Privacy Policy

Effective as of July 26, 2024

We at EJ2 Communications, Inc. d/b/a Flashpoint (“Flashpoint,” “we,” “us,” or “our”) provide this privacy policy (this “Privacy Policy”) because we know that you care about how information you provide to us is used and shared. This Privacy Policy relates to the information collection and use practices of Flashpoint when you access and use this website (https://www.flashpoint.io/) (the “Website”) or access and use our proprietary software products (“Products”) via the Website. As of the Effective Date of this Privacy Policy, our Products include Flashpoint Platform, Reports, Curated Alerting and Analysis Assistance. However, our Products may change from time to time.

By visiting our Website or accessing and using our Products, you are agreeing to the terms of this Privacy Policy and the accompanying Terms of Service. Access to and usage of our Products is also governed by the applicable software license agreement (the “Agreement”).

Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in our Terms of Service.

General Data Protection Regulation (2016/679) (“GDPR”)

Flashpoint provides its Products on its customers’ behalf as a “data processor,” as such term is defined under the GDPR. As such, customers are the data controllers, as such terms are defined under the GDPR, when using Flashpoint’s Products. Thus, Customers must, as applicable, have an appropriate legal basis for its processing activities when using the Products, give appropriate notices under Articles 13-14, and fulfill all other data controller obligations under the GDPR.   

When serving as a processor, we have certain obligations under GDPR including only processing personal data at our customers’ instructions reflected in the applicable Agreement, providing assistance with fulfillment of rights requests, and implementing appropriate security for personal data. To the extent legally permissible, we will forward any inquiries, complaints, or requests received from data subjects with respect to use of the Products to the appropriate customer and await instructions before taking any action.

With respect to other processing activities, Flashpoint may act as a data controller. As examples, we are a controller with respect to certain activities related to prospective/current customers, customer end-users, and vendors (“Business Contacts”), and visitors to our Website to the extent they are located in the European Economic Area (note that, in some cases, the categories may overlap such as Business Contacts using the Website). Please see below for more information related to such processing activities and other important information.

Your Rights Under the GDPR

As a natural person located in the European Economic Area, you have a right to: (i) request access to, correction and/or erasure of your personal data; (ii) object to processing of your personal data (such as direct marketing); (iii) restrict processing of your personal data; and (iv) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability. You may exercise these rights and submit a GDPR complaint by contacting [email protected] with the subject line “GDPR.”

You also have the right to lodge a complaint about the processing of your personal data with an appropriate data protection authority, and, as applicable, to exercise third-party beneficiary rights under Flashpoint’s Standard Contractual Clauses.

Contact details for the EU data protection authorities can be found at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Flashpoint’s products (including the platform, subscription services and other professional services) may collect your IP address and this information will be used by Flashpoint for security, analytics and other internal purposes.

Contact Information

When you sign up to receive our newsletters or Product information on the Website, we collect your contact information. Contact information is provided via browser forms or online request forms, and includes: first name, last name, e-mail address, job title, name of the organization, country, state/region and phone numbers (fax, cell and/or landline). This contact information is used by our sales, support and Product teams to contact our visitors, customers and distributors for the purpose of providing the requested information, support, or Products. We do not collect any contact information from you when you use the Website unless you provide us with the contact information voluntarily.

Analytics Services

Like most organizations, we use automatic data collection technology, such as Google Analytics, New Relic, and Pardot when you visit our Website, or license, access, or use our Products online. These technology services may collect information on our behalf such as your IP Address, geolocation information, Internet service provider, browser type, operating system and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Website you visit, number of links you click while on the Website, search terms, and other data. This information is collected automatically and anonymized. The third parties we currently work with include the following (click on the links to view these organizations’ privacy policies and find out more about what data they hold about you, what they do with it, and how to opt-out from certain data collection). Please be advised that if you opt out of any service, you may not be able to use the full functionality of the Website.

For Google Analytics, please visit: https://www.google.com/analytics and https://policies.google.com/privacy?hl=en-US

For Pardot, please visit: https://www.salesforce.com/company/privacy/

For New Relic, please visit: https://newrelic.com/termsandconditions/privacy

Cookies

We use cookies to compile aggregate data as described above regarding our Website traffic which is used to improve our Website. Cookies are small packets of data that a website stores on your computer’s hard drive so that your computer will “remember” information about your visits to our Website and other sites. Our cookie policy is available at https://flashpoint.io/cookie-policy/.

If you do not want the Website to place a cookie on your hard drive, you may be able to turn that feature off on your device. Please consult your Internet browser’s documentation for information on how to do this. However, if you decide not to accept cookies from our Website, the Website may not function properly.

Aggregate Data

In an ongoing effort to better understand our users and the Website, we might analyze your information in aggregate form to operate, maintain, manage, and improve the Website. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our Products and the Website to current and prospective business partners and to other third parties for other lawful purposes.

