legal information background Image

Legal Information

All Fortanix agreements and policies in one place

Privacy Policy

Contact Us

Mailing Address:

  • 3910 Freedom Circle, Suite 104,
    Santa Clara CA 95054
Close navigation

Fortanix Privacy Policy

Latest Version: January 2024

  1. Introduction

This Privacy Policy describes how Fortanix Inc. and its subsidiaries (hereinafter: “Fortanix”, “we” or “us”) handles Personal Data of its (prospective) customers’ representatives, (website) visitors and suppliers. Fortanix takes your privacy very seriously and is committed to handling your Personal Data in a lawful, fair and transparent manner. This Privacy Policy explains in a detailed way how we do this. As we believe that the handling of your Personal Data is very important to both you and us, we encourage you to read this Privacy Policy carefully.

When we refer to "Personal Data" under this Privacy Policy, we mean any information through which we can identify you as an individual (e.g. your name, telephone number, e-mail address or other contact details). This does not include information which is related to legal entities, such as our customers’ company information (B2B data). Nevertheless, Fortanix will treat such B2B data in the same way as it would treat Personal Data.

California residents can view our California Consumer Privacy Act notice at collection by clicking here.

  1. Scope of this Privacy Policy

This Privacy Policy applies to the use of the Personal Data of our (prospective) customer representatives, website visitors and suppliers:

  • (Prospective) customer representatives: when we do business with our customers, we collect the contact details of the (legal) representatives of the customer. We collect this Personal Data for example through forms submitted via our website or by having contact via e-mail or telephone. In addition, we collect Personal Data of our customer’s representatives to provide access to our platforms and services.
  • Website visitors: when you visit our website, we collect your (contact) details when you browse through our website and when you fill in or download forms on or from our website, such as to request a demo or trial for our products.
  • Suppliers: when we do business with our suppliers, we collect the contact details of the (legal) representatives of the supplier. We collect this Personal Data for example to maintain contact over the telephone or via email, or to conclude a contract.

Fortanix Inc. is responsible (as ‘data controller’) for collecting and using your Personal Data as described in this Privacy Policy. Fortanix Inc. has appointed Fortanix B.V. as its EU-representative. The contact details of both entities can be found under section 13 of this Privacy Policy.

In addition, other specific Fortanix entities could be responsible as a separate data controller if you enter into a business relationship with them. In such cases, you will be informed of this separately.

Please note that Fortanix does not process any personal data (either as data controller or data processor) which is placed onto its platforms or solutions by its customers, other than the contact details of the customer’s representatives to provide access to our platforms or solutions (as described in this Privacy Policy). Further information about how personal data is handled within Fortanix’ products and services can be found in the relevant product terms.

  1. How we collect and use of your Personal Data

The exact types of Personal Data that we collect and use are outlined below and depend on the relationship we have with you and the kind of services that we provide to you.

  • (Prospective) customer representatives: In order to establish business relationships with you as a client and provide you with access to the relevant products and services, we process the following Personal Data of our customer’s business representatives (acting on behalf of the company):
    • your contact details: your name, e-mail address, signature (if included on contracts) and any other contact details you provide to us.
    • your use of our services: the Personal Data that is related to the use of our services, such as information required to create user accounts.
    • any other personal data: any Personal Data that you disclose in the course of your contractual relationship with us.
  • Website visitors: when you visit our website we collect the following Personal Data of you:
    • your contact details: when you fill out the contact or downloading form on our website, we collect your name, company, e-mail address and telephone number.
    • automatically collected data: when you access our website, we automatically collect some of your data through your browser or device such as through cookies (such as your IP address, analytics regarding your use of our website and other unique electronic identifiers).
  • Suppliers: when we enter into a business relationship with our suppliers, we collect the following Personal Data of our supplier’s business representatives:
    • your contact details: your name, email address, signature (if included on contracts) and any other contact details you provide to us.
    • any other personal data: any Personal Data that you disclose in the course of your company’s contractual relationship with us.
  1. The legal basis we have for processing your Personal Data

