Go to main content

Privacy Notice

The following discloses the privacy practices and disclaimers for Coalfire Systems, Inc.

United States Residents, please read our U.S. State Privacy Notice.

Last Revised: January 1st, 2026

PRIVACY NOTICE

Coalfire Systems, Inc. (collectively with its subsidiaries, "Coalfire,", "we,", "us,", or "our") takes your privacy seriously. We want you to know how we collect, use, share, and protect your personal data.

This Privacy Notice tells you:

This Privacy Notice applies only to personal data that we collect on the website www.Coalfire.com as it may be modified, relocated and/or redirected from time to time (the "Site"). This Privacy Notice does not apply to any other web sites that may be accessible through the Site.

If you do not want us to handle your personal data as described in this Privacy Notice, please do not use the Site. If you reside outside the U.S., you will not be able to submit personal data through this website unless you consent to this Privacy Notice.

Personal data means information that relates to you as an individually identifiable person, such as your name, e-mail address, and mobile number.

1. WHAT PERSONAL DATA WE COLLECT

a) Information You Give Us

We collect personal data that you voluntarily share with us through the Site. For example, we may ask you to register and provide information when you download free information, such as white papers and email newsletters, or if you respond to a marketing campaign.

Sensitive Personal Data

For purposes of this Privacy Notice, "sensitive personal data" includes information revealing racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, health information, mental or physical condition, sexual orientation, gender identity, genetic data, biometric data used for identification purposes, precise geolocation data, citizenship or immigration status, and criminal conviction or offense data.

Coalfire does not intentionally collect sensitive personal data through the Site. We request that you refrain from submitting sensitive personal data through the Site, including through our contact forms, chatbot, or any other means of communication with us via the Site.

In the event that sensitive personal data is inadvertently submitted to or collected by us, we will process such information only as permitted by applicable law and reserve the right to delete such information at our sole discretion. Coalfire disclaims any responsibility for sensitive personal data that users voluntarily provide despite our request not to do so.

b) Information We Collect Through Technology On The Site

We collect information through technology to enhance our ability to serve you. When you access and use the Site, Coalfire and, in some cases, our third-party service providers collect information about how you interact with the Site. We describe below methods we use to collect information through technology.

IP Address

When you visit the Site, we collect your device identifier, browser information, and Internet Protocol (IP) address. An IP address is often associated with the portal you used to enter the Internet, like your Internet service provider (ISP), company, association, or university. While an IP address may reveal your ISP or geographic area, we cannot determine your identity solely based upon your IP address. We do not link your personal data to device identifier information, browser information, and IP addresses. Where, according to local law, IP addresses and the like are considered personal data, then we treat them as such.

Do We Use Cookies?

Yes. We use cookies on this website. A cookie is information sent by a web server to a web browser and stored by the browser. Each time the browser requests a page from the web server, the cookie communicates with the web server. This enables the web server to identify and track the web browser. We use cookies to help us understand how users use the Site. For example, cookies gather information about how long you spend on a web page so that we can understand what web pages are of most interest to users.

We, or our service providers, may send cookies which may be stored by your browser on your computer’s hard drive. We, or our service providers, may use the information we obtain from the cookies in the administration of this website, to improve the website’s usability and for marketing purposes. For example, our sales team may use information about website engagement to determine the potential interests of a user who has asked to be contacted about our services. We may use information obtained from cookies to recognize your computer when you visit our website, and to personalize our website for you. For example, we also may use information obtained from cookies to tailor how the website appears to you (including the advertisements and offers you receive) to better match your interests and preferences.

We may use anonymous cookies to record non-personal information such as website activity, date and time of visit, and domain type. We may use this information for retargeting purposes. For example, when you visit certain pages on our Site, we can bid to display advertisements to you on various advertisement networks on the Internet.

Most browsers allow you to refuse to accept cookies. (For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.) This will, however, cause some features of this website and other websites not to work. For example, without cookies, a website typically cannot remember that you have logged in when you move from page to page in the website.

Service Providers' Cookies

We use cookies provided by third-party service providers, to assist us in better understanding our Site visitors. These cookies generally collect data tied to a user's IP address, such as the length of time a user spends on a page, the pages a user visits, and the websites a user visits before and after visiting the Site. For example, based on this information, Google Analytics compiles aggregate data about Site traffic and Site interactions, which we use to offer better Site experiences and tools in the future. Google Analytics does not collect any personal data (other than IP Address which may be considered personal data in some countries). You can obtain more information about Google Analytics here: www.google.com/intl/en/policies/privacy/

Web Beacons

We include small graphic images or other web programming code, called web beacons (also known as "pixel tags", “web bugs” or "clear GIFs"), on the Site. The web beacons are minute graphics with a unique identifier. They are used to track the online movements of Web users. In contrast to cookies, which are stored in a user's computer hard drive, web beacons are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.

