Safe Harbor Privacy Policy

We self-certify compliance with


Effective Date: August 7, 2014

WhiteHat Security, Inc., Inc. (“WhiteHat Security”, “we” or “us”) recognizes that your privacy is very important and takes it seriously. This Privacy Policy describes WhiteHat’s policies and procedures on the collection, use and disclosure of personal information collected through any of our websites and or our various web security solutions (“Services”) . We will not use or share your information with anyone except as described in this Privacy Policy. This Privacy Policy does not apply to information we collect by other means (including offline) or from other sources.

As used in this Privacy Policy, “personal information” or “personally identifiable information” refers to information about you that can be used to contact or identify you as an individual, such as your name, phone number, email address and/or physical address.

  1. Information We Gather from You

You may decide to provide us with your personal information in the following situations:

  1. E-­mail as a Request for Information or Registrations for Guides or Seminars – We may refer you to links throughout our site to provide you with the opportunity to contact us via e-­-mail to ask questions, request information and materials, register or sign up for guides, seminars, training classes or provide comments and suggestions. You may also be offered the opportunity to have one of our representatives contact you personally to provide additional information about our services. To do so, we may request additional personal information from you, such as your name, telephone number and other address information, to help us satisfy your request.
  2. Service Enrollment – If you choose to enroll for one of our Services, we may request certain information from you, which may vary depending on the type of service that you request. For enrollment in our Services, we may require your name, address (including country, city and state), telephone number, e-­- mail address, credit card number, bank account information, IP address, IP range, domain name(s), or Web Application URL(s).
  3. Recruitment and Employment – You may choose to provide us with information about yourself, such a resume or other employment related information in connection with a job application or inquiry whether advertised on the site or as otherwise provided by WhiteHat Security. WhiteHat Security may use this information throughout WhiteHat Security and its related entities for the purpose of employment consideration or as you inquire.

Statistical Information About Your Visit

When you visit a WhiteHat Security Site, our systems collect personal information (in the manner described above) and statistical or non-­-personally identifiable information about your visit to our sites (e.g. IP address, pages visited, origin of visitor domains, and types of browsers used). However, unless you actively submit personal information, we do not typically identify you via the non-personally identifiable information. Notwithstanding the foregoing, to the extent permitted by applicable law, we reserve the right to combine non-­-personally information with personal information that you have actively submitted.

Use of Cookies

We may use “cookies” as described in this section. A “cookie” is a piece of information that our Web site sends to your browser, which then stores this information on your system. If a cookie is used, our Web site we will be able to “remember” information about you and your preferences either until you exit your current browser window (if the cookie is temporary) or until you disable or delete the cookie. Many users prefer to use cookies in order to help them navigate a Web site as seamlessly as possible. You should be aware that cookies contain no more information than you volunteer, and they are not able to “invade” your hard drive and return to the sender personal or other information from your computer. If you do not want WhiteHat Security to deploy cookies in your browser, you can set your browser to reject cookies or to notify you when a website tries to put a cookie in your browser software. Rejecting cookies may affect your ability to use of some of our products and/or services.

Our uses of “cookies” are limited to the following specific situations. The first situation is with respect to temporary cookies. There are two instances in which we use temporary cookies. First, if you are accessing our services through one of our online applications our Web server may automatically send your browser a temporary cookie, which is used to help your browser navigate our site. The only information contained in these temporary cookies is a direction value that lets our system determine which page to show when you hit the back button in your browser. This bit of information is erased when you close your current browser window. If you come to our site from one of our business or advertising partners, our Web server may also send your browser a temporary cookie that reflects an “origination code” for that partner. We use this information for statistical and marketing purposes.

List of Temporary Cookies:

APID – The WhiteHat Sentinel API session cookie that only is set when you log in via our API. Typically does not have a value set.

WHID – The WhiteHat Sentinel Session Cookie that is set upon login.

WHMFA – Multifactor Authentication Cookie that is only set when you log in using MFA. Typically does not have a value set.

