Privacy Policy


Last updated: 24 May 2023

This privacy policy explains the types of personal data that we may collect about visitors to our website, those who subscribe to our services, and job applicants. It covers how that personal data may be used, who we share it with and the rights you have in relation to that information. We are committed to protecting your personal data and to being transparent about the types of information that we hold.

Who We Are and How to Contact Us

The websites (www.approov.io and www.criticalblue.com), Approov branding, and associated digital properties belong to Approov Limited (Company registered in Scotland, No. SC224237). Approov Limited are responsible for, and control the processing of, your personal data unless stated otherwise.

If you have any questions or concerns regarding this privacy notice, please contact us:

Email: privacy@approov.io

Post: Chief Technical Officer, Approov Limited, 181 The Pleasance, Edinburgh, EH8 9RU, United Kingdom.

Personal Data That We May Collect

In the course of our business, we may collect the following personal data from you.

  • Contact information such as name and title, email address, address, telephone and mobile number.
  • Billing and payment information such as credit card details and billing address.
  • Usage data such as information on how you use our website and services.
  • Technical data such as IP address, time zone and location, device and software being used to access our website.
  • Biographical and personal information from CVs/resumes and job applications, such as date of birth, academic and professional qualifications gained and employment history.

We do not knowingly collect or process any special category data. Special category data is data that is more sensitive e.g. information about an individual's race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation.

How And Why We Collect And Process Personal Data

This section explains:

  • the ways in which we collect your personal data,
  • the purpose for processing your personal data, and
  • the lawful basis that we rely on for processing your personal data (we can only process your personal data if we have a lawful basis for doing so).

When You Visit Our Website

Web server logs

We use third party service providers, HubSpot and Amazon Web Services, to host our website. Both Amazon Web Services and HubSpot may automatically collect standard log data including your IP address, the pages you have accessed, any information requested, the date and time of the request, your browser version and operating system, and the referral source. Individuals cannot be identified from this information alone.

Our Amazon Web Services server is based in Ireland. The Amazon Web Services privacy policy is available here https://aws.amazon.com/privacy.

HubSpot is based in the US and may store your information outside of the European Economic Area. HubSpot agrees to abide by and process European Data in compliance with the Standard Contractual Clauses approved by the European Commission. Their privacy policy is available here https://legal.hubspot.com/privacy-policy.

Purpose for processing

The purpose for processing the above data is:

  • To measure our website traffic and usage in order to improve the content of the website and to help us identify errors in our services.
  • To prevent fraud and to ensure the security of our services.
  • To evaluate marketing activities such as visitor retention, referral evaluation, and channel validation.
Legal basis for processing

The lawful basis that we rely on to process your personal data is Article 6(1)(f) of the GDPR which allows us to process personal data when it is necessary for the purposes of our legitimate interests in order for us to run our business.

Analytics

We use a third party service, Google Analytics, to collect standard log data and behaviour patterns for visitors to our website. IP addresses are anonymized to prevent storage of full IP address information. Individuals cannot be identified from this information alone. Google Analytics collects this data solely on our behalf and we use the information to improve the content and performance of our website.

Details on how you can control the information collected by Google from websites or apps that use their services can be found here

https://policies.google.com/technologies/partner-sites

To opt out of Google Analytics you can use a browser add-on, more information can be found here https://tools.google.com/dlpage/gaoptout/.

We use FullStory, a web analysis tool, to capture visitor behaviour on our website. FullStory may record usage patterns (pages visited, links clicked and mouse movements) and technical information (browser and device type, operating system, IP address and script errors). We use this information to improve our services. We do not store any personal information, including information entered in form fields, and we have enabled the "Discard user IP addresses" extension to ensure that FullStory does not transmit your IP address to us.

You can find out more about the information collected by FullStory here https://www.fullstory.com/resources/fullstory-gdpr-you/. Their privacy policy is available here https://www.fullstory.com/legal/privacy/.

You can opt out of FullStory data capturing here: https://www.fullstory.com/optout/.

