Contact Us

Privacy Policy

_Last updated_: March 11, 2025

This Privacy Notice details how DefectDojo, Inc. (“DefectDojo”, “our”, “we,” or “us”) processes
Personal Data of visitors (“User(s)”, “your” or “you”), when they access, or interact with, our website, available at: https://defectdojo.com (“Website”).

 

1. INFORMATION WE COLLECT


In the course of accessing or otherwise using the Website, we receive or collect your personal data
(“Personal Data”) as follows:

  • Data voluntarily provided by You: we may collect information that you provide to us voluntarily, such as your name, title, organization, and email if you submit a request to book a demo with us, or you submit your CV if you apply to an open position with us through the Website. In those cases, we will use such information to contact you in connection with your submission to us.
  • Data we collect automatically when you use our Website: We use various tools and methods to collect information regarding your use of the Website. For more information, see the “Cookies and Other Tracking Technologies” section of this policy.

 

2. OUR LEGAL BASIS FOR USE OF YOUR DATA


We collect information voluntarily provided by you at your request, prior to entering into a business relationship with you. 

We collect information automatically in pursuit of our legitimate business interests in maintaining and improving our Website. We process your Personal Data for our legitimate interests while applying appropriate safeguards that protect your privacy. Our legitimate interests may span things like detecting, preventing, or otherwise addressing fraud, abuse, security, usability, functionality, or technical issues with our Website, protecting against harm to the rights, property or safety of our properties, users, or the public as required or permitted by law; enforcing legal claims, including investigation of potential violations of this Privacy Policy or defending against legal claims made by you or on your behalf.

If you are from the European Economic Area (“EEA”) or the United Kingdom (“UK”), our legal basis under the General Data Protection Regulation for collecting and using the Personal Data described in this Policy depends on the Personal Data we collect and the specific context in which we collect it. We may
process your Personal Data because:

  • We need to perform a contract with you;
  • You have given us permission to do so;
  • The processing is in our legitimate interests and it's not overridden by your rights;
  • For payment processing purposes; and/or
  • To comply with the law.

We also analyze and use the Personal Data that we collect on an anonymized or aggregated basis for product development, to analyze the performance of our Services, to troubleshoot and to improve and optimize the Services and to ensure the best User experience for our users as a whole.

3. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?


We may share Personal Data with third parties and as otherwise described in this Privacy Policy, in other applicable notices, or at the time of collection. Such sharing may include:

  • Affiliates. We may share Personal Data with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.
  • Service providers. We may share Personal Data with third party companies and individuals that provide services on our behalf or help us operate the Site and our business (such as customer support, hosting, analytics, email delivery, marketing, and database management services) (see Service Providers below). 
  • Advertising partners. Third-party advertising companies for the interest-based advertising purposes described above.
  • Partners. We may sometimes share Personal Data with partners or enable partners to collect information directly via our Website.
  • Professional advisors. We may disclose Personal Data to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
  • Compliance, fraud prevention and safety. We may share Personal Data for the compliance, fraud prevention and safety purposes described above.
  • Business transfers. We may disclose Personal Data in the context of actual or prospective business transactions (e.g., investments, financing, public stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares). For example, we may need to share certain Personal Data with prospective counterparties and their advisers. We may also disclose some or all of your Personal Data to an acquirer, successor or assignee of Sensor Tower as part of any business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization, sale of assets, or similar transaction, and/or in the event of bankruptcy, dissolution, or receivership in which Personal Data is transferred to one or more third parties as one of our business assets.
  • Legal Disclosure. We may disclose Personal Data if required to do so by law or in the good faith belief that such action is necessary to conform to applicable law, comply with a judicial
    proceeding, court order or legal process served on us, protect and defend our rights or property, or investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our Terms.
  • Consent. We may share your Personal Data for any other purpose disclosed to you and with your consent.


Without limiting the foregoing, in our sole discretion, we may share anonymized data or de-identified information about you with third parties or affiliates for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we share your Personal Data, please see the Your data protection rights and choices section below.


4. STORAGE AND INTERNATIONAL DATA TRANSFER


Information regarding the Users may be maintained, processed, and stored by us and our authorized affiliates and Service Providers in the United States. 