We will only process your Personal Data if we can rely on one of the following legal bases:

  • for the performance of our agreement with you (on behalf of the company you represent);
  • to comply with a legal obligation;
  • to act upon your consent;
  • to pursue our legitimate business interests (or those of third parties).
  1. Purposes for which we use your Personal Data

We will only process your data for specific and limited purposes which are linked to the legal bases that we set out above in section 4. These purposes are:

  • for the performance of our agreement with you. To carry out the agreement that we concluded or will conclude with you on behalf of your company and to provide you with the information and services you request. For instance, we will need to process your Personal Data in order to keep in contact with you, manage and handle requests, provide (technical) support or customer service and to provide essential information regarding the services. We will also need to process your Personal Data in order to provide you with access to our products or services through a user account, as agreed with you.
  • to comply with our legal obligations. To fulfill legal obligations such as maintaining appropriate business records and to comply with requests from governmental agencies, supervisory bodies or fiscal authorities and to comply with applicable laws and regulations.
  • based on your consent. We may send marketing or other business related communications to our prospective customers, such as newsletters via email, if you have consented thereto. For existing customers, we send e-marketing (such as newsletters via email) based on our legitimate interests, as set out below.
  • for our legitimate (business) This includes the following:
    • to send e-marketing (such as newsletters via email) to our existing customers for the purpose of advertising our products and services or otherwise engaging with our customers for marketing or commercial purposes, provided that you have not opted out.
    • to manage our internal client database (CRM) system, in order to keep track of our financials and services.
    • to operate and expand our business activities and services.
    • to develop and improve the quality of our services (e.g. by conducting customer satisfaction surveys or analyzing the use of our website).
    • to operate company policies and procedures, such as for training and learning purposes.
    • to invite our customers’ representatives for relevant business events.
    • to ensure and protect the integrity, security and safety of our systems. This includes the prevention of unauthorized persons from accessing our systems.
    • to enable us to make corporate transactions, such as mergers, sales, reorganizations, transfer of our assets or business or acquisitions.
  1. Sharing your Personal Data

    To fulfill the purposes described above, from time to time we share your Personal Data with other Fortanix group companies or external service providers that assist us in delivering our services. These companies will have access to your Personal Data, but only when strictly necessary to perform their services. We do this on a strict need-to-know basis and we ensure that we enter into contractual agreements with these companies before we share your Personal Data. These companies are:
  • other entities within the Fortanix Group: we will share your Personal data internally between the responsible Fortanix entities for management purposes, internal administrative purposes, or other business related purposes as described in this Privacy Policy, such as to provide you with our services and to guarantee our contractual commitments towards our customers. You can find a list with all of our locations on our website.  
  • third party service providers: such as our business partners, hosting providers and analytics and search engine providers that support us in the improvement and optimization of our website and internal systems (e.g. our IT service providers, analytics provider, cloud storage provider).
  • third parties in case of legal requirement or legal claims: where required by law, we share your Personal Data with third parties such as tax authorities, supervisory bodies or governmental or judicial agencies. We may also share your Personal Data with other third parties, such as law firms, where necessary to initiate or defend ourselves against any legal claims.
  • third parties in case of corporate transactions: such as companies involved in mergers, sales or reorganizations or companies that we acquire.
  1. Storage location of your Personal Data

All Personal Data of our European based (prospective) customer representatives, website visitors and suppliers is primarily stored on data centers located within the European Economic Area (“EEA”). For the purposes listed in this Privacy Policy, it might be possible that your Personal Data is accessible or otherwise transferred to countries outside the EEA, such as to Fortanix group companies based in the US (e.g. Fortanix Inc.). In such cases, we will implement adequate safeguards (and, where necessary, supplementary measures) to ensure that your Personal Data is afforded a level of protection which is essentially equivalent to the level of protection guaranteed within the EEA, such as entering into Standard Contractual Clauses as approved by the European Commission.