Cookies

We use cookies and other tracking technologies to generate or collect some information from your computer or device automatically as you use our website. Cookies are small data files that are stored on your device. Our website uses such technologies enabled by us or third parties in order to operate and personalize the website, track how you use the site and to serve ads to you on other websites. We use a cookies tool on our website to request consent for any optional cookies that we use. Cookies that are strictly necessary for you to use and browse our website are always on (unless you adjust your browser settings).

HubSpot sets cookies that track how users interact with our website and this information is anonymized. However, if you have provided personal information to us e.g. by submitting a form on our website, it is possible that HubSpot will be able to identify other interactions that you have with us online.

You can find out more information about HubSpot cookies and how they are used in their privacy policy https://legal.hubspot.com/privacy-policy

Strictly Necessary Cookies

These are needed to enable you to use and browse our website.

Purpose for processing
  • To enable the core functionality of our website on your specific device.
  • To store your preferences.
Legal basis for processing

The lawful basis that we rely on to process your personal data is Article 6(1)(b) of the GDPR which allows us to process personal data when it is necessary to perform a contract or to take steps at your request to enter into a contract.

Cookies for which we require consent

Purpose for processing
  • To help us to improve our website by collecting and reporting information on usage (analytical cookies).
  • To enable us to improve the relevancy of marketing communications and advertising campaigns that you receive (marketing and online advertising cookies).
  • To enable you to share certain pages of our website on social media (social sharing cookies).
Legal basis for processing

The lawful basis that we rely on to process your personal data is Article 6(1)(a) of the GDPR which allows us to process your personal data when you have given us clear consent to do so for a specific purpose. Where we process your personal data based only on your consent, you can withdraw this consent at any time by contacting us.

LinkedIn (Insights Tag)

We use LinkedIn Insights Tag, an analytics and retargeting service provided by LinkedIn Ireland, to better understand our audience and to help promote our business.

The LinkedIn Insights Tag is installed on our website and when you visit our site, a cookie is set on your browser by LinkedIn. This enables the collection of data such as IP address, device and browser type, timestamps and page views. We receive anonymous statistics about our audience and the performance of our adverts. We may use this data to track conversions and to retarget website visitors.

All data is encrypted and stored securely by LinkedIn. For more information, please see LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy.

You can opt out of cookies from LinkedIn on your LinkedIn Settings page.

Information on how to manage advertising preferences in LinkedIn can be found here https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences

For more information about how we use cookies, see our Cookies Policy https://www.approov.io/cookies

When You Contact Us

Complete an enquiry form

If you complete an enquiry form on our website, details of the information you submit will be collected and stored on our behalf by HubSpot, a third party CRM service provider. We will collect information such as your first and last name, email address and details of your enquiry. This information is mandatory and if you do not provide it then you will not be able to submit the form. You may also provide additional optional information such as phone number, country of residence and job function. We receive an email notification when a form has been submitted on our website, and this will contain a copy of the information you have provided.

Purpose for processing
  • To send you the sales and technical information required to access and use our services and products.
  • To respond to any communications that we receive and to keep a record of correspondence.
Legal basis for processing

The lawful basis that we rely on for processing your personal data is either Article 6(1)(b) of the GDPR where the email relates to us providing you with information on our products or services and it is necessary in order to perform a contract, or Article 6(1)(f) where it is necessary for our legitimate interests.

Submit a request for technical support

We use a third party service, Zendesk, to manage some technical support requests. When you submit a support request on our website, Zendesk may collect your contact information (email address) and details of your request directly from you on our behalf. This information is stored securely by Zendesk in accordance with their privacy policy

https://www.zendesk.co.uk/company/customers-partners/privacy-policy/.

Zendesk is based in the US and may store your personal data outside of the EEA. Zendesk has obtained approval for its Binding Corporate Rules as a data processor for its customers’ data to facilitate safe transfers of personal data from the EEA to members of the Zendesk family of companies. In addition, Zendesk offers its customers protections under the Standard Contractual Clauses.

