Last updated: 27 October 2020

INTRO

This Open Source Product Privacy Policy (the " OS Product PP") explains how Salto Labs Inc. and its subsidiaries and affiliates ("Salto," "we ", "us" and "our") collect, use and share information, including information relating to an identified or identifiable natural person ("Personal Data") from our customers or users ("users", "you" and " your") when you use or access our open source products made available Salto or otherwise when you receive services from us, such as support services with respect to such use or access (together the " OS Products").

It is very important for us to state, right at the beginning, that we are committed to protecting the privacy of our users, and therefore we put much thought and effort into the design and architecture of our OS Products to ensure we collect only the most minimal amount of data with respect to use of our OS Products. We use this OS Product PP to provide our users with the highest level of transparency and control over the use of their data.

QUICK SUMMARY

We collect only technical information (e.g. operating system, architecture and error reports) which we do not consider to be personal data as it does not relate to an identified or identifiable natural person, but rather relates to our internally issued installation ID and workspace ID (as further detailed below). However, in some jurisdictions, this kind of consistent identifier, may be considered as Personal Data.

We use the information we collect, only for improving, maintaining, and securing our OS Products, which we consider to be our legitimate interest.

We do not sell or commercially distribute any collected data.

You may at any time disable any collection of data by us by setting the environment variable SALTO_TELEMETRY_DISABLE=1 or otherwise as specified at telemetry.md ("Opt-Out").

SCOPE AND APPLICABILITY

This OS Product PP applies only to the information we collect automatically in connection with your use of the OS Products. This information includes Product Data (defined below) and System Data (defined below), which are generally technical and aggregated but may include limited data sets, which in certain jurisdictions may be considered as Personal Data such as IP/MAC address of the user's device and Salto internally issued identifiers.


This OS Product PP does not apply to:

  • Personal Data collected through our website, information you actively provide us through emails or telephone, Personal Data collected through any of our other services or products which are not the OS Products (" Commercial Products"), the sales and delivery process of Commercial Products, and any information we may receive or collect through our social media properties; with respect to which our General Privacy Policy located at Policy shall apply (the " General Privacy Policy").
  • Personal Data received and processed by us in connection with job applications we receive, which is governed by the General Privacy Policy.

PLEASE READ THIS PRIVACY POLICY BEFORE ACCESSING AND USING THE OS PRODUCTS. PLEASE NOTE -- YOU ARE NOT OBLIGATED BY LAW TO PROVIDE US WITH ANY PERSONAL DATA. IF YOU DISAGREE TO ANY TERM PROVIDED HEREIN YOU SHOULD OPT-OUT.

BY ACCESSING AND/OR RUNNING THE OS PRODUCTS, YOU AGREE TO THE COLLECTION AND USE OF YOUR INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY .

IN THIS POLICY YOU CAN READ ABOUT:

  • HOW DO WE RECEIVE DATA ABOUT YOU?
  • WHAT CATEGORIES AND TYPES OF DATA DO WE COLLECT?
  • PURPOSES AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
  • WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
  • NO COOKIES AND SIMILAR TECHNOLOGIES
  • INTERNATIONAL DATA TRANSFER AND STORAGE
  • SECURITY
  • RETENTION
  • YOUR RIGHTS
  • CHILDREN PRIVACY
  • GENERAL

1. HOW DO WE RECEIVE DATA ABOUT YOU?

First - What is Personal Data? "Personal Data" is information that identifies an individual or may with reasonable efforts or together with additional information we have access to, enable the identification of an individual, or may be of a private or sensitive nature relating to an identified or identifiable natural person. Identification of an individual also includes the association of such individual with a persistent identifier such as a name, an identification number, persistent cookie identifier etc. Personal Data does not include information that has been anonymized or aggregated; provided, that, such information can no longer be used to identify a specific natural person. In the course of installing and running our OS Products, we automatically transmit the Product Data and the System Data. You may disable such transmission by setting the environment variable SALTO_TELEMETRY_DISABLE=1 or otherwise as specified at telemetry.md


