Privacy Policy

At Realm.Security, Inc. (“Realm.Security”, “we” or “us”) we place the highest importance on respecting and protecting the privacy of our customers. We’ve developed this Privacy Policy (“Policy”) to explain to you how we collect, use, disclose, and store personal data. By submitting personal data to us, you are expressly and voluntarily accepting the terms and conditions of this Policy. You have the right to withdraw your consent to our collection and use of your personal data by notifying us at [email protected].

When Does This Policy Apply?

This Policy only applies to personal data that Realm.Security handles as a Controller (meaning where Realm.Security controls how and why your personal data is processed). This includes when you:

Visit or interact with our website at https://realm.security (the “Site”), mobile applications, customer and/or developer portals, branded social media pages, and other sites which we operate (collectively, our “Digital Properties”);
Register for or participate in our webinars, events, programs, marketing, and promotional activities;
Interact with us in person, such as when you visit our offices; and
Inquire about or engage in commercial transactions with us.

Realm.Security is a Processor, not a Controller, of personal data that we process on behalf of our customers when they use our products and services. For clarity, this means that this Policy does not apply to where Realm.Security processes personal data as a processor in its products and services.

Changes

We may update this Policy from time to time. The most recent Privacy Policy applies to all information that Realm.Security has about you. When we post changes to this Policy, we will revise the “last updated” date at the top of the Policy. Please check back periodically for updates. If you do not agree with any changes we make, you should stop interacting with us. When required under applicable law, we will notify you of any changes to this Policy by posting an update on our Site or in another appropriate manner. Visiting or using a Digital Property after a notice of changes has been sent to you or published on our Site shall constitute consent to the changed terms and practices.

Contact Us

If you have privacy-related questions that are not addressed here, please contact us by email at: [email protected] or by postal mail at: PO Box 812502, Wellesley MA 02482.

Personal Data We Collect and Disclose

The below table describes what personal data we collect about you and to whom we disclose personal data.

Categories of Personal Data Collected	Disclosures of Personal Data
Identifiers, such as your name, email address, postal address, phone number, and device identifiers (e.g., advertising identifiers and IP address).	Service providers, such as security and platform vendors Business partners who we partner with to jointly market or sell our products and Services, such as resellers, distributors and other sales agents and channel partners With third parties at your direction, such as event sponsors Professional advisors, such as lawyers, accountants, and auditors Entities involved in a corporate transaction, including if we sell, acquire, or merge all or some of our assets Companies that operate Cookies and Tracking Technologies, described below under Cookies and Tracking Technologies such as marketing and advertising partners To our affiliates and subsidiaries To which you have consented to the disclosure
Commercial information, including preferences, such as purchasing history or tendencies and transactional information, such as banking information.	Service providers, such as security and platform vendors With third parties that are necessary to complete a transaction, such as credit card processors Professional advisors, such as lawyers, accountants, and auditors Entities involved in a corporate transaction, including if we sell, acquire, or merge all or some of our assets To our affiliates and subsidiaries To which you have consented to the disclosure
Internet or other electronic network activity information and device information, such as your browsing history, search history, device information, and other information (whether passive browsing or active engagement) regarding your interactions with us and use of our products, services, emails, and other Digital Properties.	Service providers, such as security and platform vendors Companies that operate Cookies and Tracking Technologies, described below under Cookies and Tracking Technologies, such as marketing and advertising partners Entities involved in a corporate transaction, including if we sell, acquire, or merge all or some of our assets To our affiliates and subsidiaries
Geolocation information, such as approximate location based on your IP address, mobile device location, or information you provide to us (such as city and state you provide through a webform). You may be able to control collection of this data through the settings of your device.	Service providers, such as security and platform vendors. Entities involved in a corporate transaction, including if we sell, acquire, or merge all or some of our assets. Companies that operate Cookies and Tracking Technologies, described below under Cookies and Tracking Technologies, such as marketing and advertising partners To our affiliates and subsidiaries
Audio, electronic, visual, and other sensory information, such as CCTV recordings of our premises (e.g., if you visit our offices); recordings of your interactions with our sales or advocacy teams (e.g., for quality assurance or training purposes, in accordance with applicable laws); or customer support chat or messaging logs.	Service providers, such as security and platform vendors. Entities involved in a corporate transaction, including if we sell, acquire, or merge all or some of our assets To our affiliates and subsidiaries
Inferences as defined by California law, such as marketing you are likely to react positively to.	Entities involved in a corporate transaction, including if we sell, acquire, or merge all or some of our assets To our affiliates and subsidiaries Service providers, such as platform vendors