We receive an email notification when a support request has been submitted and this will contain a copy of the information you have provided. We use a third party provider, OpsGenie, for our on-call management system. When a technical support request is made a copy of the information you submit is also sent to our on-call management system. This information is stored securely by OpsGenie in accordance with their privacy policy, which can be found here https://www.opsgenie.com/privacy.

OpsGenie is based in the US and may store your personal data outside of the EEA. Information is transferred under Standard Contractual Clauses approved by the European Commission and OpsGenie are bound by these clauses to safeguard this information.

Purpose for processing
  • To respond to any communications we receive relating to our products or services.
  • To send you the sales and technical information required to access and use our services and products.
Legal basis for processing

The lawful basis that we rely on to process your personal data is Article 6(1)(b) of the GDPR which allows us to process personal data when it is necessary to perform a contract or to take steps at your request to enter into a contract.

Send us an email

If you send us an email we will collect your email address and any other information that you have provided. We use a third party provider, Gmail, for our email services, their privacy policy can be found here https://policies.google.com/privacy.

Please be aware that any emails we send or receive may not be protected in transit. If you send us an email using the email address(es) on our website, a copy of the information you have provided will be stored on our behalf by HubSpot, a third party CRM service provider.

Purpose for processing

To respond to any communications that we receive and to keep a record of correspondence.

Legal basis for processing

The lawful basis that we rely on for processing your personal data is either Article 6(1)(b) of the GDPR where the email relates to us providing you with information on our products or services and it is necessary in order to perform a contract, or Article 6(1)(f) where it is necessary for our legitimate interests.

Submit a job application to us

We collect information directly from you if you apply for a job with us or submit your CV/resume. This will include contact information and biographical information. If you submit a job application or your CV to us using the email address(es) on our website, the information you provide will be stored on our behalf by HubSpot, a third party CRM service provider.

Your personal data is stored securely by HubSpot in accordance with their privacy policy which can be found here https://legal.hubspot.com/privacy-policy.

Purpose for processing

To evaluate your suitability for a job with us.

Legal basis for processing

The lawful basis that we rely on to process your personal data is Article 6(1)(f) of the GDPR which allows us to process personal data when it is necessary for the purposes of our legitimate interests in order for us to run our business.

When you subscribe to our Services

When you sign up for a trial subscription of Approov, your contact information will be collected and stored on our behalf by HubSpot, a third party CRM service provider.

We use the following third party services: Chargebee to manage paid subscriptions and to process recurring payments and Stripe to provide a payment gateway. If you sign up for a paid subscription to Approov, Chargebee may collect contact and billing information directly from you on our behalf. Your contact information is stored securely by Chargebee in accordance with their privacy policy which can be found here https://www.chargebee.com/privacy/ .

Chargebee do not store or have access to your complete payment card information. Stripe uses and processes your complete payment information in accordance with their privacy policy https://stripe.com/gb/privacy .

We do not store or have access to your complete payment card information.

Purpose for processing
  • To enable us to register you for our products or services.
  • To manage and administer your account.
  • To carry out billing activities.
  • To respond to any communications we receive (where the message relates to us providing you with our products or services).
  • To send you the sales and technical information required to access and use our services and products.
Legal basis for processing

The lawful basis that we rely on to process your personal data is Article 6(1)(b) of the GDPR which allows us to process personal data when it is necessary to perform a contract or to take steps at your request to enter into a contract.

Purpose for processing
  • To respond to any communications we receive and to keep a record of correspondence.
  • To contact you with information on related content, products or services.
Legal basis for processing

The lawful basis that we rely on to process your personal data is Article 6(1)(f) of the GDPR which allows us to process personal data when it is necessary for the purposes of our legitimate interests in order for us to run our business.

When You Use Our Website

Submit a form or use our live chat service

We may collect information such as your first and last name, professional email address and job function if you visit our website and:

  • request a downloadable resource or service from our website (for example, a copy of an e-book or one of our demos).
  • submit a query through the pop-up form.
  • use our live chat service.

Some of this information is mandatory and if you do not provide it then we will be unable to fulfil your request.

