Privacy Policy
This Privacy Policy explains how CodSec I.O Ltd. and its affiliates (“CodSec”) collect, use, and protect personal information from individuals (“you” or “user”) who visit, access, or use our website (the “Website”) and any related features, content, or services we offer, including via our application (the “Platform”, which together with the Website, shall be referred to herein as the “Service”). We are committed to protecting your privacy and safeguarding your personal information (as set forth below). Please read this policy carefully to understand how we handle your data and to help you make informed decisions. By visiting, accessing, or using the Service, you agree to the terms of this Privacy Policy.
1. TERM OF THIS PRIVACY POLICY
This Privacy Policy takes effect when you first access or use the Service and will remain in force for as long as you continue to use or have access to the Service, or for a longer period if required under this Privacy Policy.
By accessing or using the Service, you acknowledge the data processing practices described in this Privacy Policy.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we do, we will revise the “Last Updated” date at the bottom of the policy. If we make material changes, we will provide notice through the Service or by other means, as required by applicable law. Continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.
2. OUR SERVICE
As part of the Service (which includes both the Website and the enterprise cybersecurity platform), CodSec provides enterprise cybersecurity and SecOps solutions, including AI-based security monitoring, detection, investigation, and response capabilities (including SOC-related services), as well as integration with Customers’ IT, cloud, and security infrastructures.
The Service is provided exclusively to business customers and public sector entities (the “Customers”) and is not offered as a consumer-facing platform.
Processing within Customer Environments
In the course of providing the enterprise cybersecurity components of the Service, CodSec may access, analyze, and monitor data made available by Customers within their own environments or hosted as part of the Service infrastructure, depending on the deployment model selected by the Customer. Such data may include Personal Information relating to individuals acting on behalf of a Customer (for example, employees, contractors, or authorized personnel), including business email addresses, IP addresses, usernames, device identifiers, access logs, authentication records, and system activity metadata, including the ability to associate system activity with a specific authorized user within the Customer’s organization.
With respect to such processing, CodSec acts as a data processor (or service provider) on behalf of the relevant Customer and processes Personal Information solely in accordance with the Customer’s documented instructions and the applicable agreement. The relevant Customer determines the purposes of the processing and is responsible for establishing the appropriate legal basis for such processing under applicable law. CodSec does not use such Personal Information for its own independent advertising, behavioral profiling, data monetization, or unrelated commercial purposes.
In certain cases, individuals who access or use the Service on behalf of a Customer may be required to confirm that they have read and understood this Privacy Policy. Such confirmation constitutes acknowledgment of the transparency notice set forth herein and does not modify the allocation of roles between CodSec and the relevant Customer.
Website-Related Processing
Where individuals interact directly with the Website component of the Service (for example, by submitting a contact form, requesting information, or communicating with CodSec), CodSec collects and processes business contact details such as name, business email address, phone number, company affiliation, and the content of the inquiry.
With respect to such Website-related processing, CodSec acts as an independent data controller and processes the information in accordance with applicable law.
3. INFORMATION WE COLLECT
CodSec collects and processes Personal Information in two distinct operational contexts:
3.1. Personal Information collected directly through the Website component of the Service; and
3.2. Personal Information processed within Customer environments in the course of delivering enterprise cybersecurity and SecOps services.
These two categories are governed by different legal roles and responsibilities, as further described below.
3.3. Information Collected via the Website
When individuals interact directly with the Website, CodSec may collect the following categories of Personal Information:
(a) Business and Contact Information
When a visitor submits an inquiry, requests information, schedules a meeting, or otherwise communicates with CodSec via the Website or email, we may collect:
• Full name
• Business email address
• Business phone number
• Company name and role
• The content of the inquiry or communication
• Any attachments voluntarily submitted
This information is provided voluntarily by the individual.
(b) Technical and Usage Information
When individuals access the Website, certain technical information may be collected automatically, including:
• IP address
• Browser type and version
• Device type and operating system
• Referring URLs
• Date and time of access
• Pages viewed and navigation paths
• Interaction data
• General geographic location derived from IP address
This information is collected for security, fraud prevention, system administration, performance monitoring, and analytics purposes.
(c) Cookies and Similar Technologies
The Website uses cookies and similar tracking technologies as described in Section 4 below. Certain cookies are strictly necessary for Website operation, while others may be subject to consent requirements under applicable law.
With respect to Personal Information collected via the Website, CodSec acts as an independent data controller.
