.svg)
In order to ensure transparency and give you more control over your personal data, this privacy policy (“Privacy Policy”) governs how we, Lasso Security Inc. (“ Lasso ”, “we”, “our” or “us”) use, collect and store personal data that we collect or receive from or about you (“you”) in connection with Lasso.security (“Website”), our application (“App”) and the services provided to our customers (“Customer”) ( “Services”).
We greatly respect your privacy, which is why we make every effort to provide Services that would live up to the highest user privacy standards. Please read this Privacy Policy carefully, so you can understand our practices and your rights in relation to personal data. Important note: Nothing in this Privacy Policy is intended to limit in any way your statutory rights, including your rights to a remedy or other means of enforcement.
Table of contents:
Lasso is a B2B company. At Lasso, our goal is to help our Customers and their employees to use AI tools in a safe way that complies with the Customers' Policies. In the context of this Privacy Policy AI tools shall mean: Any artificial intelligence ("AI") tools, features, products, and services including, without limitation, generative AI (collectively, "AI Tools") as defined by the Customer or the user.
This Privacy Policy can be updated from time to time and, therefore, we ask you to check back periodically for the latest version of this Privacy Policy. If we implement material changes in the way we use your information, in a manner that is different from that stated at the time of collection, we will notify you by posting a notice on our Website or by other means and take any additional steps as required by applicable law.
(i) We Process the Following Personal Data:
a. Personal Data provided via the Services. We collect personal data that you (as our Customer or the Customer user) voluntarily provide us with, such as your full name, email address, log-in details, your company’s domain, type, industry, as well as any other data that you decide to provide us with. In addition, we collect some information via cookies, pixels, tracking technologies and similar identifiers, including IP address, device details, usage pattern of the Services. We also collect the contact and billing information of our Customers.
b. Personal data we access in order to provide our Services. If you choose to download our App or your employer (our Customer) has installed our App in your browser or Computer, we will access and process any personal data included in the text and documents that you upload, enter, or otherwise transmit when you use relevant AI tools.
c. Data provided through the Website. When you use the Website, we collect and process full name, email address, phone number, your comments and/or messages when you interact with the Website, for example, when you send us a request for a demo or contact us.
d. Data automatically collected via the Website. We automatically collect certain information through your use of Lasso's Website, such as cookies, pixels, tracking technologies and similar identifiers, your Internet protocol (IP) address, and other device identifiers that are automatically assigned to your device.
e. Data you provide to us in person. For example, when you visit one of our exhibition booths or attend one of our events, provide us with your contact details. We will use this information to answer your enquiries or provide additional information to you.
f. Data we collect from other online interactions. For example, if you attend a webinar, contact us via social media or otherwise interact with our business, including as a representative of a current/prospective Customer, supplier, or partner, we track and make a record of those interactions, which may contain your contact details, such as full name, email address, messages, and any other information that you decide to provide us with.
(ii) We process information for the following purposes:
a. To provide our Customers (or you directly) with the Services. We will use the data, including, without limitation, for the following purposes: (i) allow you to create an account; (ii) fulfill any instruction and/or request made by our Customer or you in the context of the Services; (iii) send you emails and notifications regarding your account or certain features of the Services, including, updates pertaining to your subscription, and related to the services we provide you with; (iv) to personalize your experience with our Services; (v) to allow you to create more users and administrate your users; (vi) to generally administer and improve the Services; and (vii) send you alerts regarding your usage in AI tools or the usage of other team members or employees in AI tools;
b. To allow you to make use of our Website. We will use your personal data to allow you to make use of our Website, including, (i) if you request a demo or subscribe to newsletters, we will use your personal data to process and answer your request for a demo or fulfill your request to or subscribe to newsletters; (ii) to answer your questions and to allow you to communicate with us; (iii) let you sign up to webinars; (iv) to analyze your use of our Website and to improve our Website; and (iv) to customize your experience.
c. For Administrative Purposes. Lasso uses your information (i) to respond to your questions, comments, and other requests for Customer support, or information, including information about potential or future services; (ii) to provide you with Lasso’s Services; (iii) for internal quality control purposes; (iv) to establish a business relationship; and (v) to generally administer the Services;
d. To Market our Website and Services. Lasso uses personal data to market its Services. Such use includes (i) notifying you about offers and services that may be of interest to you; (ii) developing and marketing new products and services; (iii) other purposes disclosed at the time you provide information; and (iv) as you otherwise consent;
e. Security purposes. Some of the above mentioned data will be used for detecting, taking steps to prevent and prosecute fraud or other illegal activity; to identify and repair errors; to conduct audits; and for our security purposes. Data may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims.
