Privacy Policy

Last Updated: April 24, 2024

1. What This Policy Covers

ShadowDragon, LLC, and its affiliates (collectively “ShadowDragon”, “we”, “our” or “us”) are committed to protecting the privacy of Personal Data (defined below). This Privacy Policy covers Personal Data we handle, the purposes for handling that Personal Data, other parties with whom we may share it and the measures we take to protect the security of the data. It also tells you about your rights and choices with respect to your Personal Data, including how you can object to certain uses of information about you, how you can access and update certain information about you, and how you can contact us about our privacy practices. This Policy does not apply to employees, consultants or contractors. If you do not agree with this policy, do not access or use the Site or our tools or interact with any other aspect of our business.

This Privacy Policy and our Cookie Policy (the “Policy”) are based on the privacy and data protection principles common to the countries in which we operate and where Customers are located, our overarching obligations to comply with law, and our commitments to protecting confidentiality and to providing our tools as effectively as possible within the bounds of the law.

This Policy applies when you use our Tools, visit our Site, or otherwise interact with us online or offline (e.g., by visiting our premises, attending events, by communicating with us via phone or social media); or when your information is used to operate the tools.

This Policy only applies to Personal Data for which ShadowDragon LLC is a controller.

Definitions

Personal InformationAny information relating to an identified or identifiable individual. Personal Data does not include de-identified or anonymized information. Personal Data does not include publicly-available information, except where required by law.
Sitewww.shadowdragon.io, which we own and operate.
ToolsOur offerings, including Convert-It, Horizon, OIMonitor, MalNet, and SocialNet.
CustomersOur Tools are primarily intended for use by organizations under contract with us, who we refer to as “Customers”.
End UsersThe Customers who use our Tools control which individual users may access the Tools by assigning licenses to permitted individuals, who we refer to as “End Users”. This includes End Users of Customer’s own customers where Customer resells the Tools.
User ContentInformation submitted to the Tools by End User and information provided or collected by End Users using a Tool, e.g., files uploaded, search terms and their associated results, links or graphs or other information.
User ActivityAny End User action while accessing our Tools (via a third-party tool or a web browser) such as logging in from a device and an IP address, transferring (uploading or downloading) a certain volume of data, clickstream information.

Customer Data Protection Responsibilities
Because of the nature of our Tools, our Customers using the Tools are data controllers for User Content, and we are data processors acting on behalf of and under the instructions of our Customers. We process User Content in accordance with our contractual obligations, which includes processing for the Tools. When we receive Personal Data as part of User Content, our Customer is responsible for complying with applicable regulations or laws regarding notice, disclosure, and/or obtaining consent prior to transferring the Personal Data to us for processing or further use. Please refer to their respective privacy policies for more information regarding your Personal Data processed in these contexts.

Links to Third Party Sites
The Tools and Site may include links that direct you to other websites or services whose privacy practices may differ from ours. If you access or submit information to any of those third-party sites, your information is governed by their privacy policies, not this one. We encourage you to carefully read the privacy policy of any website you visit.

ShadowDragon Tools Covered Under this Policy
This Privacy Policy applies to our Site and to the Tools. However, there are circumstances where some provisions may only apply to the Site or only apply to the Tools. Where parts of this Privacy Policy only apply to the Tools, we will make that clear. However, there may be additional privacy notices relevant to some of our Tools. In the event specific Tools may be subject to additional privacy notices, we will make those Tool-specific disclosures available from within the Tools. Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements.

This policy is intended to help you understand:

  • What Information We Collect About You, From Where, and For What Purposes
  • How We Share Personal Data We Collect
  • How We Store and Secure Information We collect
  • How to Access and Control Your Information (Your Rights)
  • Other Important Information
  • European & UK Data Protection Law

2. What Information We Collect About You, From Where, and For What Purposes

As a controller, we collect Personal Data about you when you provide it to us and when we collect it from other sources, as further described below. When you use the Tools our primary goals in collecting Personal Data, which includes information from publicly-available sources, are to provide, improve, or administer the Tools.

California Residents: We may process your information for "business purposes" under the CCPA - such as to protect against illegal activities. This section provides information about the categories of Personal Data we collect.