Note: If you provide Personal Information about another individual, you are responsible for ensuring that you have the legal authority or that person’s consent to share their information with us, and for informing them of this Privacy Policy.
3.4. Information Processed Within Customer Environments
In the course of providing the enterprise cybersecurity components of the Service, CodSec may access, receive, analyze, and process data made available by Customers within their IT, cloud, and security infrastructures, or within infrastructure operated by CodSec as part of the Service, depending on the applicable deployment model.
Depending on the Customer’s configuration, deployment architecture, and security posture, such data may include Personal Information relating to individuals acting on behalf of the Customer, including:
• Business email addresses
• Usernames
• Authentication credentials or authentication metadata
• IP addresses
• Device identifiers
• Hostnames
• Login records
• Access logs
• Network traffic metadata
• Security alerts and event logs
• System activity records
• Incident investigation data
• Audit trails
• Information enabling attribution of activity to a specific authorized user within the Customer’s organization
CodSec does not control the scope of data made available within a Customer’s environment. The Customer determines which systems are connected, which logs are ingested, and which categories of data are monitored.
CodSec processes such data solely for the purpose of delivering its Services.
With respect to Personal Information processed within Customer’s environments:
• CodSec acts as a data processor (or service provider) on behalf of the relevant Customer;
• The Customer determines the purposes and legal basis for processing under applicable law;
• CodSec processes such data strictly in accordance with the Customer’s documented instructions and the applicable agreement.
CodSec does not use Personal Information processed within Customer environments for independent advertising, behavioral profiling, data monetization, or unrelated commercial purposes.
3.5. System-Generated and Automatically Collected Technical Data
In addition to the information described above, CodSec may generate or collect certain technical and system-level data automatically in connection with the operation, security, and maintenance of the Service. This category includes information that is created through the technical functioning of the Service itself and may not be directly provided by an individual.
(a) Service Infrastructure and Operational Data
CodSec may collect technical data necessary to ensure the proper functioning, integrity, and security of the Service, including:
• System performance metrics
• Service availability data
• Configuration and deployment metadata
• API request records
• Load-balancing and routing information
• Backup and recovery logs
• Diagnostic and error reports
• Versioning and update logs
To the extent such information contains Personal Information relating to identifiable individuals within a Customer’s environment, CodSec processes it solely in its capacity as a data processor on behalf of the relevant Customer.
(b) Security and Integrity Monitoring Data
CodSec may automatically generate and retain internal security logs and integrity records relating to access to the Service itself, including:
• Administrative access logs
• Privileged account activity
• Access control events
• System authentication records
• Security configuration changes
• Audit trails relating to system-level actions
Where such records relate to individuals acting on behalf of a Customer, CodSec processes them in accordance with its processor role as described in Section 2.
(c) Website Analytics and Security Data
Separately, in relation to the Website component of the Service, CodSec may automatically collect limited analytics and technical data, including:
• IP address
• Browser and device information
• Pages accessed
• Timestamp data
• Interaction patterns
CodSec does not use advertising identifiers (such as mobile advertising IDs) for cross-context behavioral advertising, and does not engage in consumer profiling activities.
(d) De-Identified and Aggregated Technical Data
CodSec may derive statistical, aggregated, or de-identified technical information from system operations for purposes such as:
• Capacity planning
• Service optimization
• Security hardening
• Threat trend analysis
Such information does not identify individuals and is not used to reconstruct individual-level activity.
You are not legally required to provide us with any Personal Information. However, some of the information we request is necessary for us to provide you with access to and use of the Service. If you choose not to provide certain information, we may be unable to offer you some or all of the features or functionality of the Service.
4. COOKIES AND SIMILAR TECHNOLOGIES
CodSec may use cookies and similar tracking technologies, including web beacons, pixels, tags, and other automated data collection tools, to support its operation, security, and functionality. These technologies support the secure and efficient operation of the Website, enable basic functionality, and assist in understanding how the Website is used.
These technologies may enable CodSec and its service providers to collect certain information automatically when users access or interact with the Website, including technical data about devices, browsing activity, and interaction patterns. Cookies, for example, are small text files stored on a user’s device when visiting a website. Similar technologies may include web beacons, pixels, or local storage objects.
Depending on the specific implementation, certain cookies may also support performance measurement, analytics, or other operational insights. Where required under applicable law, cookies that are not strictly necessary for the operation of the Website will be deployed only in accordance with the user’s expressed preferences through the Website’s cookie management mechanism.
