Privacy Policy
Dispel’s privacy policies are designed and enforced to protect client information, strictly control access, safeguard disclosure, and prohibit unauthorized use. Dispel’s controls are designed to give clients control over their information and transparency into where data exists while allowing us to provide our products and services to clients.
Dispel provides an infrastructure and security provisioning, orchestration, and networking platform for zero trust access and industrial operations via the Dispel website (the “Site”), the Dispel application (the “App”), and related virtual machines, hardware, and Internet services (collectively, the “Service(s)”). The Service is operated by Dispel, LLC; Dispel Global, Inc; and its affiliates (the “Company”, “we”, or “us”) for users of the Service (“you” or the “Customer”). This privacy policy describes how we collect, use, and disclose your information when you use our Site, App, Services, and other interactions (e.g., customer service inquiries, user conferences, etc.). Under applicable law, Dispel is the “data controller” of personal data collected through the Services.
At Dispel, we will not:
Sell any personal information about our users, other than in connection with a disposition of our company or our assets, as described below; or
Turn over any personal information about our users to third party marketing or advertising firms; or
Collect any information about your activities for any purpose other than as we have stated in this privacy policy, unless we receive your consent.
What Information We May Collect
When you interact with us through the Services, we may collection information from you, as further described below. We may also receive information about you from other sources, such as public databases, joint marketing partners, social media platforms, and other third parties.
Information You Directly Provide Us
Dispel may collect and receive your data and other information in a variety of ways:
Your Data
You voluntarily provide us with messages, images, files, RDP data, video screen recordings from virtual desktop and application sessions, keystroke recordings, in-session network activity, or other content you send through the Service (“Customer Data”).
Other Information
Account Information: To create or update a Dispel account, we require an email address and password. For customer support and other administrative tasks you may also provide us with full name and phone numbers for communications. If your organization uses single sign on, they may provide us with your email address and create an account on your behalf.
Payment Information: If you purchase a paid version of the Services, you provide Dispel (or its payment processors) with billing details such as credit card information, banking information, and/or a billing and shipping address. Your credit card information is used solely for billing purposes by our payment provider Stripe. In this instance, under applicable law Stripe is the “data processor.” Your credit card information will be subject to Stripe’s privacy policy rather than our privacy policy. You can learn more about Stripe’s privacy and security practices here.
Information Your Browser Automatically Sends Us
Device Information: When you interact with the Services, your browser and devices automatically make information available to us that we may store. This includes your IP address (which may permit us to estimate your general location), device type, your operating system, and your browser type.
Log Data: When you access or use our Services our servers automatically collect information and record it in log files. The log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Services, browser type, settings, date and time the Services were used, language preferences, cookie data, and information about your browser configuration and plugins.
Services Metadata: When you interact with the Services, metadata is generated that provides us with information about your activity and usage. For example, Dispel logs the creation of new resources, bandwidth usage, and the parts of our network that you are using. We keep these logs primarily for our internal business operations such as billing, customer service, data analysis, statistical analysis, fraud or other illegal activities monitoring and prevention, enhancing, improving or modifying our products and services, identifying usage trends, and enforcing our Enterprise Terms of Service and Website Terms of Service (collectively “Terms”) and policies.
Analytics Services Provided by Others
We use certain third party services to help us provide, improve and analyze the use of our website, products and services. These companies may collect information about how you use our website, products and services, including unique device identifiers, device manufacturer and operating system, IP address, browser type, pages viewed on the Dispel website, session start/stop time, links clicked on the Dispel website, and conversion information. This information may be used to analyze and track data (including for our billing purposes), determine the popularity of certain content, better understand your online activity, and resolve problems. This enables us to improve and expand upon the services and products that we make available to our users.
International Data Transfers
Dispel is based in the United States. Therefore, our services and products are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Unless we have entered into an agreement with you to deploy our Services only within a specified geographic region, by using our Services, you consent to the transfer of information to and from the United States and other countries outside of your country of residence, which may have different data protection rules than those of your country. The laws of the U.S. and other countries governing data collection and use may not be as comprehensive or protective as the laws of the country where you live.
We comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. We have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
We comply with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. Our compliance with the EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF is subject to the investigatory and enforcement powers of the Federal Trade Commission.
We commit to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact us using the details provided below.