3. How We Share Personal Information We Collect

We share information we collect about you in the ways discussed below.

No Disclosures for Direct Marketing and Advertising
At this time, ShadowDragon does not disclose, sell, rent, license, grant access to, or trade information with third parties for their direct marketing purposes.

No Sale of End User, Site Visitor or Customer Personal Data
We do not sell any End User, Site visitor or Customer Personal Data. We do share information with others, including via OIMonitor historic search as described below in this section of the Policy.

Information Shared With Your Organization (our Customer)
By default, we do not give Customers access to their End Users’ Usage Rates, but we share that information with the Customer upon a Customer’s request. Customers can choose whether to be able to view their End Users’ User Content; By default we do not give Customers access to End Users’ User Content.

Information Shared With Service Providers
We work with third-party service providers to provide storage, virtual infrastructure such as web hosting and backups, payment processing and other services for us, which may require them to access or use information about you. We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Tools and the Site. If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including appropriate security and confidentiality procedures designed to protect your information.

Information Shared with Third-Party Integration Partners
You or your organization may choose to add new functionality or change the functionality of the Tools by accessing them through a Third-Party Product. SocialNet only functions via another product or service, either Horizon or through a Third-Party Product. If your organization elects to use a Third-Party Product, doing so may give the providers of those Third-Party Products access to your account and information about you like your saved queries, and any content you choose to use in connection with those apps. If you are a point of contact for your organization, we may learn or share your details if you ask us to help troubleshoot your use of our Tools in connection with the third-party app or tool. Third-party app and tool policies and procedures are not controlled by us, and this Policy does not cover how third-party apps use your information. We encourage you to review the privacy policies of third parties before connecting to or using their applications or services to learn more about their privacy and information handling practices. If you object to information about you being shared with these third parties, please uninstall the app or discontinue using the third-party tools.

Information Shared with Your Consent
We share information about you with third parties when you give us consent to do so. For example, we might display personal testimonials of satisfied customers on our public websites or in marketing materials. With your consent, we may post your name alongside the testimonial.

Information Shared for Compliance with Enforcement Requests and Applicable Laws, and to Enforce Our Rights
We may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect ShadowDragon, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.

Information Shared with Affiliated Companies or in Business Transfers
We may share information we collect with affiliated companies and, in some cases, with prospective affiliates. Affiliated companies are companies owned or operated by us. The protections of this Policy apply to the information we share in these circumstances.

We may share or transfer information we collect under this Policy in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the Site if a transaction takes place, along with any choices you may have regarding your information.

4. How we store and secure information we collect

Information security
We use, at a minimum, reasonable physical, technical and administrative safeguards to protect against loss, misuse, unauthorized access, disclosure, alteration or destruction of the information we collect. We cannot, however, guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

If you save any User Content or other information locally (or otherwise outside of our tools), you are solely responsible for protecting it and we are not.

Retention of Personal Data
We keep your information only for as long as is necessary to complete the purpose for which the information was collected; to satisfy any legal, accounting, or reporting obligations; if consent has been provided to retain such information; or if a Customer requests we keep its Personal Data. The length of time we retain your Personal Data is determined by operational and legal considerations.

We may de-identify your Personal Data (so that it can be no longer associated with you), in which case we may use this information indefinitely without further notice to you. We commit to maintaining the de-identification of information and will not attempt to re-identify information.

Account information
We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Tools. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Tools. Where we retain information for Tool improvement and development, we take steps to de-identify Personal Data and we only use de-identified information to derive aggregated insights about the use of our Tools, and make inferences about your personal characteristics.

Marketing information
If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Tools, such as when you last opened an email from us. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.

5. Your Rights Under Privacy Laws

You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations.

Depending on where you live, you may have the right to request a copy of your information, to request information about the categories of information collected about you, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your information, to request your information in a structured, electronic format, to appeal a denial of your request to exercise your rights, or to have an authorized representative make requests on your behalf. Below, we describe the tools and processes for making these requests. Where you use the Tools via your organization (e.g., your employer), you may need to contact your organization to assist with your requests first (see "Notice to End Users" below). For all other requests to exercise your rights under applicable law, you may contact us as provided in the Contact Us section below.