In addition to the above disclosures, we may share your personal data to respond to lawful requests by law enforcement or other government authorities, including to meet national security requirements. We may also de-identify, anonymize, or aggregate personal data to use or share with third parties for any purpose, where legally permitted.

Further, we use vendors that may collect personal data on our behalf. Please see the list of vendors that we currently use and how they may access and use your data, including links to their respective privacy policies at the end of this Policy.

How We Process Personal Data

We do not sell or rent your personal data to anyone. We do not share your personal data with anyone outside of Alchemy for their promotional, including marketing, use.

We may process your personal data for the below purposes:

Purpose of Processing	Lawful Basis
To provide our products, services, and Digital Properties to you, including processing and fulfilling transactions; enabling you to access the Digital Properties and our products and services; operating, maintaining, and improving our Digital Properties and our products and services; communicating with you, such as by responding to your support requests or providing security updates; and diagnosing, repairing, and tracking service and quality issues with our products and services.	Legitimate interests; Contract; Legal obligations
For our own business purposes, including maintaining internal business records and conducting internal reporting; collecting payments and performing accounting and similar business functions; auditing and managing projects related to our products and services; performing IT security management and IT-related tasks, such as administration of our technologies and network; evaluating and improving our business, our products and services, and Digital Properties; and performing research and development of new products and services; and processing your survey and questionnaire responses.	Legitimate interests; Legal obligations
For legal, safety, or security reasons, including to comply with legal requirements; establish, exercise, or defend against legal claims; protect the safety, security, and integrity of our property and the rights of those who interact with us or others; investigate any content or conduct policy violations; and detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity.	Legitimate interests; Legal obligations; Public interest
For marketing our products and services or those of third parties, such as our business partners, including to solicit or publish testimonials or feedback about our products and services; send you marketing and promotional communications or recommendations (via email, phone, or other online and offline channels) about our products and/or services or those of third parties; facilitate your participation in a conference or trade show; facilitate your participation in a contest or event; assess ad impressions or engage in contextual ad customization. You may opt out of marketing communications by contacting us at [email protected].or by clicking the “unsubscribe” link at the bottom of our marketing communications. Note that some of our marketing materials and information may use tracking technologies and analytics tools to help us understand your preferences. For further information, please see the Cookies and Tracking Technologies section below.	Consent (where required by law); Legitimate interests
To fulfill a referral request when you use our referral service to tell a friend about our Services, including by using the name, email address, title, and company name that you provide us to contact the person you are referring. You must only provide others’ personal data if you have their consent to do so.	Consent (where required by law); Legitimate interests
Diversity, equity, and inclusion, such as promoting diversity, equity, and inclusion initiatives and representation within our business (where authorized by applicable law).	Consent (where required by law); Legitimate interests
Corporate transactions, such as sales, mergers, acquisitions, reorganizations, bankruptcy, and other corporate events.	Legitimate interests; Legal obligations
When you have voluntarily agreed to have your personal data processed.	Consent

Realm.Security uses a limited number of third-party service providers to assist us in processing data for certain purposes. These third-party providers help support certain site features, perform database monitoring and other technical operations, assist with the transmission of data, and provide data storage services. These third parties may process or store personal data while providing their services. Realm.Security maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our obligations under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, including the onward transfer provisions, and Realm.Security remains liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.

Your Right to Access and Control Your Personal Information

Realm.Security will honor data subject rights in accordance with appliable law. You may have the right to access, correct, update, and, in some cases, request deletion of your personal data (subject to exceptions). You may submit a request by contacting us at: [email protected].