USE_CVSS – Used in the legacy WhiteHat Sentinel UI to specify whether or not CVSS scores are displayed in the findings tab

The second situation in which we may use cookies is with respect to permanent cookies. This type of cookie remains on your system, although you can always delete or disable it through your browser preferences. There are two instances in which we use a permanent cookie. First, when you visit our Web site and request documentation or a response from us. When you are filling out a form you may be given the option of having our Web site deliver a cookie to your local hard drive. You might choose to receive this type of cookie in order to save time in filling out forms and/or revisiting our Web site. We only send this type of cookie to your browser when you have checked a checkbox on the form with the caption “Please remember my profile information on this computer” when submitting information or communicating with us. The second instance where we use a permanent cookie is where we track traffic patterns on our site. Analysis of the collected information by our tracking technologies allows us to improve our web site and the user experience. In both instances of a persistent cookie, if you choose not to accept the cookie, you will still be able to use our Web site. Even if you choose to receive this type of cookie, you can always set your browser to notify you when you receive any cookie, giving you the chance to decide whether to accept it in each situation in which one is sent.

List of Permanent Cookies:

ELOQUA, ELQSTATUS – For visitor tracking across multiple WhiteHat Security websites.

_utma, _utmb, _utmc, _utmv, _utmz – For Google Analytics across multiple WhiteHat Security websites.

jive.recentHistory,jive_wysiwygtext_height – Used by WhiteHat Security Community to remember user preferences.

Some WhiteHat Security pages may use cookies that permit select third party partners, including Google Eloqua, Salesforce.Com, to provide you WhiteHat Security related content, including WhiteHat Security advertisements, on their sites or elsewhere on the Internet. This is based on your prior visits to the WhiteHat Security site.

Additionally, third parties may use cookies to allow you to link to social networking sites like Facebook and LinkedIn. As noted above, you can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it. You can control whether or not these cookies are used, but preventing them may stop us from offering you some services. Alternatively you may use the third parties’ own tools to prevent these cookies. You may also opt out of Google’s use of cookies by visiting

List of Third Party Cookies: Various third-­-party cookies are set by the following entities and used for statistical and marketing purposes: LivePerson ( and Adroll (

Web Beacons

  1. WhiteHat Security may use Web beacons alone or in conjunction with cookies to compile information about Customers and site visitors’ usage of the site and interaction with emails from WhiteHat Security. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Web site tied to the Web beacon, and a description of a Web site tied to the Web beacon. For example, WhiteHat Security may place Web beacons in marketing emails that collect information when you click on a link in the email that directs you to WhiteHat Security’ site. We may use Web beacons to operate and improve WhiteHat Security’ site and email communications. WhiteHat Security may use information from Web beacons in combination with data about WhiteHat Security to provide you with information about WhiteHat Security and the WhiteHat Security Services.
  2. How We Use Your Information

We may use the information that we receive from you or collect on our own:

      • To provide the Services, respond to inquiries or send you administrative messages regarding the operation and use of the Services,
      • To personalize and improve the Services,
      • To monitor and analyze usage and trends of the Services,
      • To send email updates or other promotions related to the Services,
      • To provide you with relevant advertisements,
      • To process any transactions initiated by you,
      • For any other purpose for which the information was collected.
  1. Instances Where We May Share Personal Information

We will share your personal information with third parties only in the ways that are described in this privacy statement. We do not sell your personal information to third parties. In some cases WhiteHat Security uses suppliers to collect, use, analyze and otherwise process information on its behalf. It is WhiteHat Security’ practice to require such suppliers and other service providers to handle information in a manner consistent with WhiteHat Security’ policies and to use your personal information only as necessary to provide these services to us.

We may also disclose your personal information as required by law, such as to comply with a subpoena, or similar legal process. When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

We may also share your personal information if WhiteHat Security is involved in a merger, acquisition, or sale of all or a portion of its assets.

WhiteHat Security Supported Blogs and Forums

If you use a blog or forum, or other chat tool on this Web site, you should be aware that any personal information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. WhiteHat Security is not responsible for the personal information you choose to submit in these forums. You are also responsible for using these forums in a manner consistent with the applicable Terms of Use or other terms and conditions set forth on the relevant forum site. To request removal of your personal information from our blog or community forum, please contact the WhiteHat Security Safe Harbor Contact as described below. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.


We may display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact the WhiteHat Security Safe Harbor Contact as described below.


From time-­to-time we may request information from customers via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. Survey information will be used for improving our customer service and service offerings. The feedback and data we collect from these surveys is aggregated and we do not single-­-out individual responses unless the respondent chooses to be identified.

Social Media Widgets

Our web site includes social media features, such as the Facebook Like button and widgets, such as the ShareThis button or interactive mini-­-programs that may run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our web site. Your interactions with these features are governed by the privacy statement of the company providing it.

Public Profiles

The profile you create on our site will be publically accessible unless otherwise indicated. You may change the privacy settings of your profile through your account portal.