We also commit to referring unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on in Annex 1 of the DPF Principles.
Our Use of Your Information
We use the information you provide in a manner that is consistent with this Privacy Policy. If you provide information for a certain reason, we may use the information in connection with the reason for which it was provided. For instance, if you contact us by email, we will use the information you provide to answer your question or resolve your problem.
We may use the collected information:
To respond to your questions and fulfill your requests.
To send helpful information to you, such as notifying you of changes to our terms of use, acceptable use policy, or privacy policy.
To complete and fulfill your purchases and provide you with customer service.
To send you marketing communications (which you can opt out of -- see Choice and Access below).
To personalize your experience on our website and use of our products and services.
To allow you to participate in our promotions, which may have their own rules.
For our other internal business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products, enhancing, improving or modifying our products and services, identifying usage trends, determining the effectiveness of our promotional campaigns, and operating and expanding our business activities.
As we believe to be necessary or appropriate: (a) under applicable law; (b) to comply with legal process, litigation and/or requests from the U.S. or a state government entity; (c) to enforce our Terms and Acceptable Use Policy; (d) to protect our operations or those of any of our affiliates; (e) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (f) to allow us to pursue available remedies or limit the damages that we may sustain.
To comply with our internal policies or legal proceedings in connection with investigations of any violations or suspected violations of our Terms and/or Acceptable Use Policy; we reserve the right to use, release or otherwise share any usage logs or other records concerning you if you violate the Terms or Acceptable Use Policy, or intentionally or unintentionally partake (or are reasonably suspected of partaking) in any illegal activity.
If information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, Dispel may use it for any business or commercial purpose. To the extent information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Information.”
SMS Messaging
Parts of the Dispel may include using text messages. To use these part of our services, you must consent ("opt-in"). You have the right revoke your consent ("opt-out") at any time. We shall identify ourselves in our messages, though as noted below, messages may be spoofed by malicious third-parties. SMS messages are not secure.
By enrolling in SMS services you consent to Dispel using your information, including your phone number, to contact you through an application-to-person ("A2P") system. You represent that you are the owner of the device for which you have authorized enrollment of, or that you have the authority to enroll the device if it is company owned, and you or your company are responsible for the messages sent from the device.
Dispel does not share or sell numbers with third-parties except for the purposes you consent to here.
You acknowledge that text communications are not secure or encrypted, and that such communications may be intercepted. You further acknowledge that you are aware that third-parties may disguise messages sent to your number as though they were sent by us. By enrolling and continuing to use Dispel A2P SMS services, you agree that we will not be liable for any unauthorized access caused or involved with the A2P SMS services, or interception of communications. Message and data rates may apply from your mobile carrier and, by enrolling in the A2P SMS system, you agree to pay any such charges. Message frequency will vary based on your activity and user activity on the system.
When you enroll in SMS services provided by Dispel, you will receive a confirmation of your enrollment. You have the right to opt-out of messages at any time. To stop receiving text messages, text STOP. You consent that following a request to STOP, you may receive one final message confirming that you have been unsubscribed. To re-enroll, reply START and you will receive confirmation of your re-enrollment. If you have any questions or need help, text HELP or email support@dispel.com.
Dispel reserves the right to terminate any of the SMS systems, in whole or in part, at any time without notice. You agree that we will not be liable for any delays or failures in your receipt of any SMS messages as delivery can be unpredictable based on transmission from your mobile network operator ("MNO"), campaign service provider ("CSP"), and processing by your device. SMS message services are provided on an AS IS, AS AVAILABLE basis. We may send Multimedia Messaging Service ("MMS") messages such as, but not limited to, .jpg, .png., .jpeg, .bmp, .txt, .doc, and .docx.
Our Legal Basis for Handling Your Personal Data
The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your personal data. To the extent those laws apply, our legal grounds are as follows:
To honor our contractual commitments to you: Much of our processing of personal data is to meet our contractual obligations to our users, or to take steps at users’ request in anticipation of entering into a contract with them. For example, we handle personal data on this basis to create your account and provide our Services.
Legitimate interests: In many cases, we handle personal data on the ground that it furthers our legitimate interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals. This includes:
Providing a safe and enjoyable user experience;
Customer service;
Marketing, e.g. sending emails or other communications to let you know about new features;
Protecting our users, personnel, and property;
Analyzing and improving our business, e.g. collecting information about how you use our Services to optimize the design and placement of certain features;
Processing job applications;
Processing billing; and
Managing legal issues.