Sources of Personal Data

Information you provide to us directly, including when you register and communicate with us directly through our Digital Properties, visit our offices, or participate in our events, marketing, and outreach activities.
Information collected from your employer, coworkers, or friends, including information about representatives or other employees of our current, past, and prospective customers, suppliers, investors, and business partners. We may also receive your information from a friend as part of a referral for our products and services.
Information automatically collected, including technical information about your interactions with our Digital Properties (such as IP address, browsing preferences, and purchase history). More information is available under the Cookies and Technology Tracking section below
Information from public sources, including information from public records and information you share in public forums, such as social media.
Information from other third parties, including information from third-party service and content providers, entities with whom we partner to sell or promote products and services, and social media networks (including widgets related to such networks, such as the “Facebook Like” button).

We may combine information that we receive from the various sources described in this Policy, including third-party sources and public sources, and use or disclose it for the purposes identified above.

Google Analytics and Advertising

We use Google Analytics to recognize you and link the devices you use when you visit our Site on your browser or mobile device, log in to your account on our Site or App, or otherwise engage with us. We share a unique identifier, like a user ID or hashed email address, with Google to facilitate the service. Google Analytics allows us to better understand how our users interact with our Site and App and to tailor our advertisements and content to you. For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google’s site “How Google uses data when you use our partners’ sites or apps” located atwww.google.com/policies/privacy/partners/. You can learn about Google Analytics’ currently available opt outs, including the Google Analytics Browser Ad-On here https://tools.google.com/dlpage/gaoptout/.

We may also utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to the Site and/or App. You may control your advertising preferences or opt out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at https://google.com/ads/preferences, or by vising NAI’s online resources athttp://www.networkadvertising.org/choices.

Data Security and Retention

We protect the confidentiality and security of your personal data by using industry-recognized security safeguards such as firewalls, coupled with carefully developed security procedures designed to protect your personal data from loss, misuse or unauthorized alteration. Our employees are trained and required to safeguard your personal data and, using physical, electronic and procedural safeguards, we restrict access to personal data to those employees and agents for business purposes only. Additionally, we use internal and external resources to review the adequacy of our security procedures.

Although Realm.Security uses industry standard security measures, the Internet is not a 100% secure environment and Realm.Security cannot, and does not, ensure or warrant the security of your personal data. There is no guarantee that your personal data may not be accessed, disclosed, altered or destroyed by breach of any physical, technical or managerial safeguards and we are not responsible for third party circumvention of your privacy settings or our security measures.

In the event that personal data is compromised as a result of a breach of security, Ream.Security will promptly notify those persons whose personal data has been compromised, in accordance with and as required by applicable law.

Our Digital Properties are hosted in datacenters in the United States and/or the European Union.

Your personal data will be generally retained as long as necessary to fulfill the purposes for which we collected the personal data. Once you and/or your company have terminated the contractual relationship with us or otherwise ended your relationship with us, we may retain your personal data in our systems and records to ensure adequate fulfillment of surviving provisions in terminated contracts or for other legitimate business purposes, such as to evidence our business practices and contractual obligations, to provide you with information about our products and services, or to comply with applicable legal, tax, or accounting requirements. When we have no ongoing legitimate business need nor lawful legal ground to process your personal data, we will delete, anonymize, or aggregate it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. If you want to know more about retention periods applicable to your particular circumstance, please contact us at [email protected].

If you are an individual based in the EU:

If you have submitted a valid EU General Data Protection Regulation (“GDPR”) data subject access request to exercise your right to be forgotten we will delete your personal data within 30 days of the request.
You can request a copy of your personal data and you can update any incorrect information.
You can ask to have your personal data removed, or in some cases limit our processing of personal data. This does not apply when we need to keep your personal data for legal reasons.

Third Party Links

When you click on links in our Digital Properties, you may leave our Digital Properties Services. We are not responsible for the privacy practices of other sites and applications and we encourage you to read the privacy statements at such sites and applications.

Public Forums

We may offer publicly accessible message boards, blogs, and community forums. Please keep in mind that if you directly disclose any information through our public message boards, blogs, or forums, this information may be made public and may be collected and used by others. We will correct or delete any information you have posted on our servers if you so request, as described in “Opting-Out and Unsubscribing” below.

Cookies and Tracking Technologies

We use cookies and other tracking technologies and offer you the option to manage these settings as described in this section.