2. WHAT CATEGORIES AND TYPES OF DATA DO WE COLLECT?

a. The OS Product automatically transmits to Salto through an internet connection, the following categories of data:

  • System Data: this is information about the systems and related environment with which you are using the OS Products. Examples include type of operating system (e.g. Linux, Windows, MacOS), operating system version (e.g. MacOS 19.2.0, Ubuntu 18.04, Windows 10) and architecture (e.g. arm, x64, etc.).
  • Product Data: this is information about the performance of the OS Products. Examples include metrics on the commands ran, error reports, scale of the OS Products use, errors' stacktrace and response times.

b. The aforementioned categories of System Data and Product Data are processed in a completely anonymized and statistical manner, except that they are associated with the following internally issued identifiers:

Installation ID: this is an identifier issued internally by Salto to refer to your instance of installation of the OS Product. If you uninstall the OS Product and re-install, the new installation will receive a new value that cannot be associated with your previous use of the OS Product.

Workspace ID: this is an identifier issued by the Salto OS Product to refer to a certain set of files it manipulates.

Therefore, data associated with Installation IDs and/or Workspace IDs will be treated as Personal Data.

3. PURPOSES AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

3.1. Legal Grounds for the collection and processing of Personal Data

Legitimate interests : Our legal basis for processing such information with respect to users in the European Economic Area (EEA) is our legitimate interest in performing, improving, maintaining, and securing our OS Products, providing support for users of our OS Products, operating our business efficiently and appropriately and enforcing the OS Product license located at LICENSE hereinafter the "OS Product License Agreement");

3.2. Purpose of use of data

Salto uses the Product Data and System Data it obtains from use of the OS Products to improve our Products, support our Customers, support business to business marketing and sales, comply with legal requirements, and for other legitimate business purposes. More information on each category follows:

  • Product improvement: Salto may use Product and System Data to analyze the use of the OS Products; prioritize testing and development of new features and functionality; improve our support responses; improve forecasting; identify, understand, and anticipate performance issues and the factors that affect them.
  • Provision of product support: Salto may use Product and System Data to provide proactive or reactive support to our users, such as guidance to help optimize usage; identifying product malfunctions or assist in OS Products use.
  • Legal requirements: Salto may use Product and System Data to comply with any applicable rule or regulation, to protect our legal interests and/or respond to or defend against (actual or potential) legal proceedings against us or our affiliates

4. WITH WHOM DO WE SHARE DATA?

We may share Product Data and System Data with third parties (or otherwise allow them access to it) only in the following manners and instances:

  • Internally - We may share Product Data and System Data with our family companies, as well as our employees, for the purposes described in this Privacy Policy and in accordance with Section 3 above. In addition, should Salto or any of its affiliates undergo any change in control, including by means of merger, acquisition or purchase of substantially all of its assets, Product Data and System Data may be shared with the parties involved in such event under strict security condition, for the purpose of evaluating such event and in accordance with the terms of this Privacy Policy. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have, through prominent notice on our website.
  • Protecting Our Rights and Safety - We may share Product Data and System Data to enforce this Privacy Policy and/or the OS Products License Agreement, including investigation of potential violations thereof; to detect, prevent, or otherwise address fraud, security or technical issues; or otherwise if we believe in good faith that this will help protect the rights, property or personal safety of any of our users, or any member of the general public.
  • Third Parties & Business Partners - We may share Product Data and System Data with a number of selected service providers, whose services and solutions are required or otherwise facilitate achievement of the purposes of processing set forth under section 3 above. These third parties include hosting services providers (e.g. AWS), data analysis services (e.g. Datadog). Our third party services providers act as our processors and may only process Product Data and System Data according to our instructions (which are given in accordance with the terms hereof). We remain responsible for any processing of Product Data and System Data done by such third party service providers on our behalf not in accordance with the terms hereof, except for events outside of such services providers' reasonable control.
  • Law Enforcement Entities - We may cooperate with government and law enforcement officials to enforce and comply with the law. We may therefore disclose any Product Data and System Data to government or law enforcement officials as we believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party's property and rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable.