If you submit a form on our website or use our live chat service, the information you submit will be collected and stored in HubSpot, a third party CRM. Your personal data is stored securely by HubSpot in accordance with their privacy policy which can be found here https://legal.hubspot.com/privacy-policy. We receive an email notification when someone submits a form or question through the website and this will contain a copy of the information you have provided.

Purpose for processing

The purposes for which we process your personal information include:

  • To send any downloadable resources (e.g. our ebooks) to you that you have opted to receive.
  • To communicate with you about our products and services.
  • To respond to any communications we receive and to keep a record of correspondence.
Legal basis for processing

The lawful basis that we rely on to process your personal data is Article 6(1)(f) of the GDPR which allows us to process personal data when it is necessary for the purposes of our legitimate interests in order for us to run our business.

Sign up to our newsletter

We use a third party CRM service provider, HubSpot, to send out our newsletter and administer our mailing list. Hubspot will collect and store contact information, such as your name and email address, directly from you on our behalf when you subscribe to receive our newsletter. We receive an email notification when someone subscribes to our newsletter and this will contain a copy of your contact information. You can opt out of receiving marketing communications from us at any time by clicking on the “unsubscribe” link at the bottom of our emails, or by sending an email to privacy@approov.io.

Purpose for processing

To send any marketing communications (e.g. our newsletter) to you that you have opted to receive.

Legal basis for processing

The lawful basis that we rely on to process your personal data is Article 6(1)(a) of the GDPR which allows us to process your personal data when you have given us clear consent to do so for a specific purpose. Where we process your personal data based only on your consent, you can withdraw this consent at any time by contacting us.

Interact with our social media channels

We use a third party provider, HubSpot, to manage our social media channels, such as Twitter and LinkedIn. If you interact with us through our connected social channels, a record of this will be stored in HubSpot.

Your personal data is stored securely by HubSpot in accordance with their privacy policy which can be found here https://legal.hubspot.com/privacy-policy.

Purpose for processing
  • To respond to any communications we receive and to keep a record of correspondence.
  • To evaluate the success of our social media and marketing campaigns.
Legal basis for processing

The lawful basis that we rely on to process your personal data is Article 6(1)(f) of the GDPR which allows us to process personal data when it is necessary for the purposes of our legitimate interests in order for us to run our business.

View videos on our site

We use Wistia, an online video provider, to host videos on our website. We have enabled a special mode of the video player, called "Privacy Mode", to ensure that Wistia only collects fully anonymized viewing data by disabling session and cookie tracking and anonymizing IP addresses. More information about Wistia’s privacy practices can be found at https://wistia.com/privacy.

We also use YouTube's privacy-enhanced mode to embed videos from our official YouTube channel on our website. Please see our cookie policy for more information.

Schedule a meeting

We use a third party provider, Calendly.com, to enable appointment scheduling through a link on our website. When you are redirected to Calendly to schedule an appointment with us, you voluntarily enter information such as your name, email address and information regarding the meeting. Your personal data is stored securely by Calendly in accordance with their privacy policy which can be found here https://calendly.com/pages/privacy

Register for a webinar

We use the Zoom platform to conduct online meetings and webinars. Zoom is a service provided by Zoom Video Communications, Inc.

If you register for and/or attend one of our online events, we may collect and process personal data such as your first and last name, email address and job function. We may also collect and process information that you provide during the webinar, such as comments you provide through the chat function.

Please note that we may record these webinars. The recordings include the names of the panellists and may include any contribution that you make. A link to the recording may be shared with those who registered/attended. We may also upload the recordings to our website and YouTube channel and share them via our social media accounts.

Your personal data is stored securely by Zoom in accordance with their privacy policy which can be found here https://zoom.us/privacy

When you register for one of our webinars, a copy of the information you provide will be stored in our Zoom account. It will also be stored on our behalf by HubSpot, a third party CRM service provider.

Purpose for processing
  • To enable you to access the online meeting or webinar.
  • To contact you with information on related content, products or services (where you have indicated that you wish to receive these communications).
Legal basis for processing

The lawful basis that we rely on to process your personal data is Article 6(1)(f) of the GDPR which allows us to process personal data when it is necessary for the purposes of our legitimate interests in order for us to run our business.