Like most websites, we use “cookies” and web log files to collect information to track Site usage and trends, to improve our Site, and to deliver a customized experience when you visit our Site. A cookie is a small data file that is placed on your computer, mobile phone or other device by a web server and enables us to recognize you when you return to our Digital Properties. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time – for example, when you return to the same website, the information you previously provided can be retrieved, so you can easily use the features that you customized. We may use “persistent cookies” to save your registration ID and login password for future logins to the Digital Properties. We may also use “session ID cookies”, which expire after a short period of time or when you close your browser. Session ID cookies are used to identify a particular visit and are used to enable certain features of the Digital Properties, to better understand how you interact with the Digital Properties, and to monitor aggregate usage and web traffic routing on the Digital Properties. We set a cookie and use local storage in your browser that contains information that we use to identify you for the functional features described below with respect to our current third party vendors. You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Digital Properties. We keep track of the pages you visit on the Digital Properties, in order to determine what parts of our Digital Properties are the most popular. This data is used to deliver customized content on the Digital Properties to visitors whose behavior indicates that they are interested in a particular subject area.

We monitor the activity on our Digital Properties using common software tools and third party service providers. We collect and track information on use of the Digital Properties including referral sources, search terms, network information, IP addresses, computer and browser types, and content viewed. Unless combined with personal data, this other data does not personally identify any visitors of the Digital Properties. We may also use third party service providers to collect and track statistical information regarding Digital Properties activity, and to prevent our servers from being abused.

We may collect anonymous demographic information, which is not unique to you, such as your ZIP code, age, gender, preferences, interests and favorites using log files, when you visit our Digital Properties There is also information about your computer hardware and software that is automatically collected by analytics providers. This information may include, but is not limited to, your computer’s Internet Protocol address, browser type, the web page you were visiting before you came to our site, information you search for, domain names, access times and referring website addresses. We may also collect information about the fact that you use certain features and functionality and your responses to our surveys and research initiatives. This information is used by us for the operation of our Digital Properties, to maintain quality of our Digital Properties, and to provide general statistics regarding use of the Digital Properties. For these purposes, we do link this automatically- collected data to personal data such as name, email address, address, and phone number.

Some tracking technologies enable us to track your device activity over time and across devices and websites. While some browsers have incorporated Do Not Track or DNT preferences, we do not honor such signals from web browsers at this time.

Managing Cookies at the Browser Level: Please review the below information to understand your options for managing cookies at the browser level depending on your geographic location.

Individuals located in the EEA, Switzerland, or the U.K.: Unless and until you provide your consent, only Essential Cookies will be enabled. Other non-Essential types of cookies and Tracking Technologies on our Site, such as Functional, Analytics, and Targeting Cookies, are only enabled if you provide opt-in consent by using our Site cookie banner. In the “Cookie Settings” link in our Site footer, you can at any time withdraw your consent (with future effect) by clicking on the link and disabling cookies through the toggles, or you can adjust your preferences by utilizing the toggle settings.

Individuals located outside the EEA, Switzerland, or the U.K.: You may control the use of non-Essential cookies at the individual browser level by visiting the “Cookie Settings” link in our Site footer and selecting which category of cookies you wish to disable. If you are located in California, you may visit the “Do Not Sell or Share My Personal Information” link in our website footer to disable third-party cookies. Please note that you will need to ensure that each web browser is adjusted to reflect your preferences if you use different computers or mobile devices. If you elect to disable Functional cookies, you may still visit our Site, but your ability to use some features or areas of the Site may be limited.

Additionally, you may generally activate or later deactivate the use of cookies through functionality built into your web browser. To learn more about how to control cookie settings through your browser:

Click here to learn more about the “Private Browsing” setting and managing cookie settings in Firefox;
Click here to learn more about “Incognito” and managing cookie settings in Chrome;
Click here to learn more about “InPrivate” and managing cookie settings in Internet Explorer; or
Click here and here to learn more about “Private Browsing” and managing cookie settings in Safari.

For further information on how to manage Flash cookies please click here. If you want to learn more about cookies, or how to control, disable or delete them, please visit this link for detailed guidance. In addition, certain third-party advertising networks, such as Google, may permit users to opt out of or customize preferences associated with your internet browsing. To learn more about this Google feature, please click here.

