Privacy Policy


Last Updated November 3, 2022

Abnormal Security Corporation (“Abnormal Security,” “we,” or “us”) is committed to protecting your online privacy. We have designed our website (, the “Website”), as well as our cloud-based cybersecurity platform and application (the “Service”), to minimize the amount of personal data that you, the individual user of the Website or Service (“you” or “User”) must submit in order to use the Website and/or Service. 

By accessing or using the Website and/or Service you agree to the collection, use, and transfer of personal data according to the terms of this Privacy Policy (this “Policy”). This Policy describes how we collect, process, store, and use information, as well as the scope and purpose of doing so. If you do not agree to these terms, please do not access or use the Website or Service. 

Information We Collect and for What Purpose 

Information you provide to us. When you contact us by e-mail or through a contact form on the Website, we collect the information you provide, including e-mail address, name, and telephone number, if applicable, and store such information in order to answer your questions or respond to your request or to contact you regarding our products and services. 

Information collected via cookies and other technology. In the case of merely informative use of the Website, for instance if you do not register or otherwise submit information to us, we only collect the data that your browser transmits to our server, including:

  • Date and time of the request 
  • Time zone difference to Greenwich Mean Time (GMT) 
  • Access status / HTTP status code 
  • each transmitted amount of data 
  • Website from which the request comes 
  • Browser type 
  • Operating system and its interface 
  • Language and version of the browser software; and 
  • city-level geolocation information (in anonymous form, i.e., the geolocation is resolved from the IP address associated with the request, but the IP address is not persisted or retained by our server). 

In addition to the data listed above, cookies are stored on your computer when you browse the Website. We use cookies primarily to determine how visitors engage with the Website (e.g., the pages you view, the links you click, how frequently you access the Website, the number of visits 

over time, etc.). Cookies are small text files that are stored on your hard drive or assigned to your web browser that enable us to enhance your experience of the Website. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Website more user-friendly and effective overall.

We may also use clear gifs in HTML-based emails sent to our Users or other contacts in order to track which emails are opened and which links are clicked by recipients. This information allows for more accurate reporting and improvement of the Website, the Service and our marketing efforts. We may also collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends of the Website. These tools collect information sent by your browser or mobile device, including the Website pages you visit, your use of third party applications, and other information that assists us in analyzing and improving the Website. Although we do our best to honor the privacy preferences of our Users, we are not able to respond to Do Not Track signals from your browser at this time, as we believe that there is no consistent industry standard for how to respond to Do Not Track browser settings. 

You can personalize which cookies you would like to allow on our Website by using our cookie management tool, which is accessible within the bottom left corner of your browser when you are accessing our Website. 

Additionally, most browsers let you remove or reject cookies, or set rules to manage cookies on a site by site basis. To do this, follow the instructions in your browser settings. For more information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them. 

To learn more about cookies, clear gifs/web beacons and related technologies and how you may opt-out of some of this tracking, you may wish to visit one or more of the following sites:

Information collected by third-party advertising networks. We may permit third party ad networks, social media companies, and other third party services to collect information about browsing behavior from visitors to our Website through cookies, social plug-ins, or other tracking technology. We may permit third party online advertising networks to collect information about your use of our Website over time so that they may display ads that may be relevant to your interest in our Service on other websites or services. Typically, the information is collected through cookies or similar tracking technologies. 

Information collected when you use the Service. In order to use the Service, a User typically authenticates by means of a single-sign on (SSO) provider so we do not collect or process any personally identifiable login credentials, however we do collect the IP address from which the User logs into the Service each time. In addition, as part of its normal functioning, the Service collects email metadata (e.g. headers and origin IP address), email contents (e.g. email address, email body, and any attachments thereto), and email platform metadata (e.g. tokenized identifiers). Collectively, this information is referred to as “Service Information” in this Policy. We use the Service Information exclusively for the purpose of providing the Service to our Users. Sharing of Your Information 

We may share information about you in the instances described below. For further information on your choices regarding your information, see the “Choices About Your Information” section below.

