Privacy Policy

Effective as of April  8th, 2024.

This Privacy Policy describes how Client-Side Development, Inc. ("CDS," "we", "us" or "our") handles personal information that we collect through our websites that link to this Privacy Policy and the CDS application (collectively, the “Service”), as well as through our marketing and other activities described in this Privacy Policy.

For details regarding data collection through cookies and other technologies, see our Cookie Notice.

Individuals in the EEA/UK: See our Notice to European users for information about your personal information and data protection rights. If you have any questions or concerns about our use of your personal information, please contact us.

Index
You can click the links below to jump to specific sections, but we recommend that you read this Privacy Policy in its entirety.

• Scope of this Privacy Policy
• Personal information we collect
• How we use your personal information
• How we share your personal information
• Your choices
• Other sites and services
• Security
• International data transfer
• Children
• Changes to this Privacy Policy
• How to contact us
• Notice to European users

Scope of this Privacy Policy

CDS provides a cybersecurity application for use by businesses. The Service is not intended for use by individuals for personal, family, household, or other consumer purposes, and the personal information covered by this Privacy Policy pertains to people acting in a business or commercial capacity.  This Privacy Policy does not apply to personal information about CDS personnel or job candidates that we process in our capacity as an employer. Additionally, this Privacy Policy does not apply to personal information that CDS processes on behalf of customers in our capacity as a processor or service provider pursuant to our customers’ contractual instructions (such as information about end users of customer-operated sites analyzed by the Service).

Personal information we collect

The personal information we collect from you, either directly or indirectly, will depend on how you interact with us and with our Service. In general, we collect personal information about you from the following sources:

Information you provide to us. 
Personal information you may provide to us through the Service, at our events or otherwise includes:

• Contact data. Your full name, email address, mailing addresses, professional title and company name, phone number, and other contact details.
• Domain data. Domains you submit to the Service for analysis.
• Account data. Your full name, email address, the password for your Service account, and any other information you choose to add to your Service profile.
• Payment data. The payment card data associated with the card you use to pay for the Service and information about your payment transactions.
• Communications data. Information in your communications with us, including when you communicate with us through the Service, social media, events, or otherwise, including any feedback you provide about the Service and your responses to surveys.

If we collect personal information not specifically listed above, we will use it consistent with this Privacy Policy or as otherwise explained at the time of collection.

Information automatically collected.  As you navigate the Service, our communications, and other online services, we and our service providers may automatically collect information about you, your computer or device, and your browsing actions and use patterns, such as:

• Device data. Technical information about your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique device identification numbers or other identifiers, language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
• Usage data. Page views and searches, log-in information, videos and other content that you view, how long you spent on a page, the website you visited before browsing to the Service, your interactions with a page (e.g. if you “like” content), navigation paths between pages, information about your activity on a page, access times and duration of access, whether you have opened our emails or clicked links within them, and other functional information on Service performance (like diagnostics and crash logs).

Cookies and similar technologies. Some of the information we collect automatically is captured using cookies and similar technologies as described in our Cookie Notice.

Third party sources. We combine personal information we receive from you or collect automatically when you use the Service with personal information we obtain from other sources, such as:

• Social media platforms, company website bios and other publicly available websites.
• Our business contacts who share details about their professional contacts, including potential customers and partners.

How we use your personal information

We use your personal information for the following purposes or as otherwise described in this Privacy Policy or at the time of collection:

Service delivery. We use your personal information to register your account on our Service, to manage and administer your Service account, provide the Service, process your payments, and to communicate with you about our Service (including support and administrative messages).

Business operations.  We use your personal information to administer and maintain our Service and our IT systems (including monitoring, troubleshooting, data analysis, testing, system maintenance, repair and support, reporting and hosting of data) and to operate our business.

Research and development. We use your personal information for research and development purposes, including to analyze and improve the Service and our business in an informed way. As part of these activities, we may create aggregated, de-identified and/or anonymized data from personal information we collect. We make personal information into de-identified or anonymized data by removing information that makes the data personally identifiable to you. We may use this aggregated, de-identified or otherwise anonymized data and share it with third parties for our lawful business purposes, including to analyze, improve and promote the Service and our business.