Chatbot

In the event you interact with the chatbot, you may be asked to provide personal data. Our chatbot is operated by a third-party service provider on our behalf. The chatbot will only ask for your name and email address; any other personal data you provide is at your own discretion and not required. Please do not provide any sensitive information. By using the chatbot, you consent to your conversations being monitored, collected, and recorded by Coalfire and its service provider.

Automated Processing

We may use automated tools and technologies, including artificial intelligence, to help us process information, improve our services, and manage our business operations. These tools support our team and are subject to human oversight. For clarity, our website chatbot does not use artificial intelligence or automated decision-making; it is operated by our third-party service provider to facilitate communication with visitors. If we introduce AI-powered features on the Site in the future, we will update this Privacy Notice accordingly. For more information about our use of AI in our business operations, see our AI Transparency Statement.

Your 'Do Not Track' Browser Setting

We support the Do Not Track (DNT) browser setting. DNT is a preference you can set in your browser's settings to let the websites you visit know that you do not want the websites collecting your personal data. We may track your online activities over time and across third-party websites or online services. For example, we might use web beacons to help us determine what links or advertisers brought you to our Site. We then track your activities on our Site. However, we will not engage in tracking if you select the DNT browser setting.

Information Third Parties Provide About You

We supplement the information we collect about you through the Site with records received from third parties in order to enhance our ability to serve you, to tailor our content to you, and to offer you information that we believe may be of interest to you.

2. HOW WE USE YOUR PERSONAL DATA

We use the information we collect to serve you and improve your experience on the Site. These purposes include:

  • Responding to requests for information
  • Responding to requests for service quotes
  • Providing users free white papers
  • Registering users for Coalfire promotional materials and events
  • Contacting users for marketing, advertising, and sales purposes
  • Responding to questions and feedback
  • Conducting market research and analysis
  • Continuously evaluating and improving the online user experience

Data Retention

We retain your personal data for the duration of the customer relationship, if any. We also retain your personal data for 12 months after our last interaction with you.

3. HOW WE SHARE THE PERSONAL DATA WE COLLECT

We do not sell or rent your personal data to third parties. The following are some of the ways we share your personal data:

  • Required Disclosures: We may be required to share personal data in a court proceeding, in response to a court order, subpoena, civil discovery request, other legal process, or as otherwise required by law.
  • Legal Compliance and Protections: We may disclose account and other personal data when we believe disclosure is necessary to comply with the law or to protect the rights, property, or safety of Coalfire, our users, or others. This includes exchanging personal data with other companies and organizations for fraud protection and credit risk reduction.
  • Corporate Transactions: We reserve the right to disclose and transfer your data, including your personal data:
    • To a subsequent owner, co-owner, or operator of the Site or successor database.
    • In connection with a corporate merger, consolidation, bankruptcy, the sale of substantially all of our membership interests and/or assets or other corporate change, including to any prospective purchasers.

4. HOW WE PROTECT THE PERSONAL DATA WE COLLECT

The security and confidentiality of your personal data is important to us. We have technical, administrative, and physical security measures in place to protect your personal data from unauthorized access or disclosure and improper use.

For example, we use Transport Security Layer (TSL) encryption to protect the data collection forms on our Site. In addition, access to customer information is restricted to authorized personnel only. Only employees who need the personal data to perform a specific job (for example, a customer service representative) are granted access to personal data. Employees with access to personal data are kept up-to-date on our security and privacy practices. Credit card numbers are used for payment processing and automatic renewals where applicable, and are not retained for other purposes.

It is important for you to protect against unauthorized access to your password and to your computer. Be sure to close your browser after you have completed your visit to the Site.

Please note that despite our reasonable efforts, no security measure is ever perfect or impenetrable, so we cannot guarantee the security of your personal data.

5. YOUR CHOICES REGARDING YOUR PERSONAL DATA

You may contact privacy@Coalfire.com to access, update, correct, and delete your personal data.

