Privacy Notice

ABNORMAL SECURITY CORPORATION PRIVACY NOTICE

Last Updated May 10, 2024
This Privacy Notice explains how Abnormal Security Corporation (“Abnormal,” “we,” or “us”) collects,
uses, shares, and otherwise processes your personal information (also known as personal data) in
connection with: (i) the use of the Abnormal websites and applications that link to this Privacy Notice
(the “Sites”), (ii) in the usual course of business, such as in connection with our events, sales, and
marketing activities (“Corporate Operations”), as well as our products and services (the “Service”) It
also contains information about your choices and privacy rights.

This Privacy Notice does not apply to personal information that we collect in connection with our
recruitment activities, which is covered under our Applicant Privacy Policy.

We recommend that you read this Privacy Notice in full to ensure that you are informed.

Sites & Corporate Operations

Information We Collect About You

Information that we collect from or about you includes information you provide, information we collect
automatically, and information we receive from other sources. The “Service” section below separately
covers and applies to personal information submitted by our Customers to our Service or collected
through our Service on behalf of or at the direction of our Customers.
Information You Provide To Us chat
When you contact us by e-mail or through a contact form on the Sites, we may collect information,
such as your name, email address, phone number, postal address, job title, and company name. We
may also collect other information that you provide such as your interactions with us, for example, if you
request information about our Service, interact with our employees, complete a survey, provide
feedback or post comments, register for an event, or take part in marketing activities. We may keep a
record of your communications with us and other information you share during such communications.
If credit card is the method of payment chosen by you, credit card information will be provided to our
third party service providers, including for payment and billing purposes, instead of us.
Information We Collect Automatically

We collect the following information automatically through our Corporate Operations:

Date and time of the request

Time zone difference to Greenwich Mean Time (GMT)
Access status / HTTP status code
Each transmitted amount of data
Website from which the request comes
Browser type
Operating system and its interface
Language and version of the browser software
Information about your computer or device
Information about your activities within the Sites or Corporate Operations
City-level geolocation information (in anonymous form)
Other statistical information relating to your use of the Sites and Corporate Operations

Cookies and Online Identifiers

In addition to the information listed above, we use standard automated data collection tools like
cookies (or online identifiers) to collect information about how people use our Sites. When visiting the
Sites, you have the option of disabling certain types of cookies through the Osano Cookie Consent pop-
up.

Cookies are small pieces of data, stored in text files, that are stored on your computer or other device
when websites are loaded in a browser. They are widely used to “remember” you and your preferences,
either for a single visit (through a “session cookie”) or for multiple repeat visits (using a “persistent
cookie”). They provide a consistent and efficient experience for visitors and perform essential functions
such as allowing users to register and remain logged in. Cookies may be set by the website you are
visiting (known as “first party cookies”), or by third parties, for such purposes as serving content or
providing advertising or analytics services on the website (“third party cookies”).

Both websites and HTML emails may also contain other tracking technologies such as “web beacons” chat
or “pixels.” These are typically small transparent images that provide us with statistics for similar
purposes as cookies. They are often used in conjunction with cookies, though they are not stored on
your computer in the same way. As a result, if you disable cookies, web beacons may still load, but their
functionality will be restricted.

We use cookies primarily to determine how visitors engage with the Sites (e.g., the page you view, the
links you click, how frequently you access the Sites, the number of visits over time, etc.). For example,
we may place a pixel in our email that notifies us when you click on a link in the email. We use these
technologies to improve our communications.

We may also use the information we collect automatically (for example, IP address, and unique device
identifiers) to identify the same unique person across our Corporate Operations to provide a more
seamless and personalized experience to you.

Information We Receive From Other Sources

We may obtain information about you from third party sources, including resellers, distributors,
business partners, event sponsors, security and fraud detection services, social media platforms, and
publicly available sources. We encourage you to read the terms of use and privacy notices of such third
party services before sharing your information with them to understand how your information may be
collected and used. Examples of information that we receive from third parties include marketing and
sales information (such as name, email address, phone number, postal address, job title, company
name, and similar contact information), training information (such as courses taken, certificates, etc.),
and purchase, support, and other information about your interactions with our Sites, Corporate
Operations, and Service. We may combine such information you provide to third parties with the
information we receive from other sources.
How We Use Your Information

