose whether or not to provide personal information through the Sprocket Services. We will not discriminate against you for exercising any of your rights relating to your personal information and will not (i) deny you goods or services, (ii) provide you with a different level or quality of services, or (iii) charge you different prices for services for doing so.

9.2 California Privacy Rights

In the preceding 12 months, we collected and disclosed for a business purpose the following categories of personal information about California consumers:

Category
Examples
Collected?
Categories of Recipients
Identifiers
Name, address, e-mail address, IP address
Yes
i.e., Email Marketing
Personal information categories listed in the California Customer Records statute
Name, professional-related information; and employment-related information
No
Not applicable.
Protected classification characteristics under California or federal law
Name, age, citizenship, nationality, ancestry, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, proof of eligibility to work
No
Not applicable.
Commercial information
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
No
i.e., Organizations providing services to Sprocket
Internet or other similar network activity
Browsing history, search history, information on a consumer’s interaction with the Sprocket Services
No
Not applicable.
Geolocation data
Location and movement data
No
Not applicable.
Professional or employment-related information
Proof of eligibility to work, resumé, other professional-related information and employment-related information
No
Not applicable.
Biometric information
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
No
Not applicable.
Non-Public Education Information
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records
No
Not applicable.
Inferences from the foregoing
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
No
Not applicable.

Purposes for Collection, Use, and Sharing. We use and disclose the personal information we collect for our commercial purposes, as further described in this Privacy Policy, including for our business purposes with our partners and service providers as follows:

  • Legal compliance and auditing related to our interactions with you.
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and exercising our related rights.
  • Performing and improving out services (by us or our service provider(s)).
  • Internal operations.
  • Other one-time or short-term uses.

Your Rights. If you are a California resident you may have the following rights under the CCPA/CPRA in relation to personal information we have collected about you, to the extent required by the CCPA/CPRA and subject to verification:

  • Right to Know/Access: You have the right to request certain information about our collection and use of personal information about you as described below:

    • The specific pieces of your personal information collected.
    • The categories of your personal information collected.
    • The categories of sources from whom your personal information is collected.
    • The purpose for collecting your personal information.
    • The categories of third parties with whom we have shared your personal information.
  • Right to Delete: You have the right to request that we delete certain personal information we have about you.
  • Freedom from Discrimination: You have the right to be free from unlawful discrimination for exercising any of your privacy rights.
  • Right to Correct: You have the right to request that we correct inaccurate personal information regarding the information you provide us.
  • Right to Restrict the Use of Sensitive Personal Information: You have the right to restrict the use of your sensitive personal information.
  • Right to Access Information on Automated Decision-Making: You have the right to access information collected through automated decision-making. Additionally, you can opt-out of our use of automated decision-making related to your personal information.

To make a request in relation to the above rights, please contact us using the information in Section 15 below. To fulfil your request, we will need to verify your identity. Only you or someone legally authorized to act on your behalf may make a request related to your personal information. To designate an authorized agent, the authorized agent must provide sufficient information that allows us to reasonably verify that you authorize them to act on your behalf.

10. Canada, European Union and United Kingdom Privacy Rights

If our processing of your personal information is subject to GDPR, UK GDPR, and/or PIPEDA, and unless subject to an exemption, you may have the following rights with respect to your personal information:

  • Right of Access: You have the right to view and request copies of your personal information.
  • Right to Rectification: You have the right to request that your inaccurate or outdated personal information be updated or corrected.
  • Right to be Forgotten/Right to Erasure: You have the right to request your personal data be deleted, upon providing verification to us.
  • Right to Restrict Processing: You have the right to request the restriction or suppression of our processing of your personal information.
  • Right to be Informed: You have the right to be informed about the collection and use of your personal information.
  • Right to Data Portability: You have the right to ask for your personal information to be transferred to you or to another controller.
  • Right to Withdraw Consent: You have the right to withdraw previously given consent to process your personal information.
  • Right to Object: You have the right to object to the processing of your personal information.
  • Right to Object to Automated Processing: You have the right to object to decisions being made with your personal information solely based on automated decision making or profiling.

We will need to verify your identity to process any requests described in this Section and may deny your request if we are unable to verify your identity. Government or other identification may be required.

If you are a resident of the European Economic Area (“EEA”), when we process your personal information, we will only do so in the following situations:

  • We need to use your information to perform our responsibilities under our agreement with you.
  • We have a legitimate interest in processing your personal information. For example, we may process your personal information to send you marketing communications, to communicate with you about the Sprocket Services, and to provide and improve the Sprocket Services.
  • We have your consent to do so.

If your personal data is subject to GDPR or UK GDPR, we will transfer personal data from the EEA to a location outside the EEA only when there has been a documented adequacy determination, or where we have confirmed adequate privacy protections. If your personal data is subject to PIPEDA, we will transfer personal data from Canada to locations outside Canada only where we have confirmed adequate privacy protections. If we transfer personal data to a third party acting as our agent, we will also obligate the third party to have adequate privacy protections in place.

11. How Long We Retain Your Information

We retain personal information about you for as long as necessary to provide you the Sprocket Services. In some cases, we retain personal information for longer, if doing so is necessary to comply with our legal obligations, or as otherwise permitted by applicable law. Afterwards, we retain some information in a de-identified and/or aggregated form but not in a way that would identify you personally.

12. Information Provided on Behalf of Children and Others

The Sprocket Services are not intended for use by children. Individuals under the age of 18 may not use the Sprocket Services. Sprocket does not knowingly collect any information from children. If you are under 18, do not attempt to register for the Sprocket Services or send us any personal information. By accessing, using and/or submitting information through the Sprocket Services, you represent that you are not younger than 18 and that you have authority to do so. If you are a parent or legal guardian of a minor child, you may, in compliance with this Privacy Policy, use the Sprocket Services on behalf of such minor child. Information you provide through the Sprocket Services on behalf of a minor child will be treated as personal information as provided herein. If you use the Sprocket Services on behalf of another person, regardless of age, you represent and warrant that you have authority to do so.

13. Third Party Web Services

The Sprocket Services may contain links or content from third party websites. A link or content from a third-party website does not mean we endorse that website, the accuracy of information presented, or the persons or entities associated with that website. If you visit a third-party website, you are subject to the privacy policy of the applicable third party and we are not responsible for the policies and/or practices of any third party. We encourage you to ask questions before you disclose your information to others.

14. Updates and Changes to Privacy Policy

The effective date of this Privacy Policy is set forth at the top of this webpage. We will notify you of any material change by posting notice on this webpage. Your continued use of the Sprocket Services after the effective date of any amendment to this Privacy Policy constitutes your acceptance of the amended Privacy Policy. We encourage you to periodically review this page for the latest information on our privacy practices. Any amended Privacy Policy supersedes all previous versions. IF YOU DO NOT AGREE TO FUTURE CHANGES TO THIS PRIVACY POLICY, YOU MUST STOP USING THE Sprocket SERVICES AFTER THE EFFECTIVE DATE OF SUCH CHANGES.

15. Contact Us

The data controller for the purposes of GDPR, UK GDPR, PIPEDA or other data protection laws is Sprocket Security, Inc. If you have any questions about this Privacy Policy, please contact us at privacy@sprocketsecurity.com or at:

Sprocket Security, Inc.
Attn: Privacy
Address: 821 E Washington Ave Suite 402
Madison, WI 53703
Email: privacy@sprocketsecurity.com