Managing Cookies and Other Data Collection Technologies: You have a number of options to control or limit how we and our vendors use Cookies and other technologies including for advertising:

  • To prevent your data from being used by Google Analytics, you can install Google’s opt-out browser add-on.
  • To opt out of interest-based advertising, you can visit http://optout.networkadvertising.org/#!/ and follow NAI’s on-screen instructions. Note that if you opt out through the NAI, you will still receive advertising, but the advertising will not be tailored to your interests. In addition, if you opt out through NAI and later delete your cookies, use a different browser, or buy a new device, you will need to opt out of interest-based advertising again.
  • To opt out of ads on Facebook or Google that are targeted to your interests, use your Facebook, LinkedIn, or Google Ads settings.
  • Check your mobile device for settings that control ads based on your interactions with the applications on your device. For example, on your iOS device, enable the "Limit Ad Tracking" setting, and on your Android device, enable the "Opt out of Ads Personalization" setting.

6. INFORMATION SPECIFIC TO NON-U.S. USERS

a) All locations outside of the United States

The personal data collected through the Site is downloaded to a server maintained by Coalfire. Coalfire is located at AWS-East-01 in the United States. Coalfire will comply with requests to exercise individual data rights in accordance with applicable law. You can contact privacy@Coalfire.com to request to exercise your data rights.

b) European Economic Area and Switzerland

The information in this section, as well as the information in the section above titled “All locations outside of the United States”, applies to users in the European Economic Area and Switzerland (collectively, the "EEA").

Individuals in the EEA ("EEA Individuals") are not required by statute or by contract to provide any personal data to the Site. Coalfire sometimes uses EEA Individuals’ personal data submitted through the Site for automated decision-making. For example, Coalfire may display advertisements and send emails to you containing content automatically chosen based on the products you have ordered from us in the past. However, Coalfire will not use EEA Individuals’ personal data submitted through the Site for automated decision-making, including profiling, which produces legal effects or similarly significantly affects the EEA Individual.

Cross-Border Data Transfers:
The personal data collected through the Site will be transferred to the United States. The recipients of personal data collected through the Site (listed in Section 3 above) are located in the United States or in the country where the data was collected. The European Commission has not issued a determination that the United States ensures an adequate level of protection for personal data.

Legal Bases For Processing:
Coalfire processes your personal data with your consent and as required by law. In addition, Coalfire processes your personal data as necessary for the performance of the sales contract, for example, when processing your requests, and to take steps, at your request, before entering into a contract with you. For example, if you ask us for quotes for products and services you are interested in buying, we may send them to you. Coalfire also processes personal data as necessary for its legitimate interests as follows:

  • Marketing and advertising: Unless you opt out as described below, we use your personal data regarding products and services you have ordered, or in which you have otherwise demonstrated an interest, as necessary to provide you information about the products and services that we think might interest you in accordance with applicable law.
  • Network and information security, fraud prevention, and reporting suspected criminal acts: In the event of fraud, a security incident, or a suspected criminal act, we would examine personal data that appeared to be linked to the incident as necessary to determine what happened, remediate, report to the authorities, and prevent a recurrence.

Right to Object to Processing for Direct Marketing or Legitimate Interests: EEA Individuals have the right to object to the processing of their personal data for purposes of Coalfire's direct marketing or legitimate interests by contacting Coalfire at privacy@Coalfire.com.

Data Retention: We retain your personal data for the duration of the customer relationship, if any. We also retain your personal data for 12 months after our last interaction with you.

Individual Rights: EEA Individuals have the right to access their personal data collected by the Site and to request that Coalfire update, correct, or delete their personal data as provided by applicable law. EEA Individuals also have the right to object to, or restrict, Coalfire's processing of their personal data.

In addition, EEA Individuals have the right to data portability concerning their personal data. Subject to certain limitations, the right to data portability allows EEA Individuals to obtain from Coalfire, or to ask Coalfire to send to a third party, a digital copy of the personal data that they provided to the Site. EEA Individuals’ right to access their personal data includes their right to receive a copy of all, or a portion, of their personal data in Coalfire’s possession as long as Coalfire’s providing the personal data would not adversely affect the rights and freedoms of others.

EEA Individuals can exercise these rights by contacting privacy@Coalfire.com. Coalfire will respond to such requests in accordance with applicable data protection law. If EEA Individuals believe that their personal data has been processed in violation of applicable data protection law, they have the right to lodge a complaint with the relevant data protection authority in the country where they reside, where they work, or where the alleged violation occurred.

EEA Individuals may use the contact information above, at any time, to withdraw their consent for the processing of their personal data where Coalfire requires their consent as a legal basis for processing their personal data. Any withdrawal will apply only prospectively, and Coalfire will continue to retain the personal data that EEA Individuals provided before they withdrew their consent for as long as allowed or required by applicable law.

