1.1. This privacy policy (“PP”) explains how Wing Security Ltd., (together with its affiliated companies – “Wing”, or the “Company”) collects, stores, uses, and shares, etc. personal data of our website visitors, prospects and customers (“User/s”) in connection with (i) the Company’s website at https://wing.security and any other websites, microsites, subdomains, social media pages, blogs, or other similar forums or digital asset, online ads and content, emails or other communications, that Wing own or control, which links to this PP (the “Site/s”), (ii) events or webinars that Wing organizes or takes part in (“Events”), and (iii) the Platform, the Freemium Platform and any related services provided by Wing (the “Offering”, collectively with the Site and the Events the “Services”).
1.2. This PP does not apply to any personal data that Wing collects, processes and manages on behalf of Customers (as defined below) in connection with the Offering, which Customers or any of Customers’ end users: (i) post, submit, run on, or upload to the Offering, (ii) cause to interface with the Offering, or (iii) upload to the Offering under Customer’s account or otherwise transfer, process, use or store in connection with Customer’s account on the Offering (“Customers Data“). Wing processes such Customer Data, in its position as a processor under the GDPR or as a service provider under the CCPA on behalf and under the instruction of the Customer subject to Wing’s Data Processing Addendum located: [https://mc.wing.security/terms/wing%20security%20dpa%20-%2027112022] (“DPA”).
1.3. The PP is an integral part of the Company’s terms of services, which govern the use of the Platform [https://mc.wing.security/terms/wing%20platform%20-%20terms%20of%20service%20-%20bas%20-%2030112022%20clean] or any other agreement executed between Wing and User governing the use of the Offering (“Platform TOS”), the Freemium Platform [https://mc.wing.security/terms/wing%20-%20freemium%20terms%20of%20service] (“Freemium TOS”), and the Site [https://wing.security/terms-of-use/] (“TOU”). Each of the TOU, Freemium TOS, and the Platform TOS (as applicable), together with this PP – the “Terms”).
1.4. User is not under any legal obligation to submit personal data to Company. However, in case User chooses not to submit personal data to Company, User may not be able to use the Services or any part thereof.
1.5. By attempting to use or access, or by using or accessing the Services, User agrees to be bound by the Terms. If User does not agree with the Terms (or any part thereof), User must not use or access the Services. User’s acceptance of the Terms will be deemed as User’s consent to the processing of User’s personal data for all purposes detailed in this PP. To revoke such consent, User may contact us at privacy@wing.security.
1.6. The Company may amend this PP from time to time. Company will seek User’s prior consent to any material changes, if and where this is required by applicable law.
1.7. All capitalized terms used but not defined herein shall have the meaning ascribed to them in the Terms, as applicable or applicable law.
Wing collects (whether directly or indirectly by utilizing third-party service providers as set forth under Section 5 below) the following types of personal data:
2.1. Information provided by User. Company collects any data User provides Company with via the Services, including but not limited to:
2.1.1. User’s business and personal contact details and interests which Users provided the Company with via the Services, (e.g., via the “Contact Us” button or any similar button on the Services), such as name, surname, position, workplace, email address, phone number.
2.1.2. Any data relating to Users who visits the Sites and/or participate in Events or otherwise interacts with Wing.
2.1.3. Any communication or interaction between User and the Company, e.g., emails, phone conversations, chat sessions, surveys User’s inquiries including support requests, interactions through the Services, social media channels, feedback, calls and video recordings and/or transcriptions, and analyses thereof, including in connection with Wing’s business initiatives, such as Events.
2.1.4. Additionally, Wing collects the following types of data, solely concerning Users who use Wing’s Platform, Freemium Platform and any related services provided by Wing (“Customers”):
2.1.4.1. Customer’s account information such as, name, surname, position, workplace, email address, phone number and other authentication and security credential information as used for authentication and access control purposes, or any other information made available to Wing in connection with Customer’s onboarding to the Services, including any updates to Customer’s registration information);
2.1.4.2. Customer’s payment information such as, mailing address, company name (if applicable), bank account details, account details at payment processing services and payment preferences;
2.1.4.3. Customer’s transaction information billing details, billing contacts and authorized signatories on behalf of the Customer, business needs and payment preferences and other details of products or services Customer have purchased from the Company including any data concerning Customers’ personnel who communicate with the Company concerning the Customer’s use of the Services.