5. NO COOKIES AND SIMILAR TECHNOLOGIES

We do not use any behavioral monitoring and tracking technologies such as pixels, tags, webhooks, cookies, etc.

6. INTERNATIONAL DATA TRANSFER AND STORAGE

Product Data and System Data may be transferred to and processed in the USA and in Israel. Please note that USA and Israeli data and privacy laws may not be as comprehensive as those in your country. Residents of certain countries may be subject to additional protections as set forth in Sections 6.1 below.

6.1. GDPR (EEA Users)

This Section 6.1 applies only to natural persons residing in the European Economic Area (for the purpose of this section only, "you" or "your" shall be limited accordingly). It is Salto's policy to comply with the EEA's General Data Protection Regulation ("GDPR"). In accordance with the GDPR, we may transfer Product Data and System Data that is Personal Data from your home country to Israel, the U.S. and/or other countries, provided that the transferee has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Specifically, we may cause such transfer if we ensured that at least one of the following applies:

  • The country to which Personal Data has been transferred, has been determined by the EU Commission to be a country providing adequate protection to the privacy rights of EU residents.
  • Application of Standard Contractual Clauses (also known as " Model Clauses") where appropriate.
  • Adherence to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, as described further below.
    You have additional rights regarding your personal data under the GDPR, please refer to Section 9 below.

7. SECURITY

We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your Personal Data. Your data is stored on secure servers and isn't publicly available. We limit access of your information only to those employees or partners on a "need to know" basis, in order to enable the carrying out of the agreement between us.

Despite these measures, Salto cannot eliminate security risks associated with Personal Data, and security breaches may happen. If there are any questions about security, please contact us at open-source@salto.io .


8. RETENTION

We will retain Product Data and System Data only for as long as necessary to achieve the purposes for collection and processing set forth under section 3.2 above. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.

9. YOUR RIGHTS

9.1. If applicable to you under your country's jurisdiction, you may have certain rights in connection with your Personal Data and how we handle it. You can exercise your rights at any time by contacting us via any of the methods set out in the CONTACT US section below. Those rights may include, but are not limited to, the following:

  • Right of access. You may have a right to know what information we hold about you and in some cases to have the information communicated to you. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information.
  • Right to correct Personal Data. We endeavor to keep the information that we hold about you accurate and up to date. Should you realize that any of the information that we hold about you is incorrect, please let us know and we will correct it as soon as we can.
  • Data deletion. In some circumstances you have a right to request that some portions of the Personal Data that we hold about you be deleted or otherwise anonymized.
  • Data portability. In some circumstances, you may have the right to request that data which you have provided to us is provided to you, so you can transfer this to another data controller.
  • Restriction of processing. In some cases, you may have the right to request a restriction of the processing of your Personal Data, such as when you are disputing the accuracy of your data held by us.

9.2. California Privacy Rights

See our California Privacy Rights Statement for information about California Privacy Rights, and other required disclosures, if any.

9.3. Disable Data Collection

You can control the Personal Data that we collect about you by:

a. setting the environment variable SALTO_TELEMETRY_DISABLE=1

b. Changing the OS Product configuration as described at - telemetry.md

10. CHILDREN PRIVACY

You must be over the age of 18 to use the OS Products. We do not knowingly collect or solicit Personal Data from anyone under the age of 18. If you believe that we might have any information from or about a minor under the age of 18, please contact us at privacy@salto.io .

11. GENERAL

11.1. UPDATES TO THIS POLICY

This OS Product Privacy Policy is subject to changes from time to time, in our sole discretion. The most current version will always be posted on our website (as reflected in the "Last Updated" heading). You are advised to check for updates regularly. By continuing to use our OS Products after any revisions become effective, you agree to be bound by the updated Privacy Policy.

11.2. HOW TO CONTACT US?

If you wish to exercise any of the aforementioned rights, or receive more information, please contact us using the details provided below:

Salto.io

Email: privacy@salto.io