Legal compliance: We need to use and disclose personal data in certain ways to comply with our legal obligations.
To protect the vital interests of the individual or others: For example, we may collect or share personal data to help resolve an urgent medical situation.
Consent: Where required by law, and in some other cases, we handle personal data on the basis of your implied or express consent.
Our Disclosure of Your Information
Dispel uses Customer Data and Other Information in furtherance of our legitimate interests in operating our Services. Dispel may provide information:
With your consent.
To related companies such as subsidiaries, parents, and affiliates for purposes consistent with this Privacy Policy.
To our third party service providers who provide services such as website hosting, data analysis, payment processing, IT and related infrastructure provision, email delivery, mailing, auditing and other similar services.
To identify you to anyone to whom you send a message or refer through the use of our website, products or services.
To a buyer or other acquiring entity in the event of acquisition, reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
As we believe to be necessary or appropriate: (a) under applicable law; (b) to comply with legal process, litigation and/or lawful requests made by public authorities, including for national security or law enforcement purposes; (c) to enforce our Terms; (d) to protect our operations or those of any of our affiliates; (e) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (f) to allow us to pursue available remedies or limit the damages that we may sustain.
To comply with our internal policies or legal proceedings in connection with investigations of any violations or suspected violations of our Terms and/or Acceptable Use Policy; we reserve the right to use, release or otherwise share any usage logs or other records concerning you if you violate the Terms or Acceptable Use Policy, or intentionally or unintentionally partake (or are reasonably suspected of partaking) in any illegal activity.
Third Party Services
This privacy policy does not apply to the privacy, information or other practices of any third parties, including any third party operating any site or service to which there is a link on our website or through our products or services. The inclusion of a link on our website or through our products or services does not imply an endorsement by us or by our affiliates of the linked site or service.
Data Retention
Dispel will retain Customer Data in accordance with a Customer’s instructions. You may be able to customize the retention policies for your Customer Data. The deletion of some Customer Data may cause the deletion of some Other Information.
Dispel may retain Other Information for so long as it may be relevant to the purposes identified herein. This may include keeping your Other Information after you have deactivated your account for the period of time needed for Dispel to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
To dispose of data, we may anonymize it, delete it, or take other appropriate steps. Data may persist in copies made for backup and business continuity purposes for additional time, although we will delete your Personal Information from backups as soon as practically possible.
Security
Dispel takes the security of your data very seriously, and safeguards your information through an ISO 27001 and SOC 2 Type 2 certified information security management system. We take steps to protect Customer Data and Other Information within our organization using reasonable measures. These steps take into account the sensitivity of the Customer Data and Other Information we collect, process and store, and the current state of technology. Given the nature of technology and the Internet, Dispel cannot guarantee that all data transmissions or storage systems are completely secure from intrusions.
If you have any concerns regarding security, please immediately reach out to us at security@dispel.com.
Your Data Rights and Choices
You have choices regarding our use and disclosure of your Personal Information.
Individuals in certain countries, including the European Economic Area, the United Kingdom, and Switzerland, have certain legal rights to request access to Information, as well as to seek to update, delete or correct this Information. They may also object to our uses or disclosures of personal data, to request a restriction on its processing, or withdraw any consent, though such actions typically will not have retroactive effect. They also will not affect our ability to continue processing data in lawful ways.
The rights and options described below are subject to limitations and exceptions under applicable law. In addition to those rights, you have the right to lodge a complaint with the relevant supervisory authority. However, we encourage you to contact us first, and we will do our very best to resolve your concern.
For your protection, when you are exercising your data protection rights we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request to ensure we are making the changes to the proper account.
How do I change email marketing settings?
If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please keep in mind that if you opt-out, we will still send you important administrative messages such as billing and legal notices, from which you cannot opt-out.
How can I access the Personal Information you have about me?
If you would like to submit a data access request, you can do so by contact legal@dispel.com with the words “Personal Data Access Request” in the subject or body of the message. We will then start the process and provide you a link to access the personal data that Dispel has on you within 30 days.
How do I correct, update, amend, or delete the personal data you have about me?
