Product Privacy Policy

Last Updated: June 2nd 2022

Oort, Inc. (“Oort”) is a globally-distributed identity threat detection and response platform for enterprise security. 

This Privacy Statement explains how Oort collects, uses, discloses and otherwise processes personal information about our customers’ employees, contractors, and other users (“end users”) in connection with the provision of our platform services to our customers, pursuant to our agreements with those customers. Oort processes end users’ information in our capacity as a service provider and data processor. 

Personal Information We Collect

Information we collect from our customers’ systems. We collect personal information about end users from our customers’ systems, including:

  • Account information, such as first and last name, email address, and login information.
  • Work information, such as the name of organization, department and title, registered location of work, business/user ID, and your manager’s name, email address, and ID. 
  • System activity information, such as authentication activity to customers’ systems and applications, identifiers of the authenticator you are using, forms of multi-factor authentication and group associations.
  • Usage information, such as information about how you use the platform, including information associated with any content you upload to the platform or otherwise submit to us, and information you provide when using any interactive features of the platform.  

Information we collect when end users interact with us. We collect personal information directly from end users who interact with us, including: 

  • Correspondence, such as information you provide when contacting us with questions or otherwise corresponding with us online.

Data we collect automatically. We may automatically log information about end users’ interactions with our platform and communications, such as device operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state, or geographic area.

How We Use Personal Information

To operate our platform services:

  • Provide, operate, maintain, secure and improve our platform
  • Provide information about our platform
  • Communicate with you about our platform, including by sending you announcements, updates, security alerts, and support and administrative messages
  • Respond to your requests, questions and feedback

For research and development. To analyze and improve our platform and to develop new products and services, including by studying use of our platform.

To comply with law. As we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention, and safety. To: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern our platform; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

To create anonymous data. To create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve our platform and promote our business.

How We Share Personal Information

Customers. We may share your personal information back with the customer to the extent that the information pertains to that customer’s end users. 

Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate our platform (such as customer support, hosting, analytics, email delivery, identity verification, and database management services).

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above. 

How You Share Information on the Services

Third-party platforms. By enabling features or functionality that connect your account to a third-party platform, you chose to disclose certain of your personal information to those services. We do not control those third parties’ use of your personal information.

Access to Information

To keep your information accurate, current, and complete, please contact us as specified below. We will take reasonable steps to update or correct information in our possession that you have previously submitted via the Services.

Data Subject Rights

Oort customers are the data controllers of end users’ personal information. As the data controllers, Oort customers are responsible for receiving and responding to end users’ requests to exercise any rights afforded to them under applicable data protection law. Oort will assist customers in responding to such requests as set forth in the customer agreement.

Depending on your location and the nature of your interactions with the platform, you may have the right to submit the following requests to our customers about your personal information: 

  • Access. Request that our customers provide you with information about their processing of your personal information and give you access to your personal information;
  • Deletion. Request that our customers delete the personal information that they maintain about you;
  • Correction. Request that our customers update or correct inaccuracies in your personal information;
    • Transfer. Request that our customers transfer a machine-readable copy of your personal information to you or a third party that you designate;
  • Restriction. Request that our customers restrict the processing (including sharing) of your personal information; and
  • Objection. Object to our customers’ reliance on their legitimate interests as the basis of their processing of your personal information that impacts your rights.

Data Retention

Oort retains personal information for as long as necessary to (a) provide the platform; (b) comply with legal obligations; (c) resolve disputes; and (d) enforce the terms of our customer agreements. 

International Data Transfer

We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may therefore be processed in the United States or transferred to other locations where privacy laws may not be as protective as those in your state, province, or country. Please contact us for additional information regarding how Oort safeguards the personal information it transfers across borders.

Other Sites and Services

Our Services may contain links to websites and integrations with other online services that are operated by third parties. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.

Security Practices

We use reasonable organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information. 

Changes to this Privacy Statement

We reserve the right to modify this Privacy Statement at any time. If we make material changes to this Privacy Statement, we will notify you by updating the date of this Privacy Statement and posting it on our platform. 

How to Contact Us

Please direct any questions or comments about this Statement or privacy practices to privacy@oort.io

You may also write to us via postal mail at: 215 Ayer Rd Suite 83, Harvard, MA 01451