Your Ability to Opt-­-Out of Notifications

From time to time, we notify visitors of new products, announcements, upgrades and updates unless you have opted out of these notices. If you would like to opt-out of being notified, please contact us at the address given at the end of this Privacy Statement.

You may also change your preferences online at Please be aware that you may not opt out of receiving information regarding the security, initial use, expiration, product enhancement or migration of our products or services from this site.

Access or Update Personal Information

If your personally identifiable information changes, or if you no longer desire our service, you may correct, update, amend, delete or deactivate it by making the change on your WhiteHat Sentinel information page or by emailing our Customer Support at the contact information listed below. We will use reasonable efforts respond to your request to access to personal information within 30 days.

We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Our Security Practices

We consider the protection of all personal information we receive from our Web site visitors and customers as critical. Please be assured that we have security measures in place to protect against the loss, misuse, and alteration of any personal information we receive from you. As with any transmission over the Internet, however, there is always some element of risk involved in sending personal information. In order to try to minimize this risk, we encrypt all information that you submit in ordering the Services using the Secure Sockets Layer (SSL) protocol.

      • Choice –
        • Opt-In: we collect personal information about you only if you decide to provide such information to us as describe above.
        • Opt-Out: you may opt-­-out of receiving certain notifications from us as describe above.
      • e-collect information for our clients; if you are a customer of one of our clients and would no longer like to be contacted by one of our clients that use our service, please contact the client that you interact with directly.
      • Onward Transfer – WhiteHat Security may transfer personal information to companies that help us provide our service. The provisions in this statement regarding notice and choice cover transfers to subsequent third parties and the service agreements with our clients or within master services agreement signed with customers.
      • Access to Data Controlled by our Clients – WhiteHat Security has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the WhiteHat Security’ client or the data controller. If the client requests WhiteHat Security to remove the data, we will respond to their request within 30 business days.
      • Security – please see the description of our security practices above (“Our Security Practices”).
      • Data Integrity – WhiteHat Security will retain personal data we process on behalf of our clients for as long as needed to provide services to our client. WhiteHat Security will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
      • Enforcement – if you have a comment or concern about our compliance with the Safe Harbor Privacy Principles, please contact us at Any unresolved disputes will be adjudicated by the ICDR/AAA U.S.-EU Safe Harbor program.


Scope of Safe Harbor Certification

WhiteHat Security, Inc. complies with the U.S.–E.U. Safe Harbor framework and the U.S.–Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. WhiteHat Security, Inc. has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view WhiteHat Security, Inc.’s certification, please visit

WhiteHat Security adheres to the Safe Harbor Privacy Principles published by US Department of Commerce (“Safe Harbor Principles”) with respect to personal data about individuals in the EEA those subsidiaries, customers, suppliers and other businesses in the EEA send to WhiteHat Security.

Categories of Information Collected From the EEA

WhiteHat Security collects data processing and advisory services largely for businesses and rarely if ever for consumers. Thus, WhiteHat Security receives mostly business-­- related information from the EEA. Occasionally, WhiteHat Security also receives contact information related to individual representatives of businesses with whom WhiteHat Security is dealing (including, without limitation, names, addresses, work phone numbers, work email addresses, etc.), and, in connection with our managed document review and advisory services, WhiteHat Security processes data that may be relating to EEA residents on behalf of, and in accordance with instructions from, customers (collectively “EEA Data”). Since EEA Data covered by this Notice is by definition sent to WhiteHat Security by another company in the EEA (e.g., a supplier to WhiteHat Security), the categories of data sent and the purposes of processing often depend on such other company, with whom the EEA Persons typically have a closer employment, business or other relationship (and which therefore, can provide additional information on categories of data shared with us).

WhiteHat Security collects and uses EEA Data for purposes of providing data processing and advisory services to its customers, communicating with corporate business partners about business matters, processing EEA Data on behalf of corporate customers, transmitting marketing emails and performing other marketing activities, and conducting related tasks for legitimate business purposes.

Changes To This Statement

We may update this privacy statement to reflect changes to our information practices. If we make any material changes we may notify you by email or by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact Information

If you have questions about WhiteHat Security’ Privacy Statement, please contact our WhiteHat Security Safe Harbor Privacy Administrator at 3970 Freedom Circle, Santa Clara California 95054, telephone: +1 (408) 343-8300, or fax: +1 (408) 904-7142; or email us at