We use your personal information to provide, maintain, improve, and update our Sites for our Corporate
Operations. Our purposes for the collection of your personal information include:
To provide, maintain, deliver, and update our Corporate Operations
To send you notifications about the Service, including technical notices, updates, security alerts,
administrative messages, and invoices
For billing, payment, or account management
To measure your use and improve Corporate Operations, and to develop new products and services
To personalize your experience when using our Sites
To generate and analyze statistical information about how our Sites are used in the aggregate
To respond to your questions, comments, and requests, including to keep in contact with you
regarding the products and services you use
To provide you with customer service and support
To respond to your responsible disclosure reports
For sales phone calls for training and coaching purposes, quality assurance, and administration (in
accordance with applicable laws), including to analyze sales calls using analytics tools to gain
better insights into our interactions with customers
To tailor and send you newsletters, emails, and other content to promote our products and services
(you can always unsubscribe from our marketing emails by following the instructions in the email) chat
 and to allow third party partners (like our event sponsors) to send you marketing communications
about their services, in accordance with your preferences
For advertising purposes; for example, to display and measure advertising on third party websites
To contact you to conduct surveys and for market research purposes
To register and provide you with training and certification programs
To investigate security issues, prevent fraud, or combat the illegal, prohibited, or unauthorized uses
of our products and services
To send you notifications about the Service, including technical notices, updates, security alerts,
administrative messages, and invoices
For other legitimate interests or lawful business purposes; for example, customer surveys, collecting
feedback, and conducting audits
To comply with our obligations under applicable law, legal process, or government regulation
For other purposes, where you have given consent
How We Share Your Information

We may share your personal information with third parties as follows:

With our affiliates and subsidiaries for the purposes described in this Privacy Notice
In connection with a merger, sale, financing, or reorganization of all or part of our business
With our service providers who assist us in providing the Service, such as billing, payment card
processing, customer support, sales and marketing, and data analysis, subject to confidentiality
obligations and the requirement that those service providers do not sell your personal information
With our service providers who assist us with detecting and preventing fraud, security threats, or
other prohibited, illegal or malicious behavior
With business partners, such as resellers, distributors, and/or referral partners, who are involved in
providing content, products, or services to our prospects or customers
With event partners who are working with us to organize or sponsor an event to which you have
registered to enable them to contact you about the event or their services
With marketing partners, such as advertising providers that tailor online ads to your interests based
on information they collect about your online activity (known as interest-based advertising)
Where it has been de-identified, including through aggregation or anonymization
When you instruct us to do so
Where you have consented to the sharing of your information with third parties
When necessary to protect the personal safety, property, or other rights of the public, Abnormal, or
our customers
When required to protect and defend the rights or property of Abnormal or our customers, including
the security of our Sites, products, and services (including the Service)
When authorized by law or where necessary to comply with a legal process.

Service
We provide the Service to our customers and users (collectively, “Customers”) under an Agreement
with them and solely for their benefit and the benefit of personnel authorized to use the Service.
Abnormal processes personal information only as provided in our agreements with the relevant
chat
Customer, such as our Cloud Terms of Service. Abnormal also includes for our Customers a Data
Processing Addendum (DPA), accompanying our Cloud Terms of Service, which contains the Standard
Contractual Clauses, for transfers between us and our Customers (collectively, “Customer
Agreements”). Additional information about our privacy and security practices for the Service is
available in our Security Hub and the Information Security Policy. Customers may choose to enable
integrations or exchange personal data from the Service with third-party platforms. Your use of third-
party platforms and how such providers use personal data is governed by the terms of use and privacy
notices of such third party platforms.

Notice to Users

Our Service is intended to be used by Customers. Where the Service is made available to you through a
Customer (e.g., your employer), the Customer is the administrator of the Service and responsible for the
accounts and/or services over which it has control. For example, administrators can access and
change information in your account or restrict and terminate your access to the Service. We are not
responsible for the privacy or security practices of a Customer, which may be different from this
Privacy Notice. Please contact the applicable Customer or refer to your organization’s policies for more
information.

Information We Collect About You

To use the Service, an user typically authenticates by means of a Customer’s single-sign-on (SSO)
provider, so we do not collect or process any personally identifiable login credentials, however, we do
collect the IP address from which the user logs into the Service each time. In addition, as part of its
normal functioning, the Service collects personal information contained in message content and file
attachments, user information including user names, roles, email, group assignments, and
configurations; and personal data contained within activity logs, audit logs, and administrator reports
(“Service Information”)

Information We Collect Automatically

When you use our Service, we automatically collect information about how you are using the Service

Information about your account (such as user ID, email address, or Internet Protocol (IP) address)
Information about your computer or device (such as browser type and operating system)
Information about your activities within the Service, such as the pages or features you access or
use, the time spent on those pages or features, search terms entered, commands executed
Information about the types and sizes of files analyzed via the Service
Other statistical information relating to your use of the Service

How We Use Your Information

Our purposes for the collection of your personal information include:

To implement, provide, maintain, improve, and update the Service

To understand how our Authorized Users and Customers are using the Service
chat
 To develop new features, products and services
To create and maintain your Service portal account
To send notifications within the Service
To provide you with customer service and support
For billing, payment, or account management; for example, to identify your account and correctly
identify your usage of our products and services
To respond to your responsible disclosure reports
To measure your use and improve the Service, and to develop new products and services
To generate and analyze statistical information about how the Service is used in the aggregate
For other legitimate interests or lawful business purposes; for example, customer surveys, collecting
feedback, and conducting audits
To comply with our obligations under applicable law, legal process, or government regulation
For other purposes, where you have given consent.

