Skip to main content

Privacy Policy

Effective Date: 2025-01-20
Last Updated: 2025-01-20
GDPR Compliant
CCPA Compliant

1. Introduction and Acceptance

InsiderRisk Index ("Company," "we," "us," or "our"), a service provided by Above Security, Inc., operates the website located at https://insiderisk.io and related services (collectively, the "Service"). This Privacy Policy constitutes a legally binding agreement between you and the Company.

MANDATORY ACCEPTANCE REQUIRED

BY ACCESSING, BROWSING, OR USING ANY PART OF OUR SERVICE IN ANY MANNER WHATSOEVER, YOU IRREVOCABLY ACKNOWLEDGE THAT YOU HAVE READ, FULLY UNDERSTOOD, AND UNCONDITIONALLY AGREE TO BE LEGALLY BOUND BY THIS PRIVACY POLICY IN ITS ENTIRETY. IF YOU DO NOT AGREE TO EVERY PROVISION OF THIS POLICY, YOU ARE STRICTLY PROHIBITED FROM USING OUR SERVICE AND MUST IMMEDIATELY CEASE ALL ACCESS.

YOUR CONTINUED USE CONSTITUTES ONGOING ACCEPTANCE OF ANY AND ALL MODIFICATIONS TO THIS POLICY.

This Privacy Policy supersedes all prior agreements, representations, and understandings regarding privacy. We reserve the right to modify this policy at any time, with changes effective immediately upon posting.

2. Information We Collect

2.1 Information You Provide

  • Assessment Data: Responses to security assessment questions (non-identifiable)
  • Optional Organization Information: Company name, size, industry (if voluntarily provided)
  • Contact Information: Email address (only if you opt-in for results delivery)
  • Communications: Information in emails or forms you submit

2.2 Information Collected Automatically

  • Usage Data: Pages visited, time spent, features used, interaction patterns
  • Device Information: Browser type, operating system, device identifiers
  • Network Data: IP address (anonymized), general geographic location (country/region level)
  • Analytics: Performance metrics, error reports, feature usage statistics

Privacy by Design: Our assessment can be completed entirely anonymously. We do not require any personally identifiable information to use our core services.

3. How We Use Your Information

3.1 Permitted Uses

We use collected information exclusively for:

  • • Providing and improving our security assessment services
  • • Generating personalized risk assessments and recommendations
  • • Creating aggregated, anonymized industry benchmarks
  • • Sending assessment results (only with explicit consent)
  • • Responding to inquiries and support requests
  • • Detecting and preventing fraud, abuse, or security incidents
  • • Complying with legal obligations and enforcing our terms
  • • Conducting research and analysis to improve cybersecurity

3.2 Prohibited Uses

We will NEVER:

  • • Sell, rent, or trade your personal information
  • • Share individual assessment results without consent
  • • Use your data for unrelated marketing purposes
  • • Allow unauthorized third-party access to your data
  • • Retain data longer than necessary for stated purposes

4. Data Protection and Security

4.1 Security Commitment

We are committed to protecting your personal information and implement reasonable security measures to safeguard the data we collect. However, no method of transmission over the Internet or electronic storage is 100% secure.

Security Limitation: While we strive to protect your personal information, we cannot guarantee absolute security. No method of transmission or storage is 100% secure, and we shall not be liable for unauthorized access beyond our reasonable control.

4.2 Data Incidents

We will handle data incidents in accordance with applicable legal requirements only. We make no commitments beyond what is legally mandated.

5. Information Sharing and Disclosure

5.1 Limited Sharing Circumstances

We may share your information only in these limited circumstances:

  • Service Providers: With trusted third parties who assist in operating our Service (e.g., hosting providers, email services) under strict confidentiality agreements
  • Legal Requirements: When required by law, subpoena, court order, or governmental request
  • Protection of Rights: To protect our rights, property, safety, or that of our users
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified of any change in ownership)
  • Aggregated Data: Anonymized, aggregated data that cannot identify individuals
  • With Consent: With your explicit consent for specific purposes

5.2 Third-Party Services

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

6. Your Legal Rights

Your rights regarding personal information are governed by applicable law in your jurisdiction. We will comply with legally mandated requirements only as specifically required by statute.

We provide no guarantees regarding data access, correction, deletion, or other rights beyond what is strictly required by applicable law. Contact [email protected] for legally mandated requests only.

7. Data Retention and Deletion

We retain information for as long as necessary for business purposes, legal compliance, or as otherwise permitted by law. Retention periods are determined at our sole discretion.

We make no commitments regarding specific retention periods or automatic deletion timelines. Data may be retained indefinitely for legitimate business purposes.

8. International Data Transfers

Our Service is operated from the United States. If you access our Service from outside the U.S., your information may be transferred to, stored, and processed in the United States or other countries.

Safeguards: We implement appropriate safeguards for international transfers, including Standard Contractual Clauses approved by the European Commission and compliance with Privacy Shield principles where applicable.

9. Children's Privacy

Age Restriction: Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it immediately.

10. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

  • • Right to know what personal information is collected, used, shared, or sold
  • • Right to delete personal information
  • • Right to opt-out of the sale of personal information (Note: We do not sell personal information)
  • • Right to non-discrimination for exercising privacy rights

To exercise these rights, California residents may contact us at [email protected] or call 1-800-XXX-XXXX. We will verify your identity before processing requests.