In addition, you may cancel or modify the email communications you have chosen to receive from Coalfire by following the instructions contained in emails from us. Alternatively, you may visit http://www2.coalfire.com/unsubscribe/u/21732 and if your IP address is linked to your email address, you will instantly be unsubscribed from email communications. You may also revisit the link to resubscribe at any time.

EU Representative: Coalfire's representative in the European Union is Andrew Barratt. You can reach our representative at Suite 28 A, City Tower, Piccadilly Plaza, Manchester, UK, M1 4BT

c) United Kingdom

The information in this section, as well as the information in the sections above titled "All locations outside of the United States" and "European Economic Area and Switzerland", applies to users in the United Kingdom, with the following UK-specific provisions.

UK Data Protection Laws: This Privacy Notice and our processing of personal data of UK residents is subject to the UK General Data Protection Regulation and the Data Protection Act 2018.

Cross-Border Data Transfers: Personal data collected from UK residents through the Site will be transferred to the United States. We conduct such transfers in compliance with UK data protection requirements as applicable to our business operations.

Individual Rights and Complaints: UK residents have the same individual rights as described in the European Economic Area section above. If you believe that your personal data has been processed in violation of applicable UK data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the relevant supervisory authority for the United Kingdom.

UK Representative: Coalfire's representative in the United Kingdom is Andrew Barratt, located at Suite 28 A, City Tower, Piccadilly Plaza, Manchester, UK, M1 4BT.

7. CHANGES TO THIS PRIVACY NOTICE

If we change this Privacy Notice, we will post those changes on this page and update the Privacy Notice modification date above. If we materially change this Privacy Notice in a way that affects how we use or disclose your personal data, we will provide a prominent notice of such changes and the effective date of the changes before making them.

8. GENERAL

This web site contains proprietary notices and copyright information, the terms of which must be observed and followed. This site and all content in this site may not be copied, reproduced, republished, uploaded, posted, transmitted, distributed, or used for the creation of derivative works without Coalfire's prior written consent, except that Coalfire grants you non-exclusive, non-transferable, limited permission to access and display the Web pages within this site, solely on your computer and for your personal, non-commercial use of this Web site. This permission is conditioned on your not modifying the content displayed on this site, your keeping intact all copyright, trademark, and other proprietary notices, and your acceptance of any terms, conditions, and notices accompanying the content or otherwise set forth in this site. Notwithstanding the foregoing, any software and other materials that are made available for downloading, access, or other use from this site with their own license terms, conditions, and notices will be governed by such terms, conditions, and notices.

Your failure to comply with the terms, conditions, and notices on this site will result in automatic termination of any rights granted to you, without prior notice, and you must immediately destroy all copies of downloaded materials in your possession or control. Except for the limited permission in the preceding paragraph, Coalfire does not grant you any express or implied rights or licenses under any patents, trademarks, copyrights, or other proprietary or intellectual property rights. You may not mirror any of the content from this site on another Web site or in any other media.

Certain Disclaimers

Information on this web site is not promised or guaranteed to be correct, current, or complete, and this site may contain technical inaccuracies or typographical errors. Coalfire assumes no responsibility (and expressly disclaims responsibility) for updating this site to keep information current or to ensure the accuracy or completeness of any posted information. Accordingly, you should confirm the accuracy and completeness of all posted information before making any decision related to any services, products, or other matters described in this site.

Coalfire provides no assurances that any reported problems will be resolved by Coalfire, even if Coalfire elects to provide information with the goal of addressing a problem.

Use of Trademarks and Logos

All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

Use of certain reference documents, collateral and use cases

Coalfire is solely responsible for the contents of Coalfire authored documents as of the date of publication. The contents of these documents are subject to change at any time based on revisions to the applicable regulations and standards (HIPAA, PCI DSS et.al). Consequently, any forward-looking statements are not predictions and are subject to change without notice. While Coalfire has endeavored to ensure that the information contained in these documents have been obtained from reliable sources, there may be regulatory, compliance, or other reasons that prevent us from doing so. Consequently, Coalfire is not responsible for any errors or omissions, or for the results obtained from the use of this information. Coalfire reserves the right to revise any or all of this document to reflect an accurate representation of the content relative to the current technology landscape. In order to maintain contextual accuracy of these documents, all references to these documents must explicitly reference the entirety of these documents inclusive of the title and publication date; Neither party will publish references to these documents without prior written approval. If you have questions with regard to any legal or compliance matters referenced herein you should consult legal counsel, your security advisor and/or your relevant standard authority.