The enterprise cybersecurity Platform components of the Service are designed primarily for organizational deployment and security monitoring and do not rely on consumer advertising technologies.
CodSec may use the following categories of cookies:
4.1. Categories of Cookies Used on the Website
(a) Strictly Necessary Cookies. The Website uses certain cookies that are required for its basic technical operation and security. These cookies support functions such as (i) maintaining an active session while a user navigates the Website, (ii) enabling secure submission of forms, distributing traffic across servers, (iii) protecting the Website against automated misuse or malicious activity, etc. They may also store users’ cookie preference selections. These cookies typically process limited technical data, such as:
• session identifiers,
• security-related tokens,
• routing information.
Because they are necessary for the functioning and protection of the Website, they cannot be disabled through the cookie preference mechanism.
(b) Performance and Analytics Cookies. The Website may use analytics cookies to understand how visitors interact with its content and to evaluate overall performance and reliability. These cookies support functions such as (i) measuring traffic volumes, (ii) identifying technical errors or performance issues, (iii) analyzing navigation patterns, and (iv) assessing general engagement with Website content.
These cookies may process technical and usage-related data, such as:
• IP address (which may be truncated or masked where feasible),
• browser type and version,
• device type,
• pages visited,
• time spent on pages,
• referring URLs,
• general geographic location derived from IP address.
Analytics information is evaluated in aggregated form and is not used to build individual advertising profiles or to track users across unrelated websites. Where required under applicable law, these cookies are deployed only after the user has provided appropriate consent through the Website’s cookie preference mechanism.
(c) Functionality Cookies. The Website may use functionality cookies to remember certain selections made by visitors and to improve usability. These cookies support functions such as (i) retaining language or region preferences, (ii) preserving user interface settings, and (iii) recording previously selected cookie preferences.
These cookies may process limited technical information necessary to recognize returning devices and apply previously selected settings. They are not used for advertising purposes or cross-site behavioral tracking. Where required by applicable law, such cookies are activated only following user consent.
(d) Business Communication Tracking Technologies. CodSec may use limited tracking technologies in connection with business-related email communications. These tools support functions such as (i) determining whether an email has been opened, (ii) measuring engagement with links contained in the communication, and (iii) assessing general effectiveness of business outreach.
Such technologies may process technical information, including:
• email open indicators,
• link click data,
• device type information.
These tools are used solely for business communication analytics and do not involve mobile advertising identifiers, cross-context behavioral advertising, or participation in consumer advertising networks. Recipients may opt out of marketing communications as described in Section 6 below.
4.2. Third-Party Analytics and Measurement Technologies
CodSec may engage reputable third-party analytics or measurement providers (for example, Google Analytics or similar services) to assist in evaluating Website performance, understanding general usage patterns, and maintaining operational effectiveness.
Such providers may deploy cookies or similar technologies, including scripts, tags, or pixels, in order to collect technical and usage-related data, which may include:
• IP address;
• device and browser information;
• timestamp data;
• general interaction and usage metrics.
These providers process information in accordance with their own privacy policies and applicable contractual commitments. CodSec implements appropriate safeguards when engaging such providers and does not authorize them to use data collected through the Website for unrelated advertising or cross-context behavioral profiling purposes.
Where required by applicable law, the use of such technologies is subject to user consent or preference settings.
4.3. Managing Cookie Preferences
Where required by law, visitors to the Website are presented with a cookie banner or similar mechanism allowing them to:
• Accept all cookies
• Reject non-essential cookies
• Customize cookie preferences
In such cases, where it is required by law, visitors may also control cookie settings through their browser configuration. Most browsers allow users to delete cookies, block certain categories of cookies, or configure notifications when cookies are placed.
Please note that disabling certain cookies may affect Website functionality or performance.
4.4. Do Not Track Signals
Some browsers include a “Do Not Track” (DNT) feature that signals a preference not to be tracked across websites. There is currently no universally adopted technical standard governing how websites must respond to such signals. Accordingly, the Website does not alter its behavior in response to DNT signals.
4.5. No Sale or Behavioral Advertising
CodSec does not sell Personal Information collected through cookies for monetary consideration and does not engage in cross-context behavioral advertising or consumer data brokerage activities.
To the extent that certain analytics tools may constitute “sharing” under specific privacy laws, individuals may exercise applicable rights as described in Section 6 below.