You can request a copy of any documentation showing the adequate safeguards that have been taken by contacting our privacy team at privacy@fortanix.com.

  1. Protecting your Personal Data

Effective security of your Personal Data is important to us. We have therefore taken adequate technical and organizational security measures to protect your Personal Data against unauthorized or unlawful use or access. We take steps to limit access to your Personal Data to those individuals who need to have access for one of the purposes listed in this Privacy Policy.

These measures include practices such as:

  • Keeping Personal Data on a secured server behind a firewall;
  • Using secure socket layer (“SSL”) technology;
  • Using regular malware scanning;
  • Internal reviews of our data collection practices;
  • Physical security measures to guard against unauthorized access to systems where we store Personal Data.
  1. Retaining your Personal Data

We ensure that your Personal Data will not be stored longer than is necessary for the purpose they were obtained (such as to provide you with our services, to answer queries or resolve issues or to fulfil our contractual obligations), unless a longer period is necessary to comply with legal obligations (such as fiscal or legal obligations) or to defend ourselves against a legal claim. Generally, we will only retain Personal Data throughout the term of our business relationship and delete it as soon as possible thereafter, unless we are legally required to retain the data for a longer period. If you would like to receive further information on how long we store your Personal Data, please contact privacy@fortanix.com.

  1. Your rights with respect to your Personal Data

Residents of certain states or countries have several rights in relation to the Personal Data processed by Fortanix. For example, you have the right to access, update, delete or restrict the Personal Data that we collect about you and at any time you can obtain a copy of your Personal Data that we hold or request that the information is transmitted to another data controller.

You may also have the right to object to the processing of your Personal Data and if you have given us consent, for example to receive newsletters, you may withdraw this consent if you have changed your mind. Please note that a withdrawal of consent does not affect the lawfulness of any processing which has taken place prior to your consent being withdrawn and that we can only action your request in accordance with applicable law.

If you wish to exercise your rights, you can contact us by sending an e-mail to our privacy team at privacy@fortanix.com. In order for us to comply with your request in the best way possible, please indicate which Personal Data you would like to receive, have changed or removed or what limitations you would like to put on our use of the data.

If you are unsatisfied with how we process your Personal Data or if you believe that your data protection rights have been violated, you have the right to lodge a complaint with the supervisory authority in the country where you live or where you believe your rights have been infringed.

  1. Additional Disclosures for California Residents

This section of this Privacy Policy provides additional information for California residents and describes our information practices pursuant to the California Consumer Privacy Act, as amended (the “CCPA”). Depending on how you interact or engage with us, we may provide you with other privacy notices with additional details about our privacy practices.

This section applies to “personal information” as defined in the CCPA, whether collected online or offline. This section does not address or apply to our handling of personal information that is exempt under the CCPA.

Personal Information We Collect. Depending on how you use our website and services, we may collect (and have collected in the prior 12 months) the following categories of personal information:

  • Identifiers, such as name, alias, email, phone number, billing address, unique personal identifier, online identifier, IP address, account name, or other similar identifiers.
  • Customer Records , such as your account and profile information, communications preferences, billing and payment information, customer service and support tickets and records, and other information you provide to use our services.
  • Internet or Other Electronic Network Activity Information, such as browsing history, clickstream data, search history, and information regarding interactions with our website and services, advertisements, or emails, including other usage data related to your use of any of our services.
  • Geolocation Data, such as location information about a particular individual or device.
  • Audio, Electronic, Visual, or Similar Information, such as information collected via call recordings if you are interacting with our customer service or if you call us on a recorded line, recorded meetings and webinars, videos, photographs, user profile images, and security camera footage to secure our offices and premises.
  • Professional or Employment-Related Information, such as title, work email, work phone number, and employer.
  • Inferences, such as inferences drawn from any of the information described in this section about a California resident including inferences reflecting the California resident’s preferences, characteristics, behaviors, attitudes, abilities, and aptitudes.