2.2. Information collected automatically. Company automatically collects data, directly or indirectly (e.g., via advertising and analytics partners of Wing) when User visits, interacts with, or uses the Services, including but not limited to:
2.2.1. Users’ access to Wing’s servers (i.e., log files), such as requested content, the name of the website accessed, file, date and time of access/request, access status / HTTP status code, etc.), in order to ensure the functionality and security of the Services, for troubleshooting, and for maintaining and improving Services including optimizing the Company’s marketing efforts.
2.2.2. identifiers and information contained in cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels), as further described hereunder below in order to analyze and regularly improve the use of the Sites, to provide functionality, to recognize you across different services and devices, to enhance Users’ experience and to improve the Company’s marketing efforts;
2.2.3. User’s settings preferences, backup information;
2.2.4. Uniform Resource Locators (URL) clickstream to, through and from the Services;
2.2.5. content User viewed or searched for, page response times, and page interaction information (such as scrolling, clicks, and mouse-overs);
2.2.6. network and connection information, such as the Internet protocol (IP) address and information about User’s Internet service provider;
2.2.7. computer and device information, such as browser type and version, operating system, or time zone setting; the location of device.
2.3. Information collected from third-party Sources. Wing may receive information about Users through partners, resellers, related companies and other third-party service providers.
3.1. The Company’s Services may include links to third party websites and services, and integrations with third party services. This PP does not apply to such products, services, websites, links or any other content that are offered by third parties. User is advised to check the applicable third-party policies. Company has no control over such third parties’ privacy practices, or the technology used by such third parties. Each User is advised to thoroughly review such third parties’ privacy policies before making any use of such third party’s products and services.
3.2. Without derogating from the generality of the above, when clicking on certain social media links provided on the Sites (e.g., Twitter, Facebook, LinkedIn, Instagram) User will be transferred to Company’s sites on such social media (“Social Media Sites”). It shall hereby be clarified that such Social Media Sites are governed by the terms of use and privacy policy of the respective social media and not by the Company.
3.3. To facilitate and customize the User’s experience of the Services and to track User’s use of the Services, Company may utilize cookies and other industry standard technologies. A cookie is a small text file that is stored on a User’s device for record-keeping purposes which contains information about that User. Some cookies are removed when you close your browser session – these are the “session cookies”. Some last for longer periods and are called “persistent cookies”. We use both types of cookies to facilitate the use of the Services’ features and tools. Whilst we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser, you can manage your cookies preferences, including whether or not to accept them and how to remove them, through your browser settings. Please note that if User declines or deletes cookies, some parts of the Services may not work properly. To learn more about Wing’s cookies practices, please visit Wing’s ‘cookie settings’ presented on the Wing Site’s footer.
3.4. By clicking on a link to a third-party website or service, a third party may transmit cookies to User. This PP does not cover the use of cookies by any third parties, and the Company is not responsible for such third parties’ privacy policies and practices.
3.5. Without derogating from the foregoing, please note that the Company may use analytic tools such as:
3.5.1. Google Analytics. Wing uses Google Analytics to collect information about the use of the Services, in order to analyze and achieve marketing and other legitimate business goals, and improve user experience, including by examining Users’ behavior on the Services and integrating different data as received from other sources. Please visit: https://marketingplatform.google.com/about/analytics/terms/us/, and www.google.com/policies/privacy/partners/, in order to find out how Google Analytics collects and processes data. User may learn about the way to opt-out of these analytics services here: https://tools.google.com/dlpage/gaoptout.
3.5.2. Hotjar. The Company may use Hotjar in order to better understand User’s needs and to optimize the Services and experience. Hotjar is a technology service that helps the Company to better understand Users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what Users do and don’t like, etc.) and this enables the Company to build and maintain the Services with User feedback. Hotjar uses cookies and other technologies to collect data on Company’s Users’ behavior and their devices. This includes a device’s IP address (processed during User session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display the Company’s Services. Hotjar stores this information on Company’s behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on Company’s behalf. Please visit: https://www.hotjar.com/legal/policies/privacy/, in order to find out more on how Hotjar collects and processes data.