Additional Uses

We also use contact information and other information collected pursuant to this Privacy Policy to respond to general inquiries, solicit feedback regarding our Website, Products and support, provide relevant content on our Website including advertisements regarding Products and third party products, and to communicate with you via email regarding our current and future Products.

Business Transfers

In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this privacy policy.

Disclosure to Public Authorities

We may be required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

Opt-Out for Direct Marketing; Email Management

You may opt out at any time from the use of your personal information for direct marketing purposes by contacting us at [email protected]. Please allow us a reasonable time to process your request.

You also may manage your receipt of marketing and non-transactional communications by clicking on the “Manage Email Preferences” link located on the bottom of any Flashpoint marketing email and following the instructions found on the page to which the link takes you. You cannot opt out of receiving transactional emails related to their account or purchase orders.

Retention of Personal Data

We will retain your personal data in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this privacy policy, or subsequently authorized. We may continue processing your personal data for longer periods, but only for the time and to the extent such processing is legally required or reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis. Retained personal data is subject to the protection of this Privacy Policy. After such time periods have expired, we may either delete your personal data or retain it in a form such that it does not identify you personally.

How We Protect Your Information

We take commercially reasonable steps to protect the personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations. Please understand, however, that no security system is impenetrable. Therefore, we cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Website may not be secure, and you should therefore take special care in deciding what information you send to us via email.

Children

The Website and Products are not directed to or intended for children under 16, and we do not knowingly collect personal data from children under the age of 16 through the Website or the Products. If you are under 16, please do not give us any personal data. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide personal data through the Website or the Products without their permission. If you have reason to believe that a child under the age of 16 has provided personal data to us, please contact us, and we will endeavor to delete that information from our databases.

Important Notice to Non-U.S. Residents

Our servers are located in the United States. If you are located outside of the United States, please be aware that any information provided to us, including personal data, will be transferred from your country of origin to the United States, which may not have privacy laws as comprehensive as those in the country where you reside or are a citizen. In particular, your personal data may be accessible by US governmental authorities after appropriate due process. Except in the case of data transfers under the EU-U.S, Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework, described below, your decision to provide personal data to us, or allow us to collect such data through our Website or Products, constitutes your consent to this data transfer.

EU-U.S. Data Privacy Network and the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework

Flashpoint, including its US affiliate entity, Risk Based Security, Inc., has certified its participation  in and comply with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF), as set forth by the U.S. Department of Commerce.  Flashpoint also has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. personal data.  In addition, Flashpoint has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Data Privacy Framework Principles shall govern, as applicable.  To learn more about the Data Privacy Framework  program, please visit  https://www.dataprivacyframework.gov/.  Flashpoint’s DPF program registration information can be accessed on the online directory at: https://www.dataprivacyframework.gov/s/participant-search.

Flashpoint is subject to the investigatory and enforcement powers of the Federal Trade Commission regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy.

In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, Flashpoint commits to resolve complaints about your privacy and our collection or use of your personal data transferred to us in the United States. Individuals in the European Union, United Kingdom or Switzerland with DPF inquiries or complaints should first contact Flashpoint at [email protected] with the subject line, “Data Privacy Framework”.

Flashpoint has further committed to refer unresolved privacy complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to BBB National Programs, an independent dispute resolution mechanism in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by us, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

However, if we or our independent dispute mechanism provider is still unable to resolve the matter, you may pursue binding arbitration through the Data Privacy Framework Panel (available at: https://go.adr.org/dpfeufiling.html for the EU/EEA and UK (and Gibraltar) individuals or at: https://go.adr.org/DPF_Swiss_AnnexI_Filing.html for Swiss individuals).

Onward Transfer to Third Parties under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF

Like many businesses, we hire other companies to perform certain business-related services. We may disclose personal data to certain types of third-party companies but only to the extent needed to enable them to provide such services. The types of companies that may receive personal data and their functions are: direct marketing assistance, lead generation services, order fulfillment, billing, customer service, data storage, hosting services, disaster recovery services, and sales support companies. All such third parties function as our agents, performing services at our instruction and on our behalf pursuant to contracts which require they provide at least the same level of privacy protection as is required by this privacy policy and implemented by Flashpoint. We may also disclose personal data to our affiliates in order to support marketing, sale and delivery of Products and Services.