Opting Out of Interest-Based Advertising: To opt-out of interest-based advertising by third parties, please see the below resources:

Individuals located in the United States:
- Digital Advertising Alliance (DAA) self-regulatory opt-out page
- Digital Advertising Alliance (DAA) mobile application-based “AppChoices” download page
- Network Advertising Initiative (NAI) self-regulatory opt-out page
Individuals located in the EEA, Switzerland, or U.K.:
- European Interactive Digital Advertising Alliance (EDAA) consumer opt-out page

In the mobile environment, most mobile operating systems offer device-based opt-out choices that are transmitted to companies providing interest-based advertising. To set an opt-out preference for a mobile device identifier (such as Apple’s IDFA or Android’s GAID), please visit the device manufacturer’s current choice instructions pages, or read more about sending signals to limit ad tracking for your operating system here. Please note that these settings must be performed on each device (including each web browser on each device) for which you wish to opt-out, and if you clear your cookies or if you use a different browser or device, you will need to renew your opt-out preferences.

Children

Children are not eligible to use our Digital Properties and we ask that minors (under the age of 18) do not submit any personal data to us or use our Digital Properties. Our Digital Properties are not directed to children under 16 years of age and we do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with personal dataa without their consent, he or she should contact us at [email protected] If we become aware that a child under 13 has provided us with personal data, we will delete such information from our files.

‍Reviewing, Correcting and Removing Your Personal Data

If you provide us with your personal data, you have the following rights with respect to that information:

To review the personal data that you have supplied to us
To request that we correct any errors, outdated information, or omissions in user information that you have supplied to us
To request that your personal data not be used to contact you
To request that your personal data be removed from any solicitation list that we use
To request that your personal data be deleted from our records
To otherwise opt out of receiving solicitations

To exercise any of these rights, please contact us at [email protected] or by sending us postal mail to: [insert Realm’s mailing address]

We will promptly change, correct, or delete your information.

To Unsubscribe From Our Communications

You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link at the bottom of mass emails or by sending us email us at [email protected] or by sending us postal mail to:

PO Box 812502, Wellesley MA 02482

Third Party Vendors for our Digital Properties

Some of the vendors we use for our Digital Properties that may collect personal data on our behalf are as follows:

Google Tag Manager: We use Google Tag Manager to manage and deploy marketing tags (snippets of code or tracking pixels) on our Site. Read Google Tag Manager’s privacy policy here: https://www.google.com/analytics/tag-manager/use-policy/
Google Analytics: We use Google Analytics to review data on Site visits, including geographical, browser information, platform information, page information, visit duration, referring site, time of visits, and click throughs. The data is used to improve our Site. Read the Google Analytics privacy policy here: https://policies.google.com/privacy?hl=en
Hubspot: We use Hubspot to communicate with our customers and prospects as well as to track campaigns and how many leads clicked on our Site from a Hubspot email campaign as well as to track event actions from our leads in our CRM. Read Hubspot’s privacy policy here: https://legal.hubspot.com/privacy-policy
Salesloft. We use Salesloft to track campaigns and how many leads clicked on our Site from a Salesloft email campaign as well as to track event actions from our leads in our CRM. Read Salesloft’s privacy policy here: https://salesloft.com/privacy-notice/
TypeForm: We use TypeForm to conduct surveys. Read TypeForm privacy policy here: https://admin.typeform.com/to/dwk6gt/
Vimeo: We use Vimeo to create, manage, and share videos embedded in our Site. Vimeo provides detailed analytics on content viewed. Read Vimeo’s privacy policy here: https://vimeo.com/privacy
Webflow: We use Webflow to create and host our Site as well as to track Site traffic. Read Webflow’s privacy policy here: https://webflow.com/legal/privacy
Zapier: We use Zapier to integrate Hubspot with Webflow. Read Zapier’s privacy policy here: https://zapier.com/privacy
Zoom: We use Zoom for web conferencing. Web conferencing is used as an umbrella term for various types of online collaborative services including web seminars, webcasts, and peer-level web meetings. Read Zoom’s privacy policy here: https://zoom.us/terms

Your Rights as an Individual Based in the EEA, Switzerland, and the U.K.