Direct marketing. As permitted by applicable law, we may collect and use your personal information to send you marketing emails we think may interest you or contact you by phone about our products, services or events. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.

Compliance and protection. We use your personal information to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities. We also use your personal information to protect our, your or others’ rights, privacy, safety, or property (including by making and defending legal claims), including by conducting internal audits against our policies; enforcing the terms and conditions that govern the Service; and taking steps to prevent, investigate and deter fraud, cyberattacks or other unauthorized, unethical, or illegal activity.

How we share your personal information

We may share your personal information with the following categories of recipients and as otherwise described in this Privacy Policy or at the time of collection.

Affiliates. Our parent company and other corporate affiliates that we control, are controlled by, or with which we are under common control, for purposes consistent with this Privacy Policy.

Service providers. Third parties that provide services on our behalf or help us operate the Service or our business (such as business applications, hosting, content delivery network, other information technology, customer support, email delivery, marketing, payment processing, chatbot, session replay, artificial intelligence, customer research, and analytics).

Payment processors. Third party payment processors, such as Stripe, that collect your payment card data and other transaction data to process your payment card transactions when you pay for the Service. You can learn about how Stripe handles your personal data in its privacy policy available here: https://stripe.com/privacy.

Authentication services. When you log into the Service by using your credentials on a third party service, such as Google and Github, the service will collect contact data, device data and usage dataDevice data and usage data described above from you to facilitate the authentication as described in the service’s relevant settings or privacy policy. You can read Google’s privacy policy here: https://policies.google.com/privacy and Github’s privacy policy here: https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement

CAPTCHA providers. To enhance the security of our Service, we use captcha features that require users to complete a task to authenticate to the Service. Third party providers of these CAPTCHA services directly collect Device data and usage datadescribed above to enable the CAPTHCA features and as described in their privacy policies. For example, we use the CAPTCHA services provided by Cloudflare.  Your use of the Cloudflare CAPTCHA feature is subject to Cloudflare’s Terms of Service available here https://www.cloudflare.com/website-terms/and Privacy Policy available here: https://www.cloudflare.com/privacypolicy/.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transferees. Parties (and their advisors) to business transactions (or negotiations of or due diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, CDS or our affiliates (including, in connection with a bankruptcy or similar proceedings).

Your choices

This section applies to all users. Some users may also have additional rights under applicable privacy laws, as described in the relevant region-specific sections below. If you do not provide information we identify as required or mandatory, we may not be able to provide features or services that require that information.

Access or update your information. You may review and update certain Service account information by logging into your account.

Opt-out of marketing communications. You may opt-out of marketing emails at any time by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us with your request.  Please note that if you opt-out of marketing emails, you may continue to receive service-related and other non-marketing emails.

Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. See our Cookie Notice for more information about how to control cookies.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Other sites and services

The Service may contain links to or integrations of websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or other online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

Security

We use technical, organizational, and physical safeguards designed to protect the personal information we process. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information.

International data transfers

We are headquartered in the United States and may use service providers that operate in the United States and other countries other than the country in which you are resident. These countries may have data protection laws that differ from those of your country (and, in some cases may not be as protective as those in your state, province, or country).

Individuals in the United Kingdom and the European Economic Area should read the information provided below about transfer of personal information outside of those locations.

Children

The Service is not intended for use by anyone under 18 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acknowledgment that the modified Privacy Policy applies to your interactions with the Service and our business.

How to contact us

If you have questions or concerns about this Privacy Policy or our practices, please contact us at [email protected].

Notice to European users

The information provided in this notice applies only to individuals in the United Kingdom (“UK”), the European Economic Area (“EEA”) and Switzerland (we collectively refer these countries as “Europe”).

The personal information that we collect from you is identified and described in greater detail in the section of the Privacy Policy entitled Personal information we collect. For more details on the specific types of personal information we collect, please refer to the section titled Personal information we collect.

Controller. Client-Side Development, Inc. is the controller of your personal information described in this Privacy Policy. See the Contact us section above for contact details.

