Skip to main content

Privacy Policy

Updated: Sep 18, 2024

Contents

  1. Introduction
  2. Data Protection Officer
  3. How we collect and use (process) your personal information
  4. Use of the Exaforce.com website
  5. Cookies and tracking technologies
  6. When and how we share information with third parties
  7. Transferring personal data to the U.S.
  8. Data Subject rights
  9. Security of your information
  10. Data storage and retention
  11. Do Not Sell or Share My Personal Information
  12. Data Deletion and Opt-Out Requests
  13. Subject Access Requests (SARs)
  14. Global Privacy Control (GPC) & Do Not Track (DNT) Compliance
  15. Compliance Reporting and Audit Trail Maintenance
  16. Children’s Data
  17. Questions, concerns, or complaints

1. Introduction

Exaforce’s mission is to significantly simplify enterprise security using autonomous BOTs. Our first BOT, Exabot Detect, solves the problem of threat detection and risk visibility for customers’ applications and identities in cloud [IaaS and SaaS].

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Notice describes Exaforce’s policies and practices regarding its collection and use of your personal data and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and we will update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

2. Data Protection Officer

Exaforce is headquartered in California, in the United States. Exaforce has appointed an internal Data Protection Officer for you to contact if you have any questions or concerns about Exaforce’s personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to Exaforce’s data protection officer:

℅ Manish Mehta
Exaforce
2570 N First St, Suite 300, San Jose, CA 95131, USA
dpo@exaforce.com
+1 – 408-547-0446

3. How We Collect and Use (Process) Your Personal Information

Exaforce collects personal information about its website visitors and customers. With a few exceptions, this information is generally limited to:

  • Name
  • Job title
  • Employer name
  • Work address
  • Work email
  • Work phone number

We use this information to provide prospects and customers with services. We do not sell personal information to anyone and only share it with third parties who facilitate the delivery of our services.
Exaforce is committed to consumer privacy rights, and we:

  • Do Not Sell or Share Personal Information.
  • Do Not Collect Sensitive Personal Information.
  • Provide a mechanism for your PII to be removed from our systems by exercising the Opt-Out Preference Signal available on our website (https://exaforce.com) or by emailing our DPO directly at dpo@exaforce.com.

4. Use of the Exaforce Website

Exaforce’s website collects certain information automatically and stores it in log files. This may include IP addresses, general location, browser type, operating system, and usage information about site visits.

We use this data to analyze trends, improve website functionality, and enhance security. In compliance with UDSP, California Privacy Rights Act (CPRA), and GDPR, you may submit a Subject Access Request (SAR) to access, correct, or delete your personal data. Please send an email to dpo@exaforce.com with details of your request. Our Data Protection Officer will respond per regulatory timelines.

5. Cookies and Tracking Technologies

Exaforce has a Cookie Notice available at https://exaforce.com that describes the cookies and tracking technologies used on the Exaforce website and provides information on how users can accept or reject them.

6. When and How We Share Information with Third Parties

The personal information Exaforce collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval.

A list of our third-party sub-processors includes:

We do not otherwise disclose your personal data unless required by law, to protect rights and safety, or as part of service agreements.

7. Transferring Personal Data to the U.S.

Exaforce is headquartered in the U.S., and all personal data is processed in the U.S. By using Exaforce’s services, you acknowledge that your data may be transferred to and processed in the United States. We apply suitable safeguards to protect personal data, including binding contractual clauses with vendors and compliance with GDPR regulations.

8. Data Subject Rights

You have rights under GDPR and other privacy laws, including:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right of data portability
  • Right to object
  • Rights related to automated decision-making

To exercise these rights, contact privacy@exaforce.com.

9. Data Storage and Retention

Exaforce retains personal data only for as long as necessary for business, regulatory, or legal obligations.

  • Deletion Requests: Personal data may be deleted upon verified request from data subjects or their authorized agents.
  • Storage Location: Data is stored securely on AWS and Google Cloud.

10. Do Not Sell or Share My Personal Information

Exaforce does not sell or share personal information. However, under certain privacy regulations (e.g., CPRA, UDSP), consumers have the right to explicitly opt out of personal data sharing. We provide a “Do Not Sell or Share” button on our website and a web form to manage these requests.

11. Data Deletion and Opt-Out Requests

  • Users can request deletion of their personal information via our web form or by contacting privacy@exaforce.com.
  • Requests will be acknowledged within 10 days and completed within 45 days unless legal obligations require otherwise.
  • Users will receive confirmation when their data has been successfully deleted.

13. Subject Access Requests (SARs)

  • Exaforce acknowledges receipt of SARs within 10 days.
  • SARs (e.g., data access, corrections, deletions) are processed within 45 days.
  • Exaforce maintains records of SARs for 24 months.

14. Global Privacy Control (GPC) & Do Not Track (DNT) Compliance

  • Exaforce’s website supports GPC signals and Do Not Track (DNT) requests.
  • If a user’s browser sends a GPC signal, Exaforce will automatically apply opt-out settings.

15. Compliance Reporting and Audit Trail Maintenance

  • Exaforce maintains detailed logs of all user privacy interactions, including opt-outs, data access, modifications, and deletions.
  • Regular compliance reports are generated to track:
    • Number of opt-out, deletion, and SAR requests processed.
    • Response timelines and outcomes.
    • Vendor compliance with data handling obligations.
  • Audit logs are stored for at least 24 months.

16. Children’s Data

Exaforce does not knowingly attempt to solicit or receive information from children. If we discover that we have collected personal data from a child, we will delete it promptly.

17. Questions, Concerns, or Complaints

If you have questions, concerns, complaints, or would like to exercise your rights, please contact us at:

℅ Manish Mehta
Exaforce
2570 N First St, Suite 300, San Jose, CA 95131, USA
dpo@exaforce.com
+1 – 408-547-0446

© 2025 Exaforce Inc. All Rights Reserved.