We may also process your personal data when we have a legal obligation to do so: when the processing is necessary for us to comply with the law (not including contractual obligations), such as to comply with a court order or similar legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

The following pages utilize framing techniques to serve content from our partners while preserving the look and feel of our website. Please be aware that you are providing your personal data to these third parties and not to us.

  1. Our subscription sign up page is hosted by Chargebee.
  2. Our support request page is hosted by Zendesk.

Information Processed On Behalf Of A Client

Approov Limited has developed its solutions with privacy in mind (“Privacy by design”). The intent is to support our client’s requirement to comply with the most stringent of privacy regulations.

When a client signs up for an Approov account, we collect and process information about their end users; specifically, a unique app instance identifier (Install ID) and an IP address. Note that Install ID is referred to as Device ID in the Approov documentation. Install IDs and IP addresses are masked to afford data subjects reasonable anonymity and to assure their rights to privacy are balanced with the legitimate business interest of our clients to protect their assets through our software and services.

If you use an app that is using the Approov service, then we will retain the above data as long as the Approov account, with which the app is registered, is active. We will also continue to retain this personal data after the account is terminated if it is necessary for tax and financial reporting purposes or to comply with our legal obligations.

Profiling And Automated Decision Making

We do not use automated decision making (making a decision solely by automated means without any human involvement).

We may use profiling (automated processing of personal data to evaluate certain things about an individual). Based on your personal information, or data that we have gathered through your use of the website or services, we may apply scripted logic to enable us to send you more relevant communications, or to offer you additional resources or services.

The purpose for processing your personal data in this way is to help us to improve the way that we promote and market our services to you.

The legal basis we rely on for processing your personal information is Article 6(1)(f) of the GDPR, when the processing is necessary for our legitimate interests in a way which might be reasonably expected in order for us to run our business.

Sharing Your Data With Others

We may share your data with third party data processors who provide services for us. We have contracts in place with our data processors. We will only provide them with the information that they need to carry out their services and they may only use your data for the purpose(s) specified in our contract with them. When we stop using their services, any data they hold about you must either be deleted or anonymized, unless they require it for tax or financial reporting or to meet legal obligations

Within Approov Limited, personal data will only be shared between members of staff who legitimately need the information to carry out their normal duties in order to provide you with the service you have requested.

In the event of a merger with or an acquisition by another company, your personal data will, where relevant, be transferred to the new owner under the terms of this privacy notice.

We may disclose your personal data if we conclude that it is required by law, such as to comply with a court order or similar legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Transfer Of Personal Data To Other Countries

Your personal data will be transferred and stored outside of the European Economic Area (EEA) in the following circumstances:

Our head office is based in Edinburgh, UK and we have an office in the US. Customer data will be shared with select sub-processors in the US who have a legitimate business need to access that data, such as customer onboarding or technical support. In these circumstances, we have adequate measures in place and the transfer of personal data is governed by EU Standard Contractual Clauses.

We use a third party provider, HubSpot, to host and manage some of our website and to provide CRM services. When you contact us, use or interact with our website your personal data may be collected by HubSpot and stored outside of the EEA. HubSpot agrees to abide by and process European Data in compliance with the Standard Contractual Clauses approved by the European Commission.Their privacy policy is available here https://legal.hubspot.com/privacy-policy.

Our support request page is hosted by Zendesk, they will collect contact information directly from you on our behalf. Zendesk is based in the US and may store your personal data outside of the EEA. Zendesk has obtained approval for its Binding Corporate Rules as a data processor for its customers’ data to facilitate safe transfers of personal data from the EEA to members of the Zendesk family of companies. In addition, Zendesk offers its customers protections under the Standard Contractual Clauses. Their privacy policy is available here https://www.zendesk.co.uk/company/customers-partners/privacy-policy/ .

We use a third party provider, OpsGenie, for our on-call management system. When a technical support request is made a copy of the information you submit is also sent to our on-call management system. OpsGenie is based in the US and they may store your personal data outside of the EEA. Information is transferred under Standard Contractual Clauses approved by the European Commission and OpsGenie are bound by these clauses to safeguard this information. Their privacy policy is available here https://www.opsgenie.com/privacy .