If you would like to review, correct, update, suppress, or delete the personal information that you have provided to us, you may contact us at legal@dispel.com with the words “Personal Data Request” in the subject or body of the message.
In your request, please make clear what personal information you would like to have changed, whether you would like to have it suppressed from our database or otherwise let us know what limitations you would like to put on our use of it.
How do I object or restrict the manner in which Dispel processes my personal data?
You have a right to ask us to stop using or limit our use of your personal data in certain circumstances—for example, if we have no lawful basis to keep using your data, or if you think your personal data is inaccurate. Please contact us at legal@dispel.com to do so.
U.S. State-specific Privacy Rights
Your California Privacy Rights
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act (“CCPA”).
The CCPA provides California residents with rights to receive certain disclosures regarding the collection, use, and disclosure of information about them, as well as rights to know/access, correct, and delete personal information. You have the right to be free from discrimination based on your exercise of your CCPA rights. To the extent that we collect personal information that is subject to the CCPA, that information, our practices, and your rights are described below.
Dispel does not sell or share (as such terms are defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out).
You have the right to receive notice of certain information about our data collection, use, and disclosure. The following table summarizes the categories of personal information we collect; the categories of sources of that information; whether we disclose, sell, or share that information to service providers or third parties, respectively; and the criteria we use to determine the retention period for such information. The categories we use to describe personal information are those enumerated in the CCPA. We collect this personal information for the purposes described above in Our Use of Your Information.
Category | Information Type | Source | We disclose to | We sell to/share with |
---|---|---|---|---|
Identifiers
|
| You | Service Providers/Sub-processors | Not sold/shared |
Financial Information |
| You | Service Providers/Sub-processors | Not sold/shared |
Commercial Information
|
| You | Service Providers/Sub-processors, including accounting firms and auditors | Not sold/shared |
Internet or Electronic Network Activity Information |
| You; our analytics and advertising partners | Service Providers/Sub-processors, our clients | Not sold/shared |
Your rights under the CCPA
Opt out of sale or sharing of personal information: We do not sell or share your personal information. Note that your right to opt out does not apply to our disclosure of personal information to service providers.
Know and request access to and correction or deletion of personal information: You have the right to request access to personal information collected about you and information regarding the source of that personal information, the purposes for which we collect it, and the third parties and service providers to whom we sell, share, or disclose it. You also have the right to request in certain circumstances that we correct personal information that we have collected about you and to delete personal information that we have collected directly from you.
Your Colorado, Connecticut, Utah, and Virginia Privacy Rights
Residents of the States of Colorado, Connecticut, Utah, and Virginia have the following rights:
Opt out of “sales” of personal information and use of their personal information for “targeted advertising,” as those terms are defined under applicable law.
Opt out of “profiling” under certain circumstances, as defined under applicable law. (Residents of Colorado, Connecticut, and Virginia only.)
Confirm processing of and access to personal information under certain circumstances.
Correct personal information under certain circumstances. (Residents of Colorado, Connecticut, and Virginia only.)
Delete personal information under certain circumstances.
Residents of these states can exercise their rights by contacting us at using one of the methods listed below.
Your Nevada Privacy Rights
Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to third parties. Currently, we do not engage in such sales. If you are a Nevada resident and would like more information about our data sharing practices, please contact us.
Submission Options
Consumers may make a request pursuant to their rights under the applicable privacy laws by contacting us either at legal@dispel.com or through the support button on the bottom right-hand side of the screen on our website.
We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.
Residents of California, Colorado, Connecticut, and Virginia have the right to appeal a denial of their request by contacting us as described in the notice of denial.
Use of the Service by Minors
To the extent prohibited by applicable law, Dispel does not allow use of our Services and websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will takes steps to delete such information.
Changes to this Privacy Policy
We may update this privacy policy from time to time, and we will notify you of any such updates by either updating the “Last Updated” legend on this page; sending you some form of communication; or posting a notice on our website when the privacy policy has been updated. Please review the latest privacy policy periodically, especially before providing us with any information. Your continued use of our website, products and services means that you have accepted our latest privacy policy.
Contacting Us
If you have any questions about this privacy policy, please do not hesitate to contact us at legal@dispel.com. Because email communications are not always secure, please do not include credit card information or other sensitive information in your emails to us. If you would like to send us a secure message, please ask for our public key and contact us at security@dispel.com.
Last updated