Legal bases for processing. European data protection law requires that we have a “legal basis” for each purpose for which we process your personal information. Depending on the purpose for collecting your information, we may rely on one of the following legal bases:

• The processing is necessary to perform a contract that we are about to enter into, or have entered into, with you (“Contractual Necessity”).
• The processing is necessary to pursue our legitimate interests or those of a third party and we are confident that your privacy rights will be appropriately protected (“Legitimate Interests”).
• We need to comply with laws or to fulfill certain legal obligations (“Compliance with Law”).
• We have your specific consent to carry out the processing for the purpose in question (“Consent”). Generally, we do not rely on Consent as a legal basis for using your personal information other than in the context of direct marketing communications where required by applicable law.

The table below identifies the legal bases we rely on in respect of the relevant purposes for which we use your personal information. For more information on these purposes and the categories of personal information involved, see the section in the Privacy Policy entitled How we use your personal information.

Processing purpose	Types of personal information processed	Legal basis
Service delivery	Contact data, Account data, Domain data, Payment data, Communication data, Device data, Usage data	Contractual Necessity. If we have not entered a contract with you, we process your personal information based on our Legitimate Interests (in providing the Services you access or request).
Business operations	Contact data, Account data, Communication data, Device data and usage data	Contractual Necessity. If we have not entered a contract with you, we process your personal information based on our Legitimate Interests (in operating, providing, and improving our business).
Research and development	Contact data, Account data, Domain data, Communication data, Device data and usage data	Our Legitimate Interests (in analyzing and improving our Services and our business).
Marketing	Contact data, Account data, Domain data, Communication data, Device data and usage data	Our Legitimate Interests (in promoting our products and services through marketing communications). In circumstances or in jurisdictions where consent is required under applicable data protection laws, we rely on your Consent to send direct marketing communications.
Sharing your personal information as described in this Privacy Policy	Contact data, Account data, Communication data	We use the original legal basis relied upon if the relevant further use is compatible with the initial purpose for which the personal information was collected. Otherwise, we rely on your Consent.
Compliance and Protection	All data relevant in the circumstances.	Compliance with Law (where processing is necessary to comply with our legal obligations). Otherwise, we rely on our Legitimate Interests (in protecting our, your or others’ rights, privacy, safety or property).

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive personal information. We do not collect sensitive personal information (e.g., government-issued ID numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) and ask that you do not provide us with any such information.

Your rights. European data protection laws give individuals in Europe the following rights regarding their personal information:

• Right of access. You can ask us to provide you with information about our processing of your personal information and give you access to your personal information.
• Right to rectification. If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified.
• Right to erasure. You can ask us to delete or remove your personal information where there is no lawful reason for us continuing to store or process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law.
• Right to restrict processing. You can ask us to suspend the processing of your personal information:
  • if you want us to establish the information’s accuracy;
  • where our use of the information proves to be unlawful but you do not want us to erase it;
  • where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or
  • if you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
• Right to object. You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) to do so and you believe it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Right to data portability. You have the right, in certain circumstances, to ask us to provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format.
• Right to withdraw consent at any time. Where we are relying on consent to process your personal information you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Exercising those rights. Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal information or where certain exemptions apply. If we decline your request, we will tell you why, subject to legal restrictions.

To exercise any of these rights, please contact us. We may request specific information from you to help us confirm your identity and process your request.

Your right to lodge a complaint with your supervisory authority. If you are not satisfied with our response to a request you make, or how we process your personal information, you can make a complaint to the data protection regulator in your habitual place of residence.

For users in the EEA:  The contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en

For users in the UK:  The contact information for the UK data protection regulator is below:

The Information Commissioner’s Office Water Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF Tel. +44 303 123 1113 Website: https://ico.org.uk/make-a-complaint/

International data transfers. We are headquartered in the United States and may use service providers that operate in the United States and other countries. Therefore, we may transfer your personal information to recipients outside of the European Economic Area and/or the UK. Some of these recipients are located in countries which have been formally recognized as providing an adequate level of protection for personal information by the European Commission and Secretary of State in the UK, in which case, we rely on the relevant "adequacy decisions". Where the transfer is not subject to an adequacy decision or regulations, we take appropriate safeguards to ensure your personal information remains protected in accordance with this Privacy Policy and applicable laws by entering into appropriate data transfer mechanism permitted under Article 46 of the GDPR / UK GDPR (as applicable), such as the

European Commission's Standard Contractual Clauses or the UK International Data Transfer Addendum (as applicable). A copy of our data transfer mechanism can be provided on request.