3.5.3. HubSpot Analytics. The Company may use, on the Sites, HubSpot Analytics uses cookies and beacons to track how long Users and visitors are, what marketing pages they visit, what marketing offers they respond to, and a visitor’s identity which enables the Company to improve and provide such Sites. Please visit https://legal.hubspot.com/privacy-policy in order to find out more on how HubSpot collects and processes data.
3.5.4. Propensity. The Company may use, on the Sites, services provided by Addapptation Inc. d/b/a Propensity from 19 Hampton Road, Unit 6, Exeter, NH 03833 (“Propensity”) as a marketing automation software, to help Wing to know more about business prospects and to help determine how and when Wing should interact with them, all in order to optimize and improve Wing’s marketing strategy. When Users opt-in through the Wing cookie consent banner on the Site, Wing may transfer User’s data (e.g., web data and site activity data etc.) to Propensity for the above-mentioned purpose. Users can opt-out through the Wing cookie consent banner on the Site or by visiting the cookie setting feature (presented on the Wing Site’s footer) . Then User’s data will no longer be transferred to Propensity. Please visit: https://www.propensity.com/propensity-privacy-policy, in order to learn more in how Propensity collect and process the data.
3.5.5. Calendly. The Company uses, on the Sites, services provided by Calendly LLC., from 1315 Peachtree St NE, GA 30309 Atlanta, United States. Such services enable the Company to provide its Users with an online calendar in which Users may schedule a demo meeting with the Company. Calendly may process usage data (e.g. web pages visited, interest in content, access times), contact data (e.g. e-mail addresses, telephone numbers), and master data (e.g. names, addresses) in the USA (subject to a proper mechanism such as standard contractual clauses). User may opt-out of these services at any time, by contacting us in accordance with Section 12 below. Please visit: https://calendly.com/privacy, in order to learn more on how Calendly collect and process data.
3.5.6. Mixpanel. Wing uses, on the Platform and Freemium Platform, services provided by Mixpanel, via which Wing may collect personal data, such as, Customers’ email address and activity on the Services, for analytics and marketing purposes including by tracking page content, and click movements, scrolls and keystroke activities. Please visit: https://mixpanel.com/legal/terms-of-use/, and https://mixpanel.com/legal/privacy-policy/, in order to learn more on how Mixpanel collect and process data. Users can opt-out of Mixpanel’s services by contacting Mixpanel at: compliance@mixpanel.com.
3.5.7. LogRocket. Wing uses, on the Platform and Freemium Platform, services provided by LogRocket inc., via which Wing may collect personal data regarding Customers’ behavior on the Services such as, Customers’ email address and activity on the Services, for analytics and marketing purposes including by tracking page content, and click movements, scrolls and keystroke activities. Please visit: https://logrocket.com/privacy/ in order to learn more on how LogRocket collect and process data.
3.5.8. Intercom. Wing uses, on the Platform and Freemium Platform, services provided by Intercom Inc., to help Wing understand Customers’ use of the Services and to improve the Services. Wing may also use Intercom as a medium for communications, either through email, or through messages within the Platform or Freemium Platform. Intercom collects publicly available contact and social information related to Customers, such as email address, gender, company, job title, photos, website URLs, social network handles and physical addresses, to enhance your Customers’ experience. Further, Wing may provide a limited amount of data (such as sign-up date and some personal data such as Customers’ email address) to Intercom which acts as a data processor on Wing’s behalf. Customer may opt-out of these services at any time, by contacting us in accordance with Section 12 below. Please visit: https://www.intercom.com/legal/terms-and-policies, in order to learn more on how Intercom collect and process data.
3.5.9. Auth0 : Wing uses, on the Platform and Freemium Platform, login services provided by Auth0. Due to the nature of such services Auth0 has access to all personal data submitted by the Customer in connection with setting up Customer’s user account such as, Customers’ names and email addresses. Please visit: https://auth0.com/privacy, in order to learn more on how Auth0 collect and process data.