The following terms supplement this Policy with respect to our processing of EEA (i.e., European Union Member States, Iceland, Liechtenstein, and Norway), Swiss, and U.K. personal data. In the event of any conflict or inconsistency between the other parts of this Policy and the terms of this section, this section shall govern and prevail with regard to the processing of EEA, Swiss, and U.K. personal data, to the extent applicable.

a. Legal Basis for Processing:
Please see the Section titled “How We Process Personal Data” for the legal basis on which we rely for the collection, processing, and use of personal data.

b. Your Data Protection Rights:
Under applicable data protection laws, you may exercise certain rights regarding your personal data:

Right to Access. You have the right to obtain confirmation from us whether we are processing your personal data and related information, as well as the right to obtain a copy of your personal data undergoing processing.
Right to Data Portability. You may receive your personal data, that you have provided to us, in a structured, commonly-used, and machine-readable format, and you may have the right to transmit it to other data controllers without hindrance. This right only exists if the processing is based on your consent or a contract, and the processing is carried out by automated means.
Right to Rectification. You have the right to request the rectification of inaccurate personal data and to have incomplete data completed.
Right to Objection. You have the right to object to the processing of your personal data in certain cases.
Right to Restrict Processing. You may request that we restrict the processing of your personal data in certain cases.
Right to Erasure. You may request that we erase your personal data in certain cases.
Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority. In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, we commit to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
Right to Refuse or Withdraw Consent. In case we ask for your consent to process your personal data, you are free to refuse to give it. If you have given your consent, you may withdraw it at any time without any adverse consequences. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.
Right to Not Be Subject to Automated Decision-making. The types of automated decision-making referred to in Article 22(1) and (4) EU/UK General Data Protection Regulation (“GDPR”) do not take place in connection with your personal data. Should this change, we will inform you about why and how any such decision was made, the significance of it, and the possible consequences of it. You will also have the right to human intervention, to express your point of view, and to contest the decision.

You may exercise these rights by contacting us using the details provided at the beginning of this Policy under the section titled “Contact Us”. Please note that we may refuse to act on requests to exercise data protection rights in certain cases, such as where providing access might infringe someone else’s privacy rights or impact our legal obligations.

c. International Transfers of Personal Data:
Due to the global nature of our operations, some of the recipients mentioned under the section titled “Personal Data We Collect and Disclose” and under the section titled “Third Party Vendors” of this Policy may be located in countries outside the EEA, Switzerland, or the U.K., which do not provide an adequate level of data protection as defined by data protection laws in the EEA, Switzerland, and the U.K. Transfers take place using a valid data transfer mechanism, such as the EU Standard Contractual Clauses and/or the U.K. Addendum to such clauses, approved Binding Corporate Rules, approved codes of conduct and certifications mechanisms, on the basis of permissible statutory derogations, or any other valid data transfer mechanism issued or approved by the EEA, Swiss, or U.K. authorities. Certain third countries have been officially recognized by the EEA, Swiss, and U.K. authorities as providing an adequate level of protection and no further safeguards are necessary. Please reach out to us using the contact information at the beginning of this Policy under the section titled “Contact Us”, if you wish to receive further information about how we transfer personal data or, where available, a copy of the relevant data transfer mechanism.

Realm.Security complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Realm.Security has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Z Realm.Security has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. For complaints regarding EU-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Data Protection Officer: The contact details for our data protection officer are as follows: Realm.Security, Inc., Attn: Privacy Team and DPO, PO Box 812502, Wellesley MA 02482, [email protected]

Your California Privacy Rights

Pursuant to the California Consumer Privacy Act (“CCPA”), this section applies to certain personal data collected about California individuals where Realm.Security controls how and why the personal data is processed (which the CCPA calls a “business”) and supplements the rest of our Policy.

a. Additional Data Processing Disclosures:
The below table provides the categories of personal data we have sold, shared, or disclosed to third parties, as defined by the California Privacy Rights Act. For reference, the table in section titled “Personal Data we Collect and Disclose” provides the categories of personal data collected and our disclosures of personal data.