Where required under applicable law, Cookies that are not strictly necessary are deployed only in accordance with the user’s expressed preferences through the Website’s cookie management mechanism.
5. HOW CODSEC USES THE INFORMATION CodSec processes Personal Information solely for legitimate, defined purposes that are consistent with the nature of the Service and applicable law. The purposes of processing differ depending on whether CodSec acts as an independent data controller (in connection with the Website) or as a data processor (in connection with enterprise cybersecurity services provided to Customers).
5.1. Website-Related Processing
Where CodSec collects Personal Information directly via the Website component of the Service, such information is processed for the following purposes:
• responding to inquiries, contact requests, or other communications submitted through the Website;
• evaluating potential business relationships or engagements;
• providing information regarding CodSec’s services and capabilities;
• administering and maintaining the Website, including troubleshooting, performance monitoring, and technical maintenance;
• protecting the Website against misuse, unauthorized access, or malicious activity;
• complying with applicable legal or regulatory obligations.
Where permitted under applicable law, CodSec may use business contact details to provide communications regarding its services. Recipients may opt out of such communications as described in Section 6 below.
CodSec does not use Website-collected Personal Information for consumer advertising, cross-context behavioral tracking, or unrelated commercial data monetization.
However, CodSec may process Personal Information collected via the Website on the basis of its legitimate interests in operating, securing, and improving the Website, managing business communications, and evaluating potential engagements, provided that such interests are not overridden by the rights and freedoms of the relevant individuals. Where required by applicable law, CodSec relies on consent or other appropriate legal bases, as described in this Privacy Policy.
5.2. Processing Within Customer Environments
In the course of providing the enterprise cybersecurity components of the Service, CodSec processes Personal Information solely on behalf of and under the documented instructions of the relevant Customer.
Such processing is limited to what is necessary to deliver the Service, including:
• monitoring systems, networks, endpoints, and integrated infrastructures for security events;
• analyzing logs, alerts, and system-generated data;
• investigating suspected security incidents or anomalous activity;
• identifying and assessing potential vulnerabilities or threats;
• supporting incident response, containment, and remediation activities;
• maintaining operational integrity and service continuity;
• generating audit trails and activity records required for security oversight.
CodSec does not independently determine the purposes for which Personal Information within a Customer’s environment is processed. The Customer determines the purposes and legal basis for such processing under applicable law. CodSec does not use Personal Information processed within Customer environments for advertising, marketing profiling, cross-context behavioral tracking, or unrelated commercial exploitation.
5.3. Service Operation and Internal Administration
CodSec may process Personal Information, in either controller or processor capacity as applicable, for internal administrative and operational purposes reasonably necessary to operate the Service and its business, including:
• maintaining internal records and documentation;
• conducting internal audits or compliance reviews;
• enforcing contractual rights and obligations;
• supporting corporate governance and risk management;
• complying with applicable legal, regulatory, or governmental requirements;
• supporting corporate transactions such as mergers, acquisitions, reorganizations, or asset transfers, subject to appropriate safeguards.
Where such processing relates to Personal Information within Customer environments, it remains subject to CodSec’s processor role and the applicable Customer agreement.
5.4. De-Identified and Aggregated Information
CodSec may derive statistical, aggregated, or de-identified information from data processed in connection with the Service for purposes such as:
• improving system performance and reliability;
• capacity planning and infrastructure optimization;
• strengthening security detection methodologies;
• analyzing general threat patterns and trends.
Such information does not identify individuals and is not used to reconstruct individual-level activity.
6. YOUR CHOICES REGARDING COMMUNICATIONS
CodSec may use business contact information collected through the Website or in the context of existing business relationships to communicate information regarding its services, capabilities, industry developments, or relevant updates.
Such communications are directed to business representatives and are not based on consumer profiling or cross-context behavioral advertising.
You may opt out of receiving marketing or promotional communications from CodSec at any time by:
• using the unsubscribe mechanism included in the communication (where applicable); or
• contacting us at privacy@codsec.io.
We will process opt-out requests within a reasonable period and in accordance with applicable law.
Please note that even if you opt out of marketing communications, CodSec may continue to send administrative or service-related communications that are necessary in connection with an existing business relationship, contractual engagement, or security-related matter.
7. YOUR RIGHTS.
Depending on your place of residence and the applicable data protection laws, you may have certain rights in relation to your Personal Information. These rights may arise under, among other frameworks, the EU General Data Protection Regulation (GDPR), the Israeli Privacy Protection Law, 1981 (the “PPL”), and certain U.S. state privacy laws.