3.5.10. Sentry. Wing uses services provided by Functional Software, Inc. d/b/a Sentry (“Sentry”), in order to monitor and resolve errors, on the Platform and Freemium Platform. For example, when an error occurs, this service automatically sends an error notification to Sentry and Wing is notified of it along with contextual personal data, such as, the email address of the Customer that was logged in. This enables Wing to quickly and efficiently fix the issue at point. Please visit: https://sentry.io/privacy/ in order to learn more on how Sentry collect and process data.
4.1. The Company processes User’s personal data to facilitate, operate, provide, and improve the Services, including but not limited to:
4.1.1. as necessary for providing and performing the Services;
4.1.2. creating and managing User profiles;
4.1.3. providing the security analysis reports;
4.1.4. contacting User by the Company and communicating with User with respect to the Services e.g., by phone call, SMS, email, chat; responding to inquiries from User;
4.1.5. providing assistance and support;
4.1.6. fulfilling User requests; meeting contractual or legal obligations;
4.1.7. informing User about updates or offers, including personalized service-related messages, or promotional messages;
4.1.8. marketing and promoting the Sites, including by facilitating and optimizing contextual, behavioral and interests-based advertising based on Users’ activity, preferences or other data available to Wing or its business partners, and sponsor and offer certain events and promotions;
4.1.9. Creating aggregated statistical, anonymized or pseudonymized data, which Wing or it business partners may use to provide and improve the Services, or for any other purpose;
4.1.10. protecting Users security, e.g. preventing and detecting fraud;
4.1.11. Complying with legal, regulatory and contractual obligations;
4.1.12. internal purposes, e.g. development, control and operation of the Services, trouble shooting, data analysis, testing and statistical purposes.
4.2. Except as provided herein, the Company does not use any personal data other than as necessary to provide the Services, without obtaining Users’ prior consent.
4.3. The Company may ask for Users’ consent to use Users’ personal data for a specific purpose which will be provided to Users.
4.4. In case User’s personal data contains third party personal data, User represents and warrants that it has obtained any consent required under the PP to the Company’s privacy practices set forth in the PP from such third party.
5.1. In the following cases Company may disclose, without notification, personal data, any communications sent or received by each User, and any other information that Company has collected and/or was provided with:
5.1.1. as necessary for providing and performing the Services;
5.1.2. If required to do so by law according to its understanding of such law (including, but not limited to, in cases of court orders or subpoenas or other legal process);
5.1.3. Where Wing believes disclosure of personal data is appropriate to comply with the law, enforce or apply Wing’s terms and other agreements, or protect the rights, property, or security of Wing, Users, or others. This includes exchanging information with other companies and organizations for fraud prevention or investigate suspected fraud, or any activity that Company believes may be illegal or may expose Company to legal liability (for example, events involving potential threats to the physical safety of any person or property if Company believes that User’s information in any way relates to that threat) and detection and credit risk reduction or any activity that Company believes may be illegal or may expose Company to legal liability;
5.1.4. To verify the information obtained by Company;
5.1.5. If Company believes that User’s conduct on or in connection with the Services is inappropriate and inconsistent with generally accepted norms of behavior;
5.1.6. In addition, Company may be required to disclose personal data to relevant national, state and local law enforcement authorities, whom may further disclose the Personal Data;
5.1.7. To engage with third-party service providers and/or sub-contractors which provide services for Company’s business operations (e.g., hosting and server location services, data and cyber security services, internet service providers, operating systems and platforms, text analyzing services, marketing and advertising services, data and cyber security services, fraud detection, web analytics, session or activity recording services, remote access services, performance measurement, data optimization services, social and advertising networks, customer relation management systems and Company’s business, legal, tax, financial and compliance advisors. Such service providers may have access to personal data, depending on each of their specific roles and purposes in the provision of the Services or other activities, and may only use the data as determined in the Company’s agreements with them);
5.1.8. With third-party websites and/or integrations with third-party services, as further set out under Section 3 above.