f. De-identified and Aggregated Data Use. In certain cases, we may or will anonymize or de-identify your Information and further use it for internal and external purposes, including, without limitation, to analyze and improve Lasso services (including through the use of AI) and for research purposes. We will use this anonymous or de-identified information and/or disclose it to third parties without restrictions (for example, in order to improve our services and enhance your experience with them and/or to develop new product features and improve existing offerings).
g. Cookies and Similar Technologies. We, as well as third parties that provide content, advertising, or other functionality on the Lasso Website and Services, use Technologies to automatically collect information through the Website and Services. We use Technologies that are essentially small data files placed on your device that allow us to record certain pieces of information whenever you visit or interact with the Website and Services. If you would like to opt out of the cookies and similar technologies we employ on the Website and Services, you may do so by blocking, deleting, or disabling them as your browser or device permits.
a. Lasso is processing Customer information on behalf of the Customer. Therefore, the Customer is the responsible party for the security, integrity, and authorized usage of Customer information in the context of the Services and also for obtaining consents, and permissions and providing any required data subject rights and fair processing notices required for the collection and usage of such Customer information.
b. Specifically, the Customer is the sole responsible for the definition of the permitted and non-permitted usage of AI tools, according to its guidelines and his agreement with Lasso.
c. Customer information is not regulated by this privacy policy, and this paragraph is provided only for transparency purposes. Customer and Lasso shall execute an agreement to regulate the provision of the Services.
d. If you are a Customer user and you have any questions related to the Customer information practices and/or the Services, please contact the Customer directly.
e. In order to provide our Services, our Customers should give us access to their employees' browsers or other work environments (e.g., via Google Chrome, Microsoft Edge and etc.) for Lasso to monitor the usage in AI tools and ensure compliance with the Customer guidelines. Generally speaking, we do not control the categories of data that we access, since it depends on the data that the Customer and employees upload to the AI tools, and to which data the Customer will allow us access. This access is limited to privileges the Customer will give us such as access to see and extract data. Without derogating the above, we will make efforts to minimize our access to personal data and make sure, to the extent possible, that no human shall access such data directly unless it is necessary to provide our Services.
f. In the course of providing our Services we will share data or metadata with our Customers that may include personal information (e.g., when we identify an account is using the AI tools in a prohibited way).
3.1. Security. We have implemented and maintain reasonable technical, organizational and security measures designed to protect your information. However, please note that we cannot guarantee that the information will not be compromised as a result of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device, or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.
3.2. Retention of your data. Your data will be stored until we delete our records, and we proactively delete it, or if you or our Customers send a valid deletion request. Please note that in some circumstances we store your data for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, and/or (iii) if we reasonably believe there is a prospect of litigation relating to your data or dealings.
We share your data as follows:
4.1. Lasso might share the gathered data with our affiliated companies.
4.2. We use third-party service providers to process your information for the purposes outlined above, including, without limitation:
4.2.1. With cloud service providers for hosting purposes;
4.2.2. With websites and web content creation platforms in order to help us manage our Website;
4.2.3. With email providers, marketing, CRM, and other similar tool providers;
4.2.4.With analytic companies, in order to help us understand and analyze data we collect in accordance with this policy; and
4.3. To the extent necessary, with regulators, courts, banks, or competent authorities, to comply with applicable laws, regulations, and rules (including, without limitation, federal, state, or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order, as well as for internal compliance procedures and to protect the safety, security, and integrity of Lasso , our Services, Customers, employees, property, and the public.
4.4. If, in the future, we sell or transfer, or we consider selling or transferring, some or all of our business, shares or assets to a third party, we will disclose your data to such third party (whether actual or potential) in connection with the foregoing events (including, without limitation, our current or potential investors). In the event that we are acquired by, or merged with, a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, disclose or assign your data in connection with the foregoing events.