Information About The Sites, Corporate

Operations, and the Service
In the event of any conflict or inconsistency between the Privacy Notice and the Customer
Agreements, the Customer Agreements will control.

International Transfers

Abnormal may transfer your personal information to countries other than your country of
residence. In particular, we may transfer your personal information to the United States and other
countries where our affiliates, business partners, and service providers are located. These
countries may not have equivalent data protection laws to the country where you reside.
Wherever we process your personal information, we take appropriate steps to ensure it is
protected in accordance with this Privacy Notice and applicable data protection laws. These
safeguards include implementing the European Commission’s Standard Contractual Clauses for
transfers of personal information from the European Economic Area or Switzerland between us
and our business partners and service providers, and equivalent measures for transfers of
personal information from the United Kingdom.

Data Privacy Framework Notice

Abnormal complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension
to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S.
DPF”) (EU-U.S. DPF, UK Extension, and the Swiss-U.S. DPF, collectively, the “DPF” or “Data
Protection Framework”) as set forth by the U.S. Department of Commerce regarding the
processing of personal data received from the European Union, the United Kingdom (and
Gibraltar), and Switzerland in reliance on the DPF. Abnormal has certified to the U.S. Department
chat
of Commerce that it adheres to the DPF Principles with respect to such personal data. If there is
any conflict between the terms in this Privacy Notice and the DPF Principles, the DPF Principles
 shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view
Abnormal’s certification, please visit https://www.dataprivacyframework.gov/. Additional
information about our compliance with the DPF principles can be found in our Data Privacy
Framework Notice.

Your Choices and Rights

We offer you choices regarding the collection, use, and sharing of your personal information and
we will respect the choices you make in accordance with applicable law. You may choose (opt-
out) whether your personal information is (i) disclosed with a third party or (ii) to be used for a
purpose that is materially different from the purpose(s) for which it was originally collected or
subsequently authorized. You may indicate your choice by clicking through the appropriate
dialogue box to opt out or by emailing us at privacy@abnormalsecurity.com. Please note that if
you decide not to provide us with certain personal information, you may not be able to access
certain features of the Abnormal websites and applications that link to this Privacy Notice or use
our Service.

When you participate in a call or online meeting that is being recorded, you have the right to
request that we not record that call or meeting. Please make those requests to the call organizer
before or during the call. During webinars or other events that must be recorded, please do not
share personal information that you do not want other attendees to view in the chats, Q&A or
similar features.

Opt out of Marketing

We may periodically send you marketing communications that promote our products and services
consistent with your choices. You may opt-out of receiving such communications by following the
unsubscribe instructions in the communication you receive. Please note that we may still send you
important service-related communications regarding our products or services, such as
communications about your subscription or account, service announcements, or security
information.

Additional Information for Certain

Jurisdictions
Depending upon your place of residence, you may have rights in relation to your Personal Data. Please
review the jurisdiction-specific sections below, including the disclosures for California residents.
Depending on applicable data protection laws, those rights may include asking us to provide certain
information about our collection and processing of your Personal Data or requesting access, correction,
chat
or deletion of your Personal Data. You also have the right to withdraw your consent, to the extent we
rely on consent to process your Personal Data.
This section provides additional information about our privacy practices for certain jurisdictions. In the
event of any conflict or inconsistency between the Privacy Notice and the DPA, the DPA will control.

California

If you are a California resident, the California Consumer Privacy Act (“CCPA”) requires us to provide you
with additional information regarding your rights with respect to your “personal information.”

You may make the following types of requests under the CCPA with respect to personal information
that we process on your behalf. Note: if you wish to make a CCPA request concerning Personal
Information submitted through or otherwise made available to the Service, please direct your request
to the relevant Customer directly, as that data is governed by the terms of our agreement with our
Customer.

Request to Know, Correct, and Delete: You may request to

Access to a copy of the specific pieces of personal information that we have collected about you;
Correction of personal information that we maintain about you if it is inaccurate; and/or
Deletion of personal information, subject to certain exceptions.

Requests to Opt-Out of Sale or Sharing: You may also opt out of the “sale” or “sharing” of your personal
information, as “sale” and “sharing” are defined under CCPA. You may opt out of the “sale” or “sharing”
of personal information as described in the “Opt out of marketing” section of this Privacy Notice.