We value your privacy and will not discriminate against you in response to you exercising your privacy rights. We will endeavor to respond to your requests within 45 days of receipt of your request, after proper verification, unless we need additional time, in which case we will let you know.

If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.

Limitations
Your request and choices may be limited in certain cases. For example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your organization are permitted by law or have compelling legitimate interests to keep. Where you have asked us to coordinate with a third party for troubleshooting purposes, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted.

Verifiable Requests
In order to protect your information from unauthorized access or deletion, when you request to exercise your rights, we may require you to provide additional information for verification. Making a verifiable consumer request does not require you to create an account with us. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.

If we cannot verify your identity, we will not provide or delete your information. Residents of some states may submit verifiable requests by another individual authorized to act on your behalf. These requests for access and deletion must:

  • Detail sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative; and
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Request to Deactivate Your Account
If you no longer wish to use our Tools, you or the business point of contact for your organization should contact customer support. Deactivating your account does not delete your information; your information may be visible to your organization (our Customer) if the Customer requests. For more information on how to delete your information, see below.

Request to Delete Your Information
If you wish to have your information deleted, please contact customer support. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions, to comply with our legal obligations or to comply with your organization’s instructions.

Request to Opt-Out of Communications
You may opt-out of receiving promotional communications from us by using the unsubscribe link within each email, or by contacting us as provided below. If you are an End User or Customer, you will continue to receive communications that are part of the Tools from time to time and in most cases you cannot opt-out of them (e.g., information about updates to a Tool).

Request to Turn off Cookie Controls
Information about browser-based cookie controls is described in our Cookie Policy.

Request to Respond to “Do Not Track” Signals
Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Our Site does not currently respond to browser DNT signals. You can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving marketing from us as described above.

Request a Copy of your Data (Data Portability)
Data portability is the ability to obtain some of your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier). Depending on the context and your organization’s preferences, this may apply to some of your information, but not to all of your information. Depending on your state or country, you may or may not have this right. Should you request it, we will provide you with an electronic file of your information that we can access using reasonable efforts.

6. Other Important Information

Changes to our Privacy Policy
We may change this Policy from time to time. We will post any changes on this page and, if the changes are significant, we will provide a more prominent notice by adding a notice on the Site homepages, login screens, or by sending you an email notification. We encourage you to review our Policy whenever you access the Site or use the Tools to stay informed about our information practices and the ways you can help protect your privacy.

If you disagree with any changes to this Policy, you will need to stop using the Site and Tools and deactivate your account(s) as outlined above.

Our policy towards children
Neither our Tools nor our Site are directed to children under the age of majority. We do not knowingly collect information from children or other individuals who are not legally able to use our Tools or Site. If we obtain actual knowledge that we have collected information from a child under the age of majority, we will promptly destroy that information, unless we are legally obligated to retain the information. If you believe we have mistakenly or unintentionally collected information from a child under the age of majority, please contact us at privacy [at] shadowdragon.io. If you become aware that a child has provided us with Personal Data, please contact privacy [at] shadowdragon.io.

Contact Us
Your information described in this Policy is controlled by ShadowDragon, LLC. If you have questions or concerns about how your information is handled, please direct your inquiry to privacy [at] shadowdragon.io which we have appointed to be responsible for facilitating such inquiries or, if you are a resident of the European Economic Area (EEA), please contact our EU Representative.

ShadowDragon, LLC
2650 Riverchase Parkway East
Suite 200
Hoover, AL 35244
E-Mail: privacy [at] shadowdragon.io

EU Representative:

DSI Compliance LTD
Quadrant House
4 Thomas More Square
London E1W1YW
E-Mail: dp_eu [at] shadowdragon.io

7. European & UK Data Protection Law

The following section, in conjunction with the information above, describes our practices in accordance with EU General Data Protection Regulation (“EU GDPR”), UK Data Protection Law, and the EU e-Privacy Directive (collectively, “EU & UK Data Protection Law”).

If you are a resident of the EEA, Switzerland or the United Kingdom, this section of the Policy applies to you.