4.5. Where you have otherwise provided your consent to us for sharing or transferring your data.
5.1. The following rights (which may be subject to certain exemptions or derogations) shall apply to certain individuals (some of which only apply to individuals protected by specific laws):
i. You have the right to withdraw consent to the processing, where consent is the basis of processing.
ii. You have the right to access the personal data that we hold and request further details about how we process it, under certain conditions.
iii. You have the right to demand rectification of inaccurate personal data about you. We will promptly correct any information found to be incorrect.
iv. You have the right to object to unlawful data processing under certain conditions.
v. You have the right to the erasure of past data about you (your “right to be forgotten”) under certain conditions.
vi. You have the right to demand that we restrict the processing of your personal data, under certain conditions, if you believe we have exceeded the legitimate basis for processing, the processing is no longer necessary, or if you believe your personal data is inaccurate.
vii. You have the right to data portability of personal data concerning you that you provided us in a structured, commonly used, and machine-readable format, subject to certain conditions.
5.2. You can exercise your rights by contacting us at privacy@Lasso.secuirty. You may use an authorized agent to submit a request on your behalf if you provide the authorized agent with written permission signed by you. To protect your privacy, we may take steps to verify your identity before fulfilling your request. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfil your request. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes before processing and/or honoring your request. We reserve the right to charge a fee permitted by law, for instance if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initial requested, we will address your request to the maximum extent possible, all in accordance with applicable law.
5.3. Deleting your account: Should you ever decide to delete your account, you may do so by emailing privacy@Lasso.security. If you terminate your account, any association between your account and personal data we store will no longer be accessible through your account. However, given the nature of sharing on certain services, any public activity on your account prior to deletion will remain stored on our servers and will remain accessible to the public.
5.4. Marketing emails – opt-out: You may choose not to receive marketing email of this type by sending a single email with the subject "BLOCK" to privacy@Lasso.security. Please note that the email must come from the email account you wish to block.
a. In order to run our business and provide our Website and Services to you, we transfer personal data to certain countries around the world, including to our affiliates and service providers, many of whom are located outside of your jurisdiction. Therefore, your personal data may be processed in countries with privacy laws that are different from privacy laws in your country. Whenever we make such transfers, we will use commercially reasonable efforts to implement an appropriate level of protection to your personal data by implementing at least one of the following safeguards:
i. making sure the destination country has been deemed to provide an adequate level of protection for personal data; and/or
ii. by implementing data onward transfer instruments such as data processing and protection agreements.
We do not offer our products or services for use by children and, therefore, we do not knowingly collect information from, and/or about children under the age of 18. If you are under the age of 18, do not provide any information to us without the involvement of a parent or a guardian. In the event that we become aware that you provide information in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at privacy@Lasso.security .
We enable you to interact with third party websites, mobile software applications and products or services that are not owned, or controlled, by us (each, a “Third Party Service”). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services can collect information from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service.
i. Google Analytics. Our Services uses a tool called “Google Analytics” to collect information about use of the Services. Google Analytics collects information such as how often users visit this Services, what pages they visit when they do so, and what other websites they used prior to coming to this Website. We use the information we get from Google Analytics to maintain and improve our Services. We do not combine the information collected through the use of Google Analytics with information we collect. Google’s ability to use and share information collected by Google Analytics about your visits to our Services is restricted by the Google Analytics Terms of Service, available at https://marketingplatform.google.com/about/analytics/terms/us/, and the Google Privacy Policy, available at http://www.google.com/policies/privacy/. You may learn more about how Google collects and processes data specifically in connection with Google Analytics at http://www.google.com/policies/privacy/partners/. You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.
ii. LogRocket: we use LogRocket in order to better understand our users’ needs and to optimize this service and experience. LogRocket collects user experience data from your web & mobile apps and surfaces issues to engineering, product and marketing teams. LogRocket uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device’s IP address) (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our Website). LogRocket stores this information in a pseudonymized user profile. Neither LogRocket nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see LogRocket privacy policy at https://logrocket.com/privacy/ You can opt-out to the creation of a user profile, more details at https://logrocket.com/privacy under “Data Subject Rights"
iii. Hubspot. We use Hubspot for the purpose of optimizing our social media marketing, to better manage our content, and to help us optimize our Platform. For more information about Hubspot's privacy practices, please see their privacy policy available here: https://legal.hubspot.com/privacy-policy
We reserve the right to remove or add new analytic tools, cookies, pixels and other tracking technologies
10.1. Our California Do Not Track Notice: Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note, that as our Services inherently includes the monitoring of consumers activities online, we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers
If you have any questions, concerns, or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us at privacy@Lasso.security