Other US States

Depending on applicable laws in your state of residence, you may request to (1) confirm whether or not
we process your personal information; (2) access, correct, or delete the personal information we
maintain about you; (3) receive a portable copy of such personal information; and/or (4) restrict or opt
out of certain processing of your personal information, such as targeted advertising or profiling in
furtherance of decisions that produce legal or similarly significant effects. If we refuse to take action on
a request, we will provide instructions on how you may appeal the decision. We will respond to
requests consistent with applicable law.

European Economic Area, UK and Switzerland

If you are located in the European Economic Area, United Kingdom, or Switzerland, the controller of
your personal information is Abnormal Security Corporation, 8474 Rozita Lee Ave, Suite 420 Las
Vegas, NV 89113

We collect your personal information if we have a legal basis for doing so. The legal basis we rely on
depends on the personal information and the specific context in which we collect it. Generally, we
collect and process your personal information where:

chat
We need it to enter into or perform a contract with you, respond to your request, or provide you with
customer support
 We need to process your personal information to comply with a legal obligation (such as to comply
with applicable legal, tax, and accounting requirements) or to protect the vital interests of you or
other individuals
You give us consent, such as to receive certain marketing communications
Where we have a legitimate interest, such as to respond to your requests and inquiries, to ensure
the security of the Sites and Service, to detect and prevent fraud, to maintain, customize and
improve the Sites and Service, to promote Abnormal and our Service, and to defend our interests
and rights

If you have consented to our use of your personal information for a specific purpose, you have the right
to change your mind at any time but this will not affect our processing of your information that has
already taken place. You also have the following rights with respect to your personal information:

The right to access, correct, update, or request deletion of your personal information;
The right to object to the processing of your personal information;
The right to withdraw your personal information at any time, if we collected and processed your
personal information with your consent; and
The right to lodge a complaint with your national data protection authority or equivalent regulatory
body.

If you wish to exercise any of your rights under data protection laws, please contact us as described
under “Your Choices and Rights”.

Data Security and Retention

Abnormal retains the personal information as provided for in the Information Security Policy. Additional
information about our privacy and security practices for the Service is available in our Security Hub.
Please use this Privacy Notice for as long as you use our Service, as may be required by law (for
example to comply with applicable legal tax or accounting requirements), as necessary for other
legitimate business or commercial purposes described in this Privacy Notice (for example, to resolve
disputes or enforce our agreements), or as otherwise communicated to you.

Children’s Data

The Sites and Service are not directed to children under 18 years of age and Abnormal does not
knowingly collect personal information from children under 18. If we learn that we have collected any
personal information from children under 18, we will promptly take steps to delete such information. If
you are aware that a child has submitted such information, please contact us using the details
provided below.

Artificial Intelligence Tools

Abnormal’s commitment to transparency and responsible data handling extends to the use of Artificial

chat
Intelligence Tools (AI Tools) within our Sites, Service, and Corporate Operations. The AI Tools used by
Abnormal are not designed to utilize "high-risk AI systems" as defined in the EU-AI Act. Our AI Tools
may process personal information to enhance user experience, provide personalized
recommendations, and improve our overall service delivery. Any data processed by our AI Tools is
treated with the utmost confidentiality, and we strictly adhere to data protection regulations.

Changes to Privacy Notice

Abnormal may change this Privacy Notice from time to time. We will post any changes on this page
and, if we make material changes, provide a more prominent notice (for example, by adding a
statement to the website landing page, providing notice through the Service, or by emailing you). You
can see the date on which the latest version of this Privacy Notice was posted above.

How To Contact Us

Please contact us at privacy@abnormalsecurity.com if you have any questions about our privacy
practices or this Privacy Notice. You can also write to us at:

Abnormal Security Corporation

8474 Rozita Lee Ave, Suite 420
Las Vegas, NV 89113
Attn: Privacy Counsel

If you interact with Abnormal through or on behalf of a Customer, then your personal information may
also be subject to the applicable Customer’s privacy practices and you should direct any questions to
that organization.

Abnormal Security Data Privacy Framework Notice

Why Abnormal Products

Modern API Architecture Inbound Email Security
Uniform Cross-Platform Defense AI Security Mailbox
Holistic Email Protection Email Productivity
Accelerated AI Automation Core Account Takeover Protection
Gartner Recommended Core Security Posture Management chat
 Unique Behavioral AI Approach

Customers Partners
Customer Stories Solution Partners
Customer Love Partner Portal
All Customers Become a Partner
Support Portal Microsoft Partnership

Resources Company
Resource Center About
Blog Posts Careers
Abnormal Intelligence Team
Glossary Abnormal Business School
Self-Guided Demos News & Press
Upcoming Events
Contact Us

Responsible Disclosure Trust Center Status Privacy Policy Terms of Use Legal

Patents Modern Slavery Act Transparency Statement

chat
©2025 Abnormal Security Corp. All rights reserved.
chat