While the data protection laws in the above jurisdictions may be different than the laws of your residence or location, please know that we, our affiliates, and our service providers that store or process your Personal Data on our behalf are each committed to keep it protected and secured, pursuant to this Privacy Policy and industry standards, regardless of any lesser legal requirements that may apply in their
jurisdiction.


By providing your Personal Data, you expressly consent to the place of storage and transfer described above, including transfers outside of the jurisdiction in which the information was provided.


5. DATA RETENTION


We will keep your Personal Data for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We store some information indefinitely for operational purposes, such as technical support and abuse prevention. Other data such as web server logs or store sales reports are only kept as long as space is available for them.


Please note that if you request that your Personal Data be removed from our databases, it may not be possible to completely delete all of your Personal Data due to technological and legal constraints. The retention period is determined by various criteria such as the type of user, the services to which you subscribe, and the nature of our relationship.

The retention period can be lengthened or shortened based on the cancellation or re-enrollment in our Site. The retention period can also be modified based on internal changes in auditing requirements and/or mandatory retention periods provided by law and statute of limitations.  We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.


6. USING COOKIES AND OTHER TRACKING TECHNOLOGIES


Cookies are small data files that are placed on users’ devices to monitor how users interact with websites and other online services. Cookies can be used to identify your IP address, browser type, domain name, and specific web pages through which you click. We and our service providers, including but not limited to Hubspot, may use cookies because they:

  • Help us optimize, personalize, and/or otherwise improve your experience and/or the performance of the Website and our service and marketing-related communications with you; and
  • Enable advertising delivered to you to be more relevant. Most web browsers allow you to erase cookies on your computer, block cookies from your computer, or notify you when a cookie is stored on your computer. If you choose to disable or otherwise block certain cookies, you may be unable to use, or experience decreased functionality with, parts of the Service.


We use Google Analytics to collect information about your use of the Website. This third party service collects and shares information about your use of the Website in accordance with the following terms https://policies.google.com/technologies/partner-sites 

You can opt out of this tracking technology here: https://support.google.com/analytics/answer/181881?hl=en 

We also use LinkedIn pixel tags when users access the Website. You may opt out of the pixel tags and other advertising tracking technologies by following the instructions at: www.networkadvertising.org/choices or www.aboutads.info/choices 

 

7. SERVICE PROVIDERS


In our continuing efforts to provide our Website in a manner that is convenient and helpful to a growing number of customers, we use the services of service providers (“Service Providers”) to help us host and secure the Site, perform Site-related services, analyze how the Site is used, and manage our business. These services, which include but are not limited to companies that provide cloud services, infrastructure, analytics services, and software to help us host and maintain the Site, and manage our business and customer relationships, may process Personal Data.  We take commercially reasonable steps to ensure that these Service Providers are secure and, do not sell or disclose the Personal Data to other parties, or use Personal Data for any purposes other than the services they are providing to us. 


Google Analytics
Please note that we use Google Analytics to assess how users are interacting with the site. The privacy practices of Google Analytics are available at www.google.com/policies/privacy/partners/ and you may opt out of the use of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.

Slack
Some customers elect to communicate with us using Slack through Slack channels and direct Slack messages (DMs).  By communicating with Sensor Tower via Slack in such a way, you acknowledge that Slack will share your Personal Data with Sensor Tower including your name, contact information, and any other Personal Data you elect to share in the messages that are exchanged. We are not responsible for Slack’s data practices and urge you to review Slack’s privacy policy, which can be viewed at https://slack.com/trust/privacy/privacy-policy, prior to using Slack’s services in this way. Should you desire to exercise your privacy rights with respect to your Personal Data, we urge you to:

  • Contact Slack’s data protection officer based on the information provided by Slack in its privacy policy and follow the outlined procedure; and/or
  • Submit a privacy right request based on the process outlined in this policy and, we will honor the request directly to the extent with which we are able within Sensor Tower systems and/or may submit a third party request to Slack to honor the request.