Because CodSec operates both as an independent data controller (in connection with Website-related processing) and as a data processor (in connection with enterprise cybersecurity services provided to Customers), the manner in which rights may be exercised depends on the context in which your Personal Information is processed.
7.1. Rights in Relation to Website-Related Processing
With respect to Personal Information collected directly by CodSec via the Website and processed by CodSec in its capacity as an independent data controller, you may have the right, subject to applicable law, to:
• obtain confirmation as to whether CodSec processes your Personal Information;
• access the Personal Information held about you and receive supplementary information regarding its processing;
• request correction of inaccurate or incomplete Personal Information;
• request deletion of Personal Information where legally justified;
• request restriction of processing in certain circumstances;
• object to certain types of processing;
• withdraw consent where processing is based on consent;
• request portability of Personal Information where applicable;
• lodge a complaint with a competent supervisory or regulatory authority.
These rights are not absolute and may be subject to limitations, including where processing is necessary to comply with legal obligations, establish or defend legal claims, protect legitimate interests, or ensure the security and integrity of systems and services.
Requests relating to Website-collected Personal Information may be submitted using the contact details provided in Section 15 below.
7.2. Processing Within Customer Environments
Where Personal Information is processed by CodSec within a Customer’s IT, cloud, or security environment in connection with the enterprise cybersecurity components of the Service, CodSec acts solely as a data processor (or service provider) on behalf of the relevant Customer. In such cases:
• The relevant Customer is the data controller responsible for determining the purposes and legal basis of the processing;
• The relevant Customer is responsible for responding to data subject rights requests relating to such processing.
If CodSec receives a request relating to Personal Information processed on behalf of a Customer, CodSec will, where appropriate and permitted, refer the request to the relevant Customer or notify the Customer in accordance with the applicable agreement between CodSec and that Customer.
CodSec does not independently modify, erase, restrict, or disclose Personal Information processed within a Customer’s environment except in accordance with the Customer’s documented instructions or where required to do so under applicable law.
Individuals acting on behalf of a Customer (for example, employees, contractors, or authorized personnel) should therefore direct rights requests relating to data processed within the Customer’s systems to the relevant Customer organization.
7.3. Limitations in Security, Monitoring, and Investigation Contexts
Given the nature of the Service, certain Personal Information may be processed in connection with cybersecurity monitoring, audit trails, threat detection, anomaly analysis, incident investigation, and related security oversight functions. In such contexts, the exercise of certain rights may be restricted where such restriction is necessary and proportionate in order to:
• preserve the integrity of ongoing or potential security investigations;
• avoid compromising detection methodologies or security controls;
• prevent interference with incident response activities;
• protect the rights and freedoms of other individuals;
• comply with legal, regulatory, or contractual obligations;
• safeguard system security and operational continuity.
Any such limitations will be applied strictly in accordance with applicable data protection laws and only where legally permitted and proportionate.
7.4. Verification and Response Procedures
To protect Personal Information and prevent unauthorized disclosure, CodSec may require reasonable verification of identity before responding to a request. This may include requesting additional information sufficient to confirm that the requester is the data subject or is authorized to act on their behalf.
CodSec will review and respond to valid requests within the timeframes required under applicable law. Where permitted by law, response periods may be extended where necessary due to the complexity of the request or the volume of requests received.
If CodSec is unable to fulfill a request, in whole or in part, it will provide an explanation consistent with applicable legal requirements.
8. DURATION OF INFORMATION RETENTION AND STORING
CodSec retains Personal Information for no longer than is necessary in light of the purposes for which the information was collected and processed, the nature of the engagement, applicable legal and regulatory requirements, and legitimate operational and security considerations.
The applicable retention framework varies depending on CodSec’s role in relation to the relevant data and the context in which it is processed.
Where applicable, CodSec retains certain records for periods required under applicable tax, accounting, or other statutory retention obligations.
8.1. Personal Information Processed by CodSec as Controller
Personal Information collected directly via the Website (including business contact details and communications submitted through inquiry forms or email correspondence) is retained for a period that is reasonably necessary to manage business communications, evaluate potential engagements, maintain appropriate business records, and comply with applicable legal and regulatory obligations.