Categories of Sources of Personal Information. We generally collect personal information from the following categories of sources: directly from you, business partners, our clients, advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks, and data brokers.

Purposes for Collecting and Disclosing Personal Information. As described in the “Purposes for which we use your Personal Data” section above, in general, we collect and otherwise process the personal information we collect for the following business or commercial purposes: to perform the agreement with you/your company; communicating with you; providing technical support; providing and maintaining user accounts; for analytics and improvement; for marketing, advertising, and promotions; for conducting research and surveys; to plan and manage events; to conduct mergers, sales, or reorganizations; for security and the protection of rights; for compliance and legal process; for auditing, reporting, and other internal operations; and for general business and operational support.

Retention of Personal Information. We ensure that your personal information will not be stored longer than is necessary for the purpose it was obtained (such as to provide you with our services, to answer queries or resolve issues or to fulfil our contractual obligations), unless a longer period is necessary to comply with legal obligations (such as fiscal or legal obligations) or to defend ourselves against a legal claim. Generally, we will only retain personal information throughout the term of our business relationship and delete it as soon as possible thereafter, unless we are legally required to retain the information for a longer period. Rather than delete your personal information, we may also deidentify it by removing identifying details. Where we have committed to maintaining and using personal information in a deidentified form, we agree not to reidentify deidentified data except as permitted by applicable law.

Disclosure of Personal Information to Third Parties and Other Recipients. The categories of personal information we have disclosed for a business purpose in the preceding twelve months include: identifiers, customer records, commercial information, Internet or other electronic network activity information, geolocation data, audio, video, and other electronic data, inferences, and sensitive personal information.

The categories of third parties and other recipients to whom we may disclose personal information for a business purpose may include: our business clients, business partners, vendors and service providers, acquirers of business assets, advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, and social networks.

Sales and Sharing of Personal Information. The CCPA defines "sale" as disclosing or making available personal information to a third-party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal information to a third-party for purposes of cross-contextual behavioral advertising. While we do not disclose personal information to third parties in exchange for monetary compensation, we may “sell” or “share” the following categories of personal information: identifiers, and Internet or other electronic network activity information. We disclose these categories to third-party advertising networks, analytics providers, and social networks for purposes of marketing and advertising. We do not sell or share personal information about individuals we know are under age 16.

Your CCPA Rights. The CCPA provides California residents with certain rights regarding their personal information.

Note that these rights only apply to personal information we collect and process under this Policy as a business or controller. For personal information we process on behalf of our business clients in our capacity as a service provider or processor, please submit your request directly to the business client with whom you have a relationship, and we will provide reasonable assistance to that business client as necessary to enable them to respond to your requests to exercise your privacy rights.

In general, California residents, including our business clients’ employees who reside in California, have the following rights with respect to their personal information, subject to certain exceptions:

Right to Know/Access. You have the right to request the following regarding the personal information we collect about you:

  • The categories or personal information we collected about you;
  • The categories of sources from which the personal information is collected;
  • Our business or commercial purposes for collecting, selling, or sharing personal information;
  • The categories of third parties to whom we have disclosed personal information; and
  • A copy of the specific pieces of personal information we have collected about you.

Right to Correct. You have the right to request that we correct incorrect personal information.

Right to Delete. You have the right to request we delete your personal information.

Right to Opt-Out of Sales and Sharing. You have the right to opt-out of “sales” and “sharing” of your personal information, as those terms are defined under the CCPA. While we do not “sell” personal information in the traditional sense (i.e., for money), our use of third-party analytics and advertising cookies may be considered “selling” and “sharing” under CCPA. To exercise your right to opt-out of the “sale” or “sharing” of your personal information, click here.