Legal Basis of Processing

We process your Personal Data that is subject to EU, UK Data Protection Law where we have legal bases to do so under the applicable law(s). Our legal basis for processing Personal Data in connection with the Site is legitimate interests – where 13

either we or a third party (e.g., your organization) have a legitimate interest to do so. You have the right to object to that use, in some cases, which may mean no longer using the Tools.

International Transfer of Personal Data

We collect information globally and may transfer, process and store your information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the Tools or Site, or to wherever our users access the Tools. Some of the relevant countries may not have privacy and security laws as stringent as EU & UK Data Protection Law.

The independent dispute resolution body designated to address complaints and provide appropriate recourse free of charge to data subjects is an alternative dispute resolution provider based in the United States. The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Privacy Rights

Residents of the EEA, UK, and Switzerland have the right to access, delete, correct, withdraw their consent, and have portability of their information. Section 5 of this Privacy Policy outlines how you can access, download, and delete your Personal Data and you can contact privacy [at] shadowdragon.io for further assistance. In addition, you have the right to object or restrict the processing of your Personal Data. To exercise such rights, please contact us at privacy [at] shadowdragon.io. We will handle your request under applicable law, and, in some cases, your ability to access or control your Personal Data will be limited as required or permitted by applicable law.

Individual EU and UK data subjects have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. For more information see Annex I to the DPF Principles. We may disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. When we transfer Personal Data to agents acting on our behalf, we retain the responsibility for the processing of Personal Data we receive under the DPF Principles. We remain liable under the DPF Principles if our agent processes such Personal Data in a manner inconsistent with the DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage. 14

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, we commit to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU and UK individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact us at:

ShadowDragon, LLC 2650 Riverchase Parkway East
Suite 200
Hoover, AL 35244
E-Mail: privacy [at] shadowdragon.io

ShadowDragon LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. ShadowDragon LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. ShadowDragon LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

ShadowDragon, LLC has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ShadowDragon commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on 15

the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

Whenever we transfer your information, we take steps to protect it. When we share your information with third-party service providers, we make use of the European Commission-approved standard contractual data protection clauses with relevant Swiss amendments, the U.K. Information Commissioner’s Office international data transfer addenda or other appropriate legal mechanisms to safeguard the transfer.

Access to Information and Your Rights

You have certain rights relating to your Personal Data, subject to local data protection laws. These rights may include:

  • To access your Personal Data held by us (right to access);
  • To correct inaccurate Personal Data and, when warranted in light of the purpose of processing, to ensure your information is complete (right to rectification);
  • To erase your Personal Data, to the extent permitted by applicable data protection laws (right to erasure; right to be forgotten);
  • To restrict our processing of your Personal Data to the extent permitted by law (right to restriction of processing);
  • To transfer your Personal Data to another controller or processor, to the extent possible (right to data portability);
  • To object to any processing of your Personal Data carried out on the basis of our legitimate interests (right to object). Where we process your Personal Data for direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
  • To the extent we collect, process, and share your Personal Data based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent before you withdrew consent.

To exercise these rights, please submit your specific request to us via email, phone or mail (see the “Contact Us” section above).

Timeframe for Responding to Requests

We will respond to your valid request to exercise your rights under applicable law within thirty (30) days of receipt. 16

The response time may be extended to forty-five (45) or sixty (60) days if we need more time. In that event, we will give you the reason and extension period in writing (via email).

8. Notice to End Users

Our products are primarily intended for use by organizations, as described above. Where the Tools are made available to you through an organization (e.g., your employer), that organization is responsible for the Tools via one of the valid license keys assigned to the organization. When this is the case, please direct your account or data privacy questions to your business point of contact, as your use of the Tools is subject to that organization's policies. We are not responsible for your organization’s privacy or security practices, which may be different than this policy.

Your organization can:

  • restrict, suspend or terminate your access to the Tools;
  • install or uninstall third-party apps or other integrations;
  • change the email address associated with your account;
  • restrict your ability to save or delete information;
  • access information in and about your account upon request;
  • access or retain information stored as part of your account upon request.

If you do not want a point of contact to be able to assert control over your use of the Tools, you should stop using the Tools and inform the point of contact.

Please contact your organization or refer to your organization’s policies for more information.

Scroll to Top