We may share your personal information with: 
  • Third-party vendors and other service providers that perform services on our behalf, as needed to carry out their work for us, which may include identifying and serving targeted advertisements, billing, payment processing, or analytics services (however Service Information is never used for these purposes); 
  • Our business partners who offer a service to you jointly with us, or who partner with us to provide the Service to you; 
  • Other affiliates for purposes consistent with this Policy; 
  • Other parties in connection with a strategic transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company, or in the event of a bankruptcy or related or similar proceedings; and 
  • Third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement, (b) enforce our Terms of Use or to protect the security or integrity of the Website or Service, and/or (c) exercise our rights or legitimate business interests or those of our business partners, customers, or users. 
Choices About Your Information 

You can stop receiving promotional email communications from us by clicking on the “unsubscribe” link provided in such communications or emailing We make every effort to promptly process all unsubscribe requests. You may not opt out of Service-related communications (e.g., account verification, information about your orders, changes/updates to our products or features of the Service, technical and security notices), unless you cease using the Service. 

If you are a User of the Service, you may modify or delete your information by logging into your account. If you otherwise have any questions about reviewing, modifying or deleting your information, you can contact us directly at How We Store and Protect Your Information 

Location of Your Information. Your information collected through the Website or Service may be stored and processed in the United States (US) or in any other country in which Abnormal Security or its subsidiaries, affiliates or service providers maintain facilities. If you are located in the European Union (EU) or other regions with laws governing data collection and use that may differ from US law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to the transfer of information to the US or any other country in which Abnormal Security or its parent, subsidiaries, affiliates or service providers maintain facilities and to the use and disclosure of information about you as described in this Privacy Policy. 

Security of Your Information

Abnormal Security takes the security of your information very seriously and uses physical, administrative, and technological safeguards to preserve the integrity and security of all information collected through the Website and Service. However, no security system is impenetrable, and we cannot guarantee the security of our systems. If any

information under our control is compromised as a result of a breach of security, Abnormal Security will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations. 

Children’s Privacy 

Abnormal Security does not knowingly collect or solicit any information from anyone under the age of 18 or knowingly allow such persons to register as Users. If we learn that we have collected personal information from a child under age 18, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 18, please contact us at

Links to Third-Party Sites and Service 

The Website and Service may integrate with or contain links to other third party sites and services. We are not responsible for the practices employed by third party websites or services embedded in, linked to, or linked from the Website or Service, and your interactions with any third-party website or service are subject to that third party’s own rules and policies. Changes to this Policy 

We may modify or update this Policy from time to time to reflect the changes in our business and practices, so you should review this page periodically. When we change the Policy in a material manner we will update the ‘last updated’ date at the top of this page. Such changes will be effective as of the earlier of (i) 10 days from such date, and (ii) the first date of your continued use of the Website or Service after such date.

California Residents 

This Policy contains a list of the categories of personal data we collect, and have collected for the past twelve months. If you are a California resident, you may have additional rights under the California Consumer Privacy Act (“CCPA”), as may be amended from time to time (including but not limited to those amendments enacted by the California Privacy Rights Act of 2020 (“CPRA”)), that include the right to ask us to disclose the personal data we collect, and the right to ask us to delete certain personal data that we collect or maintain about you. Please note that we do not sell the personal data that we collect. To exercise your rights, please contact us as provided in the Contact Us section. You will not be discriminated against for exercising your privacy rights under the CCPA or CPRA. In order to protect your data from unauthorized access or deletion, we may require you to provide additional information for verification. If we can’t verify your identity, we will not provide or delete your data. 

Contact Us 

If you have any other questions about this Policy, or if you would like to exercise your statutory rights, you may contact us at You can also contact us at our mailing address below: 

185 Clara Street, Suite 100 

San Francisco, CA 94107 


Attn: Privacy Counsel