We use a third party provider, Zoom Video Communications, Inc., to conduct online meetings and webinars. Zoom is based in the US and they may store your personal data (including recordings of events) outside of the EEA. Information is transferred under Standard Contractual Clauses approved by the European Commission and Zoom are bound by these clauses to safeguard this information. Their privacy policy is available here https://www.zoom.com/privacy

In limited and necessary circumstances, your information may be transferred outside of the EEA to comply with our legal or contractual requirements, for example, in the event of the merger with or acquisition by another company. In these circumstances, we would ensure adequate measures were in place and we would rely on lawful measures to transfer that information, such as Binding Corporate Rules or EU Standard Contractual Clauses.

How Long Personal Data Is Kept

We will retain your personal data for no longer than is necessary. This will depend on why it was collected, or if we have a continuing lawful basis to do so, such as to fulfil a contract between us, perform a service you have requested or for our legitimate interests. Your personal data will be deleted if we no longer have a valid reason or legal requirement to process it. The following retention periods apply:

  • Website server log information: we retain this information for 6 months.
  • Analytics information: we retain this information for 26 months.
  • Demo or trial subscription: when you sign up for a demo or trial subscription to our services, we will retain that information for 12 months.
  • Customer subscription information: when you sign up for a paid subscription to our services, we retain that information for 6 years following the end of the financial year in which your subscription ended. This is in accordance with our legal obligation to keep records for tax purposes.
  • Enquires (including technical support requests): we will retain this information for as long as it takes for us to respond to and resolve your query and for an additional 12 months.
  • Newsletter subscription: we retain this information for as long as you are subscribed.

Information received from unsuccessful job applicants will be retained for the statutory recommended period. If you have given us consent to hold your data for longer in order to be considered for future opportunities then we will retain it for the agreed period. You have the right to withdraw that consent at any time.

If, in the future, we intend to process your personal data for a purpose other than that for which it was collected then we will provide you with information on that purpose prior to doing so.

Information Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your Rights

You have a number of rights with regard to your personal data:

  • The right to be informed about the collection and use of your personal data.
  • The right to access the personal data that we hold about you.
  • The right to have your personal data rectified if it is inaccurate or incomplete.
  • The right to have your personal data erased, in certain circumstances.
  • The right to restrict or suppress your personal data, in certain circumstances.
  • The right to object to us processing any personal data that we process where we are relying on legitimate interests as the legal basis of our processing.
  • The right to data portability.
  • The right to ask us not to use your personal data for marketing purposes.

Further information about your rights can be found on the ICO’s website https://ico.org.uk/

Please contact us if you wish to exercise any of these rights, our contact details are listed at the end of this policy. There is no charge for us providing you with this data and it will usually be provided within a month of the request (unless the request is unfounded or excessive).

In order to protect your data, we may ask for proof of your identity before proceeding with any request you make under this privacy notice.

If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time. This will not affect the lawfulness of the processing before your consent was withdrawn.

You have the right to lodge a complaint to the Information Commissioner’s Office if you are unhappy with the way we have processed your personal data.

Children’s Privacy

Our website and services are not aimed at children under the age of 16 and to the best of our knowledge we have not gathered personal data from any children under the age of 16. If you have reason to believe that a child under the age of 16 has submitted personal data to us, please contact us at privacy@approov.io so that we can delete it.

Links

Our website contains links to other sites. Please be aware that we are not responsible for the content or privacy practices of other sites. We encourage you to read the privacy statements on the other websites you visit.

Changes To Our Privacy Policy

We’ll keep this information up to date and any changes we make will be posted on our website.

Please contact us if you would like to see previous versions of our privacy policy.

Request a Demo

Give us 30 minutes and our security experts will show you how to protect your revenue and business data by deploying Approov to secure your mobile apps and your APIs

Get a Trial

Approov offers a complimentary 30 day trial (no credit card necessary) to give you immediate and valuable insight into the security risks of your mobile apps and the devices they run on.