You also have the right to opt-out of “sales” and “sharing” of your personal information through the use of an opt-out preference signal. If our Site detects that your browser or device is transmitting an opt-out preference signal, such as the “global privacy control”—or GPC— signal, we will opt that browser or device out of cookies on our Site that result in a “sale” or “sharing” of your personal information. If you come to our Site from a different device or from a different browser on the same device, you will need to opt-out, or use an opt-out preference signal, for that browser and/or device as well.

Right to Limit Use. We do not engage in uses or disclosures of “sensitive personal information” that would trigger the right to limit use of sensitive personal information under the CCPA.

Right to Non-Discrimination. We will not discriminate against you for exercising any of the rights described in this section.

Exercising Your CCPA Rights. If you are a California resident and would like to exercise your CCPA rights, you may do so via any of the methods described below:

Verification. Before responding to your request, we must first verify your identity using the personal information you recently provided to us. You must provide us with your full name and email address. We will take steps to verify your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.

Authorized Agents. You may designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that the relevant California resident directly verify their identity and the authority of the authorized agent.

California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@fortanix.com.

  1. Children’s Personal Data

Fortanix is a business-to-business service directed to and intended for use only by those who are 18 years or age or over. We do not target Fortanix at children, and we do not authorize people under 18 years of age to directly request our services. In the unlikely event that a minor has submitted Personal Data to Fortanix, and if you are the parent or guardian of the minor who has provided personally identifiable information to Fortanix, please inform us by contacting us at privacy@fortanix.com and we will remove such information from our database. If you are concerned about your children’s use of our website, you may use web-filtering technology to supervise or limit access to our website. For more information, visit www.OnGuardOnline.gov for tips from the Federal Trade Commission on protecting kids’ privacy online.

  1. Links to other websites

From time to time, you will find links to other websites on the Fortanix website. As these websites are owned by other parties, Fortanix is not responsible for the handling of your Personal Data on these websites or for the privacy of the information that is collected by the services these websites provide. We strongly recommend you to carefully read the privacy notices applicable to these websites and services.

  1. Changes to this Privacy Policy

This Privacy Policy is current as of the Effective Date set forth above, and is subject to changes from time to time, but at least every twelve months, so please make sure you check this page regularly. We will post any updates to this Privacy Policy on this page. If we make material changes to how we collect, use, or disclose the Personal Data we have previously collected about you, we will endeavor to provide you prior notice, such as by emailing you or posting prominent notice on our website or within our services. Your continued use of this website after we make changes is deemed to be an acknowledgement of those changes, so please check this Privacy Policy periodically for updates.

  1. Contacting us

If you have any questions or concerns about this Privacy Policy or the processing of your Personal Data in general, or if you wish to exercise any of your rights, please email Fortanix Inc. at privacy@fortanix.com indicating the nature of your query.

You can also contact Fortanix B.V., which acts as the European representative of Fortanix Inc. The European representative can be reached at eu.privacy@fortanix.com.

Platform

Fortanix Armor

Key Insight

Data Security Manager

Confidential Computing Manager

Open Source Platform

Enclave Development Platform®

Solutions

Use Cases

Legacy to Cloud Infrastructure Migration

Regulatory Compliance

Post-Quantum Readiness

Secure, Data-Driven Innovation

Company

About Us

Partners

Careers

Confidential Computing

University

Blog

FAQ

Contact Us

Awards

Events

Press

News

Services

Media Kit

Newsletters

Customers

Resources

Support

Fortanix-logo

4.6

star-ratingsgartner-logo

As of August 2023

SOC-2 Type-2ISO 27001FIPSGartner LogoPCI DSS Compliant

US

Europe

India

Singapore

3910 Freedom Circle, Suite 104,
Santa Clara CA 95054

+1 408-214 - 4760|info@fortanix.com

High Tech Campus 5,
5656 AE Eindhoven, The Netherlands

+31850608282

UrbanVault 460,First Floor,C S TOWERS,17th Cross Rd, 4th Sector,HSR Layout, Bengaluru,Karnataka 560102

+91 080-41749241

T30 Cecil St. #19-08 Prudential Tower,Singapore 049712