Retention periods in this context are determined based on documented internal criteria that take into account, among other things:
• the nature and sensitivity of the information;
• whether an ongoing or potential business relationship exists;
• applicable statutory limitation periods;
• legal, regulatory, audit, or compliance requirements;
• the need to preserve information in connection with potential disputes or claims.
Where Personal Information is no longer required for these purposes, CodSec will take reasonable steps to delete, anonymize, or otherwise securely dispose of such information in accordance with its internal data governance practices.
8.2. Personal Information Processed on Behalf of Customers
Where Personal Information is processed within a Customer’s IT, cloud, or security environment in connection with the enterprise cybersecurity components of the Service, CodSec retains such information in accordance with:
• the documented instructions of the relevant Customer; and
• the terms of the applicable agreement between CodSec and the Customer.
CodSec does not independently determine the retention periods applicable to Personal Information processed on behalf of Customers. The relevant Customer remains responsible for defining retention policies applicable to its systems and environments.
Upon termination or expiration of the applicable agreement, CodSec will delete or return Personal Information processed on behalf of the Customer in accordance with the contractual arrangements and applicable law, subject to limited retention where required for legal, regulatory, evidentiary, or security-related purposes.
8.3. Security Logs, Audit Trails, and Backup Systems
Given the nature of the Service, certain security logs, audit trails, and system integrity records may be retained for defined and documented periods in order to support security monitoring, forensic analysis, incident investigation, compliance obligations, and operational continuity.
Retention periods for such records are determined in accordance with security best practices, contractual requirements, and applicable legal obligations. Where such records contain Personal Information, they are retained only for as long as reasonably necessary for these purposes.
Backup copies of data may persist for limited periods as part of standard backup and disaster recovery cycles. Data contained in backup systems remains subject to appropriate technical and organizational safeguards and is securely overwritten or deleted in the ordinary course of system operations.
8.4. De-Identified and Aggregated Information
CodSec may retain statistical, aggregated, or de-identified information derived from system operations without time limitation, provided that such information does not identify individuals and cannot reasonably be used to reconstruct individual-level activity.
9. SHARING INFORMATION WITH THIRD PARTIES
CodSec shares Personal Information only where necessary to provide the Service, operate its business, comply with legal obligations, or protect its legitimate interests, and always subject to appropriate contractual and confidentiality safeguards.
The manner in which Personal Information is shared depends on whether CodSec acts as an independent data controller (in connection with Website-related processing) or as a data processor (in connection with enterprise cybersecurity services provided to Customers).
9.1. Service Providers and Sub-Processors
CodSec engages third-party service providers to support the operation, delivery, security, and maintenance of the Service. Such providers may include, for example: cloud infrastructure and hosting providers, cybersecurity infrastructure and monitoring vendors, analytics providers (in relation to Website usage), CRM or communication management platforms, professional advisors (legal, financial, audit), managed security or infrastructure support providers, etc.
Where CodSec processes Personal Information as a data processor on behalf of a Customer, such third parties act as sub-processors. In such cases:
• Where CodSec engages third-party providers in connection with the provision of the Service, it does so under written agreements or standard terms that include data protection and confidentiality commitments appropriate to the nature of the services provided.
• CodSec conducts reasonable due diligence prior to engaging such providers and requires them to implement security measures consistent with applicable law and industry standards.
• CodSec’s responsibility for the acts and omissions of sub-processors shall be governed by the terms of the applicable agreement between CodSec and the Customer.
Where CodSec processes Personal Information as a data controller (e.g., Website-related data), such third parties act as service providers under appropriate contractual arrangements.
A list of principal sub-processors or service providers used in connection with the Service may be made available upon request or as otherwise agreed with Customers.
9.2. Affiliates and Corporate Structure. CodSec may share Personal Information with its affiliates or group companies where such sharing is necessary for internal administrative purposes, service delivery, security management, or corporate governance, and subject to appropriate safeguards.
9.3. Legal and Regulatory Disclosures. CodSec may disclose Personal Information where required to do so by applicable law, regulation, court order, or lawful governmental request.
9.4. CodSec may also disclose Personal Information where necessary to:
• enforce its contractual rights;
• protect the security or integrity of the Service;
• investigate suspected fraud or unlawful activity;
• protect the rights, property, or safety of CodSec, its Customers, or others.
9.5. Corporate Transactions. In the event of a merger, acquisition, reorganization, financing transaction, sale of assets, or similar corporate event, Personal Information may be transferred to the relevant successor entity or counterparty, subject to appropriate confidentiality and data protection safeguards.