U.S. Privacy Notice

Last Revised: January 1st, 2026

This U.S. Privacy Notice (the "Notice") is adopted by Coalfire Systems, Inc. (collectively with its subsidiaries, ("Coalfire," "we," "us," or "our")) to comply with applicable U.S. consumer privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, "CCPA") and other comprehensive state privacy laws where applicable (collectively, "State Privacy Laws").

This Notice supplements the information contained in the Privacy Notice published by Coalfire at www.coalfire.com (the "Website") and applies to residents of the U.S. with applicable comprehensive consumer privacy laws who browse our Website or voluntarily provide Coalfire with contact information to receive content or marketing communications (each a "consumer" or "you").

I. INFORMATION WE COLLECT

Coalfire collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (collectively, "Personal Information" or "Personal Data").

We collect the following categories of Personal Information:

Category Examples
A. Identifiers Real name, alias, unique personal identifier, online identifier, IP address, email address, account name, or other similar identifiers.
B. Personal Information Categories (Cal. Civ. Code § 1798.80(e)) Name, signature, address, telephone number. Some information in this category may overlap with other categories.
C. Commercial Information Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
D. Internet or Network Activity Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
E. Geolocation Data Physical location or movements (non-precise unless you consent).
F. Inferences Inferences drawn from any of the above to create a profile reflecting preferences, characteristics, behavior, or attitudes.

Sensitive Personal Information. We do not intentionally collect sensitive personal information (such as government identifiers, precise geolocation, racial or ethnic origin, religious beliefs, health information, sexual orientation, or genetic data) through our Website. In the event we collect sensitive personal information, we will obtain your consent prior to processing where required by applicable law and will provide you with the right to limit its use to purposes necessary to provide services you request. If you voluntarily provide sensitive personal information to us without our request, you consent to our processing of such information as permitted by applicable law, and we reserve the right to delete such information at our sole discretion.

Sources of Personal Information. We obtain Personal Information from:

  • Directly from you (e.g., forms, surveys, account registration)
  • Indirectly from you (e.g., observing your actions on our Website via cookies and similar technologies)
  • Third-party service providers

Personal Information does not include:

  • Publicly available information from government records
  • Deidentified or aggregated consumer information
  • Information covered by HIPAA, CMIA, GLBA, FCRA, DPPA, or other sector-specific laws

II. USE OF PERSONAL INFORMATION

We use Personal Information for the following business purposes:

  • To fulfill or meet the reason you provided the information
  • To respond to requests for information, including service quotes and content
  • To register you for Coalfire promotional materials and events
  • To contact you for marketing, advertising, and sales purposes
  • To respond to questions and feedback
  • To provide, support, personalize, and develop our Website and services
  • To create, maintain, customize, and secure your account
  • To help maintain the safety, security, and integrity of our Website, products, services, and technology assets
  • For testing, research, analysis, and product development
  • To respond to law enforcement requests and as required by applicable law
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of Coalfire's assets
  • To comply with the law or protect the rights, property, or safety of Coalfire, our users, or others

We will not collect additional categories of Personal Information or use the Personal Information we collect for materially different, unrelated, or incompatible purposes without providing you notice.

Data Minimization. We limit our collection of Personal Information to what is reasonably necessary and proportionate to provide the services you request or for another disclosed purpose.

III. DISCLOSURES OF PERSONAL INFORMATION

We may disclose your Personal Information to the following categories of third parties for the business purposes described above:

  • Service providers and processors
  • Attorneys and other professional advisors
  • Potential buyers of Coalfire and acquisition targets
  • As required by law, regulation, or court order

In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for business purposes:

  • Identifiers
  • California Customer Records personal information categories
  • Internet or other similar network activity

IV. HOW LONG WE RETAIN PERSONAL INFORMATION

We retain Personal Information for as long as reasonably necessary to carry out the purposes described in this Notice. We may also retain Personal Information as we determine, in our sole discretion, to be necessary or advisable to: (i) exercise, establish, or defend our legal rights; (ii) comply with applicable legal, regulatory, or contractual obligations; (iii) resolve disputes; (iv) enforce our agreements; or (v) support any business or legal purpose. When Personal Information is no longer required for these purposes, we delete or anonymize it in accordance with our internal data retention policies.

V. SALES AND SHARING OF PERSONAL INFORMATION

We do not sell Personal Information. We have not sold Personal Information in the preceding twelve (12) months, as "sale" is defined under applicable law.

