Exploit Prevention Labs Statement of Privacy

This document was last updated November 27, 2006.

Exploit Prevention Labs Incorporated ("XPL") is committed to protecting your privacy. This Privacy Policy explains our privacy practices for our website, www.explabs.com on the World Wide Web (the "Site"), as well as for XPL Internet-delivered services that may be accessed through the normal use of our products (the "Services"). You can travel through most of our Site without giving us any information about yourself. But sometimes we do need information to provide services that you request. The following statement explains our information-gathering and dissemination practices. Please read the complete Exploit Prevention Labs Privacy Policy.

General Information

Exploit Prevention Labs may periodically update this Privacy Policy. If so, Exploit Prevention Labs will post the updated Privacy Policy on this Site. Exploit Prevention Labs encourages you to review this Privacy Policy from time to time for any changes.

Exploit Prevention Labs abides by the principles within the Safe Harbor Program framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union. For more information on this program, please visit http://export.gov/safeharbor/.

By using this Site or any products or services provided through the Site, you expressly consent to the use and disclosure of information as described in this Privacy Policy. IF YOU DO NOT AGREE WITH ANY OF THE TERMS BELOW, YOU SHOULD NOT USE THIS SITE OR THE PRODUCTS OR SERVICES OFFERED BY Exploit Prevention Labs AT THIS SITE.

What Information We Gather/Track

You may decide whether to proceed with any activity that requests personally identifiable information. If you do not wish to provide the requested information, however, you may not be able to complete the transaction. We do not collect information from individuals under the age of 13. If you are under the age of 13, we ask that you do not submit any personal information through the Site. If we have specific knowledge that an individual under the age of 13 has submitted personally identifiable information to the Site, we will delete such information permanently and without notice.

Except as described below, Exploit Prevention Labs will only disclose your personally identifiable information to third parties if acting under a good faith belief that such action is necessary (1) to conform to legal requirements; (2) to protect and defend the rights or property of Exploit Prevention Labs; (3) to enforce the Exploit Prevention Labs Terms of Service; or (4) in the event of a merger, acquisition or sale of all or substantially all Exploit Prevention Labs’s assets relating to the business in connection with which the information was collected. Exploit Prevention Labs collects personally identifiable information that can be divided into the following categories:

Exploit Prevention Labs Product Registration Information: Some Exploit Prevention Labs products ask you for certain personally-identifiable information as part of the installation/registration process (including but not limited to your name and email address). Certain of this information is necessary in order to conclude the installation process. If you provide us with personally identifiable information, and select the "Inform me about important updates and news" option in the "Registration Information" section during the installation process for the Exploit Prevention Labs product, we use this information to send you communications including informative emails/newsletters about Exploit Prevention Labs product upgrades, new products and services, and to provide you with special offers that may be of interest to you. In the event you no longer wish to receive such information, you may choose to opt out of receiving further communications by complying with the procedures listed in the "Correcting/Updating Personal Information" section of this Privacy Policy. Exploit Prevention Labs keeps personally identifiable information collected in the course of installation/registration of Exploit Prevention Labs’s products confidential and does not sell, trade, or exchange mailing lists with any organization.

Technical Support: If you request technical support online, we will ask you for information necessary to complete the transaction such as your name, email address and information about your computer hardware, software, and the nature of the problem you are experiencing. In the course of providing support, your data may be transmitted to service providers that are under contract to Exploit Prevention Labs and have agreed to abide by the provisions of this privacy policy. Such transmissions of your data are encrypted and secure.

Community Intelligence network: When Exploit Prevention Labs products detect a security threat to your computer, if you agreed to participate in the Community Intelligence network when you installed the product, the product sends certain non-personally-identifiable information about the event and your computer to Exploit Prevention Labs to be analyzed.

Surveys: Exploit Prevention Labs periodically requests information from users via surveys. Participation in these surveys is completely voluntary and you have a choice whether or not to disclose this information. Information requested in the surveys may include broad demographic information (such as zip code or age level) for aggregate use and does not identify the user. Survey information is not sold, shared, or rented to any third party, and is used internally solely by Exploit Prevention Labs for purposes of improving the use and satisfaction of this Site, Services, and our products.

If You Opt to Receive Communications, How We Will Contact You

Email
With your permission, Exploit Prevention Labs will send you communications, including informative emails/newsletters about product upgrades, product updates, new products, and services. These communications provide you with special offers that may be of interest to you, and may include offers for non-Exploit Prevention Labs software/product(s). Exploit Prevention Labs may use a third-party provider of outbound email technology to send email from their servers on our behalf. These third party providers do not collect information about you but do collect requests to unsubscribe.

Site Functionality

Cookies
Persistent "cookies" are small pieces of information that your browser stores on your computer on behalf of a Web site that you have visited. The Site does not use persistent cookies.

Log Files
We (Exploit Prevention Labs and/or our contracted web analytics provider(s)) do keep track of the domains from which you access our Site and Services on the Web, and may log IP addresses or other identifiers for statistical purposes. We do this to gather broad demographic information for aggregate use to identify and analyze trends and the results of our marketing efforts, to help diagnose problems with our servers and to administer the Site and Services, and analyze users' movements. We may periodically share aggregate demographic information with our business partners. IP addresses and other identifiers are not linked to personally identifiable information.

Security of Your Information
All information gathered on the Site is stored and maintained in secure facilities. All Exploit Prevention Labs employees, and all external service providers who may process and/or store customer data, are briefed about the company's privacy and security policies on a regular basis. The Site is regularly tested for security breaches to ensure that all information collected is secure from unauthorized viewing. Any service providers with whom Exploit Prevention Labs contracts, and who receive, store, or process personally identifiable customer data, are required to abide by the provisions of this privacy policy.

If you have any questions about the security at our Site, you can send an email to privacy@explabs.com. Please note that this email address will reject messages with attachments of any kind.

Exploit Prevention Labs Services
In the course of normal operation, Exploit Prevention Labs security products may contact servers operated by, or under contract to, Exploit Prevention Labs. These communications are for the purpose of providing more specific information about security threats, system configuration, and the presence or properties of software, as well as to allow Exploit Prevention Labs to aggregate data in the interest of improving our Services and products.

No personally identifiable information is gathered during interactions with Exploit Prevention Labs Services. We may aggregate data in order to analyze geographic or other demographic patterns, and may make such aggregated data available to Partners. Such aggregations will not reveal personally identifiable information about particular users.

You are required to enter a valid email address during the installation and registration process in order to complete installation of Exploit Prevention Labs products. You may separately choose to request the removal of this information from Exploit Prevention Labs’s databases; however, this may diminish the advisory, diagnostic, or other content being served to you.

Correcting/Updating Personal Information
At your request, Exploit Prevention Labs will change your information; we may request evidence of your identity before doing so. Inasmuch as your information will never be used without your explicit consent, we are not able to update the email address to which you subscribe to Exploit Prevention Labs communications on your behalf. To change your information, or request that your information be changed, please use one of the following options:

By Email:
Send email to us at privacy@explabs.com. Please note that this email address will reject messages with attachments of any kind.

By Postal Mail:
Attn: Privacy Contact
Exploit Prevention Labs, Inc
PO Box 755
New Kingstown, PA 17072-0755