Categories of Personal Data We Collect	California Privacy Rights Act Details: Categories of Third Parties to Whom Personal Data is “Sold or Shared”
Identifiers, such as your name, email address, postal address, phone number, and device identifiers (e.g., advertising identifiers and IP address).	Companies that operate Cookies and Tracking Technologies, described in the section titled “Cookies and Tracking Technologies” such as marketing and advertising partners. Business partners who we partner with to jointly market or sell our products and Services, such as channel partners.
Commercial information, including preferences, such as purchasing history or tendencies and transactional information, such as banking information.	Not applicable
Internet or other electronic network activity information and device information, such as your browsing history, search history, device information, and other information (whether passive browsing or active engagement) regarding your interactions with us and use of our products, Services, emails, and other Digital Properties.	Companies that operate Cookies and Tracking Technologies, described in Section 5, such as marketing and advertising partners.
Geolocation information, such as approximate location based on your IP address, mobile device location, or information you provide to us (such as city and state you provide through a webform). You may be able to control collection of this data through the settings of your device.	Companies that operate Cookies and Tracking Technologies, described in Section 5, such as marketing and advertising partners.
Audio, electronic, visual, and other sensory information, such as CCTV recordings of our premises (e.g., if you visit our offices); recordings of your interactions with our sales or advocacy teams (e.g., for quality assurance or training purposes, in accordance with applicable laws); or customer support chat or messaging logs.	Not applicable
Inferences as defined by California law, such as marketing you are likely to positively react to.	Not applicable
Sensitive Personal Data, such as proof of vaccination or race and ethnicity (optional) (where permissible under applicable law).	Not applicable

Although we have not “sold” or “shared” personal data for money in the past 12 months, we engage in routine practices with our Digital Properties involving third parties that could be considered a “sale” or “sharing” as defined under California law. We do not knowingly sell or share any personal data of minors under the age of 16. We do not collect or process “sensitive personal information,” as defined by California law, to infer characteristics about you.

b. Your Data Protection Rights:
Subject to legal limitations, certain California residents may have the below rights.

Right to Know. You have the right to request information about the categories of personal data we have collected about you, the categories of sources from which we collected the personal data, the purposes for collecting the personal data, the categories of third parties to whom we have disclosed your personal data, and the purpose for which we disclosed your personal data (“Categories Report”). You may also request information about the specific pieces of personal data we have collected about you (“Specific Pieces Report”).

Right to Delete. You have the right to request that we delete personal data that we have collected from you.

Right to Correct. You have the right to request that we correct inaccurate personal data that we maintain about you.

Right to Opt Out of Sale or Sharing. We do not sell personal data to third parties in exchange for money. However, as we explain in this Policy, we share information with advertising partners and allow advertising partners to collect information from our Digital Properties. This exchange may be considered a “sale” or “sharing” under California law, and you have the right to opt out of this “sale” or “sharing” of personal data.

California residents may request to exercise the Right to Know, the Right to Delete, and the Right to Correct by emailing us at [email protected]. We will not discriminate against you, in any manner prohibited by applicable law, for exercising these rights.

Verification: To process California data protection requests, we will need to obtain information to locate you in our records or verify your identity, depending on the nature of the request. In most cases, we will request information about you, which may include your name, email address, or other information. If you submit a Right to Know “Specific Pieces Report,” we may also request a signed declaration, under penalty of perjury, that you are who you say you are. We may request alternative information under certain circumstances and/or use third parties to help verify your identity.

Authorized Agents: Authorized agents may exercise California data protection rights on behalf of California individuals, but we reserve the right to verify the individual’s identity directly as described above. Authorized agents must contact us by submitting a request to [email protected] and indicate that they are submitting the request as an agent. We may require the agent to demonstrate authority to act on your behalf by providing signed permission from you. We may also require you to verify your own identity directly with us or to directly confirm with us that you provided the authorized agent permission to submit the request.

Timing: We will process Right to Opt Out of Sale or Sharing requests within fifteen business days from the date we received the request. We will respond to Requests to Delete and Requests to Know within forty-five days unless we need more time, in which case we will notify you, and it may take up to ninety days to respond to your request.

Realm.Security, Inc. Emerges from Stealth, Raises $5M Seed Funding

Privacy Policy