5.1.9. With a third-party event host, personal data collected at events either managed by Wing or by a third party. For any event hosted by a third party, the collection and use of all personal data will be governed by the applicable third party’s privacy policy, and the terms provided to Users at the applicable event;
5.1.10. To disclose to third parties aggregated or de-identified information about Users for marketing, advertising, research, or other purposes;
5.1.11. In the event that Company, or any of its businesses, are sold or disposed of, whether by merger, sale of assets or otherwise, personal data collected hereunder may be one of the assets sold or merged in connection with such transaction. personal data collected hereunder may also be disclosed in connection with a commercial transaction where Company or any of its businesses are seeking financing, investment, and support or funding;
5.1.12. To disclose to Company’s affiliates or business partners, for the purposes described in this PP;
5.1.13. Pursuant to Users’ explicit consent.
5.2. When Company shares User’s personal data with third parties as specified above, Company requires such recipients to agree to only process the personal data Company shares with them in compliance with this PP and Company’s contractual specifications (e.g., subject to security and other appropriate confidentiality safeguards) and for no other purpose than those determined by Company in line with this PP.
6.1. Company may provide Users with direct marketing, as such term is defined in the Israeli Privacy Protection Law, 1981.
6.2. Company may also send Users advertisements, as such term is defined in the Israeli Media Law (Bezeq and Broadcasting), 1982.
6.3. User can opt out of receiving these direct marketing and/or advertisements from the Company at any time by unsubscribing using the unsubscribe link within each communication or emailing the Company at unsubscribe@wing.security to have User’s contact information removed from Company’s email list.
The company has taken appropriate technical and organizational measures to protect any User Personal Data from loss, misuse, unauthorized access, disclosure, alteration, destruction, and any other form of unauthorized processing. User should be aware, however, that no data security measures can guarantee 100% security.
8.1. Depending on Applicable Data Protection Laws, Users may be entitled to certain rights concerning their personal data such as request access and/or deletion of User’s data held by Company. If applicable in accordance with the relevant Applicable Data Protection Laws, User can send User’s request to the Company at privacy@wing.security. Any request to access may be subject to a fee to meet Company’s costs in providing such User with details of the data.
8.2. Company will take reasonable steps to verify User’s identity before granting User access or making corrections. Also, User’s request for access might be subject to a fee to meet Company’s costs in providing User with details of User’s data held by Company.
9.1. Company will retain Users personal data for a period of time consistent with the purpose of collection (see Section Error: Reference source not found4, “The Company’s Use of Collected Information”). Wing determine the appropriate retention period for personal data on the basis of the amount, nature and sensitivity of Users’ personal data processed, the potential risk of harm from unauthorized use or disclosure of Users’ personal data, and whether Wing can achieve the purposes of the processing through other means, all pursuant to and in accordance with Applicable Data Protection Law (e.g., applicable minimum statutory retention requirements).
9.2. Without derogating from the generality of the foregoing, Company will cease the retention and delete any retained personal data of User upon the earlier of (i) any termination or expiration of the Terms between User and Company, or (ii) User’s deletion request, as set forth below. If there is any data that Wing is unable, for technical reasons, to delete entirely from Wing’s systems, Wing will put in place appropriate measures to prevent any further use of such personal data.
10.1. Definition.
10.1.1. “Personal Data” means data that may be used, either alone or together with other information, to identify an individual user, including, without limitation, a user’s name, address, telephone number, username, email address, city and country, geolocation, unique identifiers, picture, or other similar information and includes personal data as defined in the General Data Protection Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”).