9.6. De-Identified and Aggregated Information. CodSec may share statistical, aggregated, or de-identified information that does not identify individuals and cannot reasonably be used to identify them.
9.7. No Sale of Personal Information. CodSec does not sell Personal Information for monetary consideration and does not engage in consumer data brokerage or cross-context behavioral advertising activities.
10. THIRD PARTY SERVICES AND EMBEDDED CONTENT
The Website may contain links to external websites or incorporate content or functionalities provided by third parties. Where users choose to interact with such third-party services, any collection or processing of Personal Information by those third parties is governed by their respective privacy policies and terms. CodSec does not control and is not responsible for the data handling practices of third-party websites or services. Users are encouraged to review the privacy policies of any external services they access through the Website. The use of third-party cookies and similar technologies in connection with analytics or performance measurement is described in Section 4 above.
11. INFORMATION SECURITY
CodSec implements appropriate technical and organizational measures designed to protect Personal Information against unauthorized access, disclosure, alteration, and destruction, taking into account the nature of the information and the risks associated with its processing. Such measures may include, as applicable:
• access control mechanisms;
• role-based authorization;
• encryption and secure transmission protocols;
• network and infrastructure monitoring;
• internal security policies and training;
• vendor risk assessments and contractual safeguards.
Access to Personal Information is limited to personnel and service providers who require such access in order to perform their responsibilities and who are subject to confidentiality and data protection obligations. In the event of a personal data breach, CodSec will act in accordance with applicable legal and contractual obligations, including notification requirements where applicable.
While CodSec applies security controls consistent with industry practices, no method of transmission or storage can be guaranteed to be entirely secure.
12. INTERNATIONAL TRANSFERS
Personal Information may be processed in jurisdictions other than the country in which the relevant individual is located. In the context of on-premise deployments, Personal Information is generally processed within the Customer’s chosen infrastructure environment. In connection with SaaS deployments or the use of certain service providers, Personal Information may be processed in Israel, the European Economic Area (EEA), the United States, or other jurisdictions where CodSec or its service providers operate.
Where required by applicable law, CodSec implements appropriate safeguards to support lawful cross-border transfers. Such safeguards may include reliance on adequacy decisions, contractual transfer mechanisms, or other lawful frameworks permitted under applicable data protection laws.
13. CHILDREN'S PRIVACY
The Service is not directed to children and is intended for business use. CodSec does not knowingly collect Personal Information from individuals under the age of eighteen (18).
If CodSec becomes aware that Personal Information has been collected from a minor without appropriate authorization, it will take reasonable steps to delete such information.
14. GENERAL PROVISIONS
14.1. For any question, concern, comments or suggestions regarding this Privacy Policy, please contact CodSec at privacy@codsec.io. This Privacy Policy applies globally to all users of the CodSec Service, and we will comply with applicable privacy laws based on your place of residence.
14.2. Updates to this Privacy Policy. CodSec may update this Privacy Policy from time to time to reflect changes in its practices, legal requirements, or operational needs. The updated version will be made available on the Website with an updated “Last Updated” date. Where required by applicable law, CodSec will provide additional notice of material changes. Continued use of the Service following the effective date of an updated Privacy Policy constitutes acknowledgment of the revised terms.
14.3. Governing Law. All disputes arising out of this Privacy Policy will be subject to the governing laws of the State of Israel and the exclusive jurisdiction of the competent local and federal courts located in Tel Aviv – Jaffa, Israel. The user and CodSec agree and submit to the personal and exclusive jurisdiction and venue of these courts, except that nothing will prohibit either party from instituting an action in any court of competent jurisdiction to obtain injunctive relief or protect or enforce its rights. Nothing in this section shall limit the application of any mandatory data protection laws applicable to the processing of Personal Information.
14.4. Copyright. The copyrights in this publication are owned by CodSec and its affiliates.
14.5. Trademarks. "CodSec" is a trademark of CodSec. No license to use any of the CodSec trademarks is given or implied. The trademark may not be copied, downloaded, reproduced, used, modified or distributed in any way (except as an integral part of an authorized copy of material appearing in these web pages, as set forth in the previous section paragraph), without the prior written consent of CodSec. All other trademarks or trade names referred to in the Service are the property of their respective owners.
15. CONTACT US
If you have questions or comments about the Privacy Policy or CodSec's data collection in general, please send us an email at privacy@codsec.io.
Last modified: 4 March 2026