Recruiting Providers
We use the services of third parties like LinkedIn to help us to recruit new employees and independent contractors and to manage our interactions with current employees and independent contractors. We do our best to contractually ensure that these third-party service providers comply with the policies we have adopted. However, we can’t guarantee their compliance in every case. We only use employment Personal Data for the direct purpose of the employment or independent contractor relationship, and we cease using it as soon as that relationship ends. However, we may keep and process that Personal Data after the relationship ends when we are required to do so by applicable law or to preserve legal claims that may arise.

 

8. PRIVACY OF CHILDREN


We are committed to protecting child privacy. The Website is not intended for children and we do not intentionally or knowingly collect information, personal or otherwise, about individuals under the age of 18, much less children under 13 years old. If you are aware of anyone under 18 using the Website, please contact us using the contact information provided above and we will take required steps to delete any such information and/or prevent that individual from accessing the Site.

 

9. DATA SECURITY


We take great care in implementing and maintaining the security of the Services and of your Personal Data. We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your Personal Data. Your Personal Data is stored on secure servers and isn’t publicly available. We limit access of your Personal Data only to those employees, third party Service Providers, or other partners on a “need to know” basis, and strictly in order to enable us to perform the agreement between you and us. Despite these measures, DefectDojo cannot provide absolute information security or eliminate all risks associated with Personal Data, and security breaches may happen. If there are any questions about security, please contact us at info@DefectDojo.com.

 

10. YOUR RIGHTS

If applicable to you under your country’s jurisdiction, you may have certain rights in connection with your Personal Data and how we handle it. You can exercise your rights at any time by contacting us via any of the methods set out below. Those rights may include, but are not limited to, the following:

  1. Right of access. You may have a right to know what Personal Data we hold about you and, in some cases, to have the information communicated to you. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information.
  2. Right to correct Personal Data. We endeavor to keep the information that we hold about you accurate and up to date. Should you realize that any of the Personal Data that we hold about you is incorrect, please let us know, and we will use our best efforts to correct it as soon as we can.
  3. Data deletion. In some circumstances and under certain laws and regulations, you may have a right to request that some portions of the Personal Data that we hold about you be deleted or otherwise anonymized/de-identified.
  4. Data portability. In some circumstances and under certain laws and regulations, you may have the right to request that Personal Data which you have provided to us is provided to you, so you can transfer or port it elsewhere.

 

11. SHINE THE LIGHT

California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about businesses’ practices related to disclosing Personal Data to third parties for the third parties’ direct marketing purposes. Alternatively, such businesses may have in place a policy not to disclose Personal Data of customers to third parties for the third parties’ direct marketing purposes if the customer has exercised an option to opt-out of such information-sharing. We do not participate in the sharing of your Personal Data with third parties for the third parties’ direct marketing purposes, so there is no need to opt-out.


12. YOUR RIGHTS IN VARIOUS OTHER JURISDICTIONS


Various other states, including but not limited to, Colorado, Connecticut, Virginia, and Utah, have passed laws providing their state residents rights that are the same or similar to those afforded under the CCPA and the GDPR. These rights, which we honor in the same fashion as outlined above, include without limitation rights to:

  • Confirm whether we process their Personal Data.
  • Access and delete certain Personal Data.
  • Data portability.
  • Opt-out of Personal Data processing for targeted advertising and sales. Some states also provide their state residents with rights to:
  • Correct inaccuracies in their Personal Data, taking into account the information's nature processing purpose.
  • Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.

Outside of the US, if you are a resident of another country, state, or province with applicable data privacy laws and regulations that afford you with privacy rights similar to those afforded by the GDPR, CCPA, or other similar laws or regulations, we will honor any requests from you to exercise those privacy rights in accordance with those data privacy laws and regulations to the extent possible.

 

13. GENERAL INFORMATION


This Privacy Policy is subject to changes from time to time, in our sole discretion. The most current version will always be posted on our Services (as reflected in the “Last Revised” heading). You are advised to check for updates regularly. All changes to this Privacy Policy are effective as of the stated “Last Revised” date, and your continued use of the Services after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes. If you wish to exercise your rights or receive more information regarding our privacy protection practices,
please contact us using the details provided below: compliance@defectdojo.com