11. European Privacy Rights (GDPR)

11.1 Legal Basis for Processing

We process personal data based on:

  • Consent: When you provide explicit consent
  • Contract: To perform our services
  • Legal Obligations: To comply with applicable laws
  • Legitimate Interests: To improve services and ensure security

11.2 EU Representative

For GDPR matters, our EU representative can be contacted at: [email protected]

11.3 Supervisory Authority

EU residents have the right to lodge complaints with their local data protection supervisory authority.

12. Cookies and Tracking Technologies

12.1 Types of Cookies Used

  • Essential Cookies: Required for Service functionality
  • Analytics Cookies: To understand usage patterns (anonymized)
  • Preference Cookies: To remember your settings
  • Security Cookies: To detect and prevent fraudulent activity

12.2 Managing Cookies

You can control cookies through your browser settings. Disabling certain cookies may limit Service functionality. We respect Do Not Track signals and Global Privacy Control.

13. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes become effective immediately upon posting unless otherwise stated.

Material Changes: For material changes, we will provide prominent notice through the Service or via email (if we have your email address). Continued use after changes constitutes acceptance of the revised policy.

14. Dispute Resolution and Arbitration

MANDATORY BINDING ARBITRATION - NO EXCEPTIONS:

• ANY AND ALL DISPUTES, CLAIMS, OR CONTROVERSIES ARISING FROM OR RELATING TO THIS PRIVACY POLICY, THE SERVICE, OR ANY DATA PROCESSING SHALL BE RESOLVED EXCLUSIVELY THROUGH BINDING INDIVIDUAL ARBITRATION

• YOU IRREVOCABLY WAIVE YOUR RIGHT TO A JURY TRIAL, CLASS ACTION LAWSUIT, OR ANY FORM OF CLASS-WIDE ARBITRATION

• ARBITRATION SHALL BE CONDUCTED BY THE AMERICAN ARBITRATION ASSOCIATION UNDER ITS COMMERCIAL ARBITRATION RULES IN DELAWARE, USA

• THE ARBITRATOR'S DECISION SHALL BE FINAL AND BINDING WITH NO RIGHT OF APPEAL

• YOU AGREE TO PAY ALL ARBITRATION COSTS IF YOUR CLAIM IS FOUND TO BE FRIVOLOUS OR BROUGHT IN BAD FAITH

• THIS ARBITRATION CLAUSE SURVIVES TERMINATION OF THIS AGREEMENT AND ANY RELATIONSHIP WITH US

Governing Law: This Privacy Policy is governed by the laws of Delaware, USA, without regard to conflict of law principles.

15. LIMITATION OF LIABILITY AND INDEMNIFICATION

CRITICAL LIABILITY LIMITATIONS:

• TO THE MAXIMUM EXTENT PERMITTED BY LAW, ABOVE SECURITY INC. SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES ARISING FROM YOUR USE OF THE SERVICE OR ANY DATA PROCESSING ACTIVITIES

• OUR TOTAL LIABILITY FOR ALL CLAIMS SHALL NOT EXCEED $100 USD REGARDLESS OF THE THEORY OF LIABILITY

• WE DISCLAIM ALL WARRANTIES EXPRESS OR IMPLIED INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT

• WE ARE NOT RESPONSIBLE FOR DATA BREACHES, SECURITY INCIDENTS, OR UNAUTHORIZED ACCESS BEYOND OUR REASONABLE CONTROL

• YOU ASSUME ALL RISKS ASSOCIATED WITH YOUR USE OF THE SERVICE

MANDATORY INDEMNIFICATION:

YOU AGREE TO DEFEND, INDEMNIFY, AND HOLD HARMLESS ABOVE SECURITY INC., ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AND LICENSORS FROM ALL CLAIMS, DAMAGES, LOSSES, LIABILITIES, COSTS, AND EXPENSES (INCLUDING REASONABLE ATTORNEYS' FEES) ARISING FROM:

  • Your violation of this Privacy Policy or applicable laws
  • Your misuse of the Service or any data provided
  • Any content you submit or actions you take
  • Your violation of any third-party rights
  • Any security incidents at your organization
  • Any decisions made based on assessment results

16. Contact Information

For privacy-related inquiries, requests, or complaints:

Above Security, Inc.

Privacy Department

Email: [email protected]

Support: [email protected]

Phone: 1-800-XXX-XXXX

Data Protection Officer: [email protected]

We will respond to legally mandated requests within timeframes required by applicable law only.

17. Severability and Entire Agreement

If any provision of this Privacy Policy is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.

This Privacy Policy, together with our Terms of Service, constitutes the entire agreement between you and InsiderRisk Index regarding privacy matters and supersedes all prior agreements and understandings.

Important Legal Notice

This Privacy Policy is designed to comply with global privacy regulations including GDPR, CCPA, and other applicable laws. Your use of our Service constitutes acceptance of these terms. We strongly encourage you to review this policy regularly and contact us with any questions.

Last Review Date: 2025-01-20

Version: 2.0

Terms of ServiceContact UsTake AssessmentHome