Sharing for Cross-Context Behavioral Advertising. We may share Personal Information with third-party advertising partners for purposes of cross-context behavioral advertising, as "share" is defined under applicable law. In the preceding twelve (12) months, we have shared the following categories of Personal Information for cross-context behavioral advertising purposes:

  • Identifiers (e.g., IP address, online identifiers, cookie IDs)
  • Internet or other similar network activity (e.g., browsing history, interactions with our Website)

You have the right to opt out of this sharing.

Without limiting the foregoing, we do not sell or share the Personal Information, including the sensitive Personal Information, of minors under age 16.

VI. YOUR PRIVACY RIGHTS

Depending on your state of residence, you may have some or all of the following rights:

  • Right to Know/Access: Request disclosure of the categories and specific pieces of Personal Information we have collected about you, the sources, purposes, and third parties with whom we share it.
  • Right to Delete: Request deletion of Personal Information we have collected from you, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate Personal Information.
  • Right to Data Portability: Obtain a copy of your Personal Information in a portable, readily usable format.
  • Right to Opt-Out of Sale: Opt out of the sale of your Personal Information. (We do not sell Personal Information.)
  • Right to Opt-Out of Sharing/Targeted Advertising: Opt out of sharing for cross-context behavioral advertising or targeted advertising.
  • Right to Opt-Out of Profiling: Opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. Coalfire does not engage in profiling that produces legal or similarly significant effects concerning consumers.
  • Right to Limit Use of Sensitive Personal Information: Limit our use of sensitive Personal Information to what is necessary to provide services.
  • Right to Non-Discrimination: Exercise your rights without discriminatory treatment.
  • Right to Appeal: Appeal our decision if we decline your request.

VII. HOW TO EXERCISE YOUR RIGHTS

To submit a request, contact us by:

  • Email: privacy@coalfire.com
  • Toll-Free Telephone: (877) 224-8077
  • Postal Mail: Coalfire Systems, Inc., Attn: Privacy c/o Legal, 330 N Wabash Ave, Suite 1430, Chicago, IL 60611

Verification. We will verify your identity before processing your request. You must provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Information (or an authorized representative). We may request your email address, state of residency, or other information to verify your identity.

Authorized Agents. You may designate an authorized agent to submit requests on your behalf. We may require:

  • Written, signed permission from you
  • A power of attorney (where applicable)
  • Direct verification of your identity

Response Timing. We will respond to verifiable requests within 45 days (extendable by an additional 45 days if reasonably necessary, with notice).

We do not charge a fee for processing requests unless they are excessive, repetitive, or manifestly unfounded.

VIII. RIGHT TO APPEAL

If we decline your privacy request in whole or in part, you have the right to appeal our decision. To appeal, contact us at privacy@coalfire.com with the subject line "Privacy Request Appeal" within 60 days of receiving our response.

We will respond to your appeal within 45 to 60 days, depending on your state of residence. If we deny your appeal, we will provide information on how to contact your state's Attorney General or other applicable regulatory authority.

IX. OPT-OUT PREFERENCE SIGNALS

We honor opt-out preference signals, including the Global Privacy Control (GPC). When we detect a GPC signal from your browser, we will treat it as a valid request to opt out of the sale or sharing of your Personal Information and targeted advertising for that browser and device.

For more information about GPC, visit: https://globalprivacycontrol.org

X. CHILDREN'S PRIVACY

Our Website is not directed to individuals under 16 years of age. We do not knowingly collect Personal Information from children under 16. If we learn we have collected Personal Information from a child under 16, we will delete that information.

XI. CALIFORNIA-SPECIFIC DISCLOSURES

Shine the Light. California Civil Code § 1798.83 permits California residents to request information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. We do not disclose Personal Information to third parties for their direct marketing purposes.

Financial Incentives. We do not offer financial incentives or price differences in exchange for the retention or sale of Personal Information.

XII. CHANGES TO THIS NOTICE

We may update this Notice from time to time. When we make material changes, we will post the updated Notice on our Website and update the "Effective Date" above. Your continued use of our Website after posting constitutes your acceptance of such changes.

XIII. CONTACT INFORMATION

If you have questions about this Notice or wish to exercise your privacy rights, contact us at:

Email: privacy@coalfire.com
Toll-Free Telephone: (877) 224-8077
Website: www.coalfire.com

Postal Address:
Coalfire Systems, Inc.
Attn: Privacy c/o Legal
330 N Wabash Ave, Suite 1430
Chicago, IL 60611