10.2. Legal Basis for Processing of Personal Data. Company will only process User’s Personal Data if it has one or more of the following legal bases for doing so:
10.2.1. Contractual Necessity: processing of Personal Data is necessary to enter into a contract with User, to perform Company’s contractual obligations to User under the Terms, to provide the Services, to respond to requests from User, or to provide User with customer support;
10.2.2. Legitimate Interest: Company has a legitimate interest to process User’s Personal Data;
10.2.3. Legal Obligation: processing of User’s Personal Data is necessary to comply with relevant law and legal obligations, including to respond to lawful requests and orders; or
10.2.4. Consent: processing of User’s Personal Data with User’s consent.
10.3. User’s Rights regarding Personal Data.
10.3.1. User may ask whether Company holds Personal Data about User and request copies of such Personal Data and information about how it is processed;
10.3.2. User may request that inaccurate Personal Data is corrected;
10.3.3. User may request the deletion of certain Personal Data;
10.3.4. User may request Company to cease or restrict the processing of Personal Data where the processing is inappropriate;
10.3.5. When User consents to processing User’s Personal Data for a specified purpose by Company, User may withdraw User’s consent at any time, and Company will stop any further processing of User’s data for that purpose.
10.3.6. In certain circumstances, Company may not be able to fully comply with User’s request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, however, in those circumstances, Company will still respond to notify User of such a decision.
10.3.7. User can exercise User’s rights of access, rectification, erasure, restriction, objection, and data portability by contacting Company at privacy@wing.security. In some cases, Company may need User to provide Company with additional information, which may include Personal Data, if necessary to verify User’s identity and the nature of User’s request.
10.3.8. UK Users who are not satisfied with the way the Company has responded to their concerns or with the processing of their Personal Data have the right to lodge a complaint with the Information Commissioner’s Office (ICO). Please see the ICO’s website for details of their complaints handling process. https://ico.org.uk/for-the-public.
10.4. Transfer of User’s Personal Data outside of the EEA.
10.4.1. Personal Data may be processed outside User’s jurisdiction, and in countries that may not provide for the same level of data protection as User’s jurisdiction. The Company ensures that the recipient of User’s Personal Data offers an adequate level of protection, for example by entering into the appropriate data processing agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).
10.4.2. Company currently stores Users data in Company’s data centers located in EEA and the USA, and may be accessed from Israel.
10.4.3. Without derogating from the generality of the foregoing, when transferring data from the EEA or UK to Israel, Company relies on the European Commission’s decision that Israel offers adequate data protection for transfers from the EEA or UK.
We do not sell your personal information for the intents and purposes of the California Consumer Privacy Act (CCPA).
12.1. Users may opt-out of all cookies that may result in a “sale” and/or “sharing” of Users’ personal data in the following ways:
12.1.1. By clicking on the “Cookie Setting” feature (presented on the Wing Site’s footer) the Users will be able to change their preferences by disabling the toggle button next to “Targeting cookies” (until such toggle button turns grey), and then click on the “Confirm” button to save such new preferences.
12.1.2. By managing cookies preferences, through Users’ browser settings. As indicated under Section 3.3, Wing does not respond to “Do Not Track” signals.
12.2. As mentioned above, Wing does not “sell” Personal Data. However, Wing does allow certain third-party providers to collect information about Users directly through the Site, for purposes of analyzing and optimizing Wing’s Site, providing content that is more relevant to User, measuring statistics and the success of ad campaigns, and for other purposes, as further set out under Section 5 above. To the extent this practice is interpreted to constitute a “sale” under the CCPA, please refer to the above and to Section 3 above for more information including how Users may be able to exercise their rights to opt-out of cookies, analytics and personalized advertising.
Each User is advised to be aware that personal data that the Company collects might be transferred to, processed and stored outside of User’s jurisdiction, and that data protection laws in such jurisdiction where the information is collected stored and/or processed may differ from User’s jurisdiction including in the EEA and the US, as reasonably necessary for the proper performance and delivery of the Services, or as may be required by law. Each User hereby gives User’s consent to such transfer, processing and storage of User’s Personal Data outside its jurisdiction.
Wing does not knowingly collect or solicit any information from anyone under the age of 18. The Services are not directed at or intended for children. Children under 18 years of age, may use the Services only with the involvement of a parent or guardian. In the event that Wing learns that it has collected personal data from a child under the age of 18 without consent from a parent or a guardian, Wing will delete that personal data as quickly as possible. If User believes that Wing might have any information from or about a child under 18, User should contact Wing.
If User has any questions about this PP or Company’s data practices in general, User may contact Company using the following information: privacy@wing.security.
Last update: April 2024.