Flashpoint’s accountability for personal data that it receives under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. and the Swiss-U.S. DPF and subsequently transfers to a third party is described in the EU-U.S. DPF Principles, and the Swiss-U.S. DPF Principles. Flashpoint remains responsible and liable under the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles if third-party agents that Flashpoint engaged to process the personal data on its behalf do so in a manner inconsistent with the Data Privacy Framework Principles, unless Flashpoint proves that it is not responsible for the event giving rise to the damage. Please be advised that Flashpoint may be required to disclose personal data that we handle under the Data Privacy Framework program in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Opt-In and Opt-Out to Certain Onward Transfers under the EU-U.S. DPF and the UK Extension to the EU-U.S. and Swiss-U.S. DPF

Individuals have the opportunity to opt-out of sharing of their personal data with third parties other than our agents or before we use it for a purpose other than which it was originally collected or subsequently authorized. To limit the use and disclosure of your personal data, please submit a written request to [email protected] with the subject line “Data Privacy Framework.” 

We will not disclose your sensitive personal data to any third party without first obtaining your opt-in consent. In addition to any consent mechanisms on the Site, you may provide your consent by sending us an email at [email protected] with the subject line “Data Privacy Framework.” In each instance, please allow us a reasonable time to process your response.

Your Privacy Rights under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF

Flashpoint acknowledges that EEA, UK, and Swiss individuals have the right to access the personal data we maintain about them. Upon request to [email protected] with the subject line, “Data Privacy Framework,” we will provide you with confirmation as to whether we are processing your personal data, and have the data communicated to you within a reasonable time. You have the right to correct, amend or delete your personal data where it is inaccurate or has been processed in violation of this Privacy Policy. Please allow us a reasonable time to respond to your inquiries and requests.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to obtain certain information about the types of personal data that companies with whom they have an established business relationship (and that are not otherwise exempt) have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. If you wish to submit a request pursuant to Section 1798.83, please contact Flashpoint via email at [email protected]

If you are a California resident and you have questions about our practices with respect to sharing information with third parties for their direct marketing purposes and your ability to exercise choice, please send your request to the following email address: [email protected] or write to us at our mailing address below.

For California residents under the age of 18 and registered users, California law (Business and Professions Code § 22581) provides that you can request the removal of content or information you posted on the Website. Any such request should be sent to us at [email protected]. along with a description of the posted content or other information to be removed. Be advised, however, that applicable law may not permit us to completely or comprehensively remove your deleted content or for other reasons as set forth in this California law.

In addition, Flashpoint does not monitor, recognize, or honor any opt-out or do not track mechanisms, including general web browser “Do Not Track” settings and/or signals.

California Consumer Privacy Act (CCPA). Your California Privacy Rights

If you are a California resident, California law may provide you with additional rights regarding our use of your personal data pursuant to the California Consumer Privacy Act (including as amended by the California Privacy Rights Act). To learn more about your California privacy rights, visit CCPA Privacy Notice for California Residents.  Flashpoint does not sell or share your personal information to third parties for purposes of the CCPA.

Other US State Privacy Rights

Other US State consumer privacy laws may provide their residents with similar rights regarding our use of their personal data. 

For example, these other US State consumer privacy laws may provide the following rights:

  • Confirm whether we process their personal information.
  • Access and delete certain personal information.
  • Data portability.
  • Opt-out of personal data processing for targeted advertising and sales (However, we do not use your personal information for targeted advertising or sell your personal data.)
  • Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose.
  • Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.

If you are a resident of Nevada, you also have the right to opt-out of the sale of your personal information to third parties.  (Again, however, we do not sell your personal information to third parties.)

To exercise any of these rights, or appeal a decision, please send an email to [email protected]. Again, however, we do not use your personal information for targeted advertising or sell your personal data.

For all verifiable consumer requests, Flashpoint will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us at [email protected].

Flashpoint endeavors to respond to a verifiable consumer request within forty-five (45) days of receipt. If Flashpoint requires more time (up to 90 days), Flashpoint will inform you of the reason and extension period in writing.

To the extent applicable, Flashpoint will honor these requests and will otherwise comply with these US State Privacy laws regarding personal data we collect and retain.

External Websites

The Website and the Products may contain links to third-party websites. Flashpoint has no control over the privacy practices or the content of any of these websites. As such, we are not responsible for their content or privacy policies. You should check the applicable third-party privacy policy and terms of service when visiting any other websites, and before providing any personal information to such external sites.

Changes to This Privacy Policy

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time and will post any changes on the Website as soon as they go into effect. By accessing or using the Website after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please refer back to this Privacy Policy on a regular basis.

How to Contact Us

If you have questions about this Privacy Policy or GDPR, please contact us in one of the following ways:

E-mail us at [email protected]

Or write to us at:

EJ2 Communications, Inc.
d/b/a Flashpoint
6218 Georgia Avenue NW, Suite 1, PMB 3032
Washington, D.C. 20011 USA

Attention: Privacy

For GDPR Requests Email us at [email protected]

For GDPR Data Processing Agreement Questions Email us at: [email protected]

Copyright 2024 EJ2 Communications, Inc. All rights reserved.

Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in our Terms of Service.