Our Promise

We at Catchpoint are committed to the security and integrity of your information. This commitment is present when we design and build our software and system architecture; when we configure our servers or select our vendors and partners. It extends to our internal security policies and processes and our employees who are an essential piece of this commitment.

Security

We at Catchpoint are committed to the security and integrity of your information.   This commitment is present when we design and build our software and system architecture; when we configure our servers, or select our vendors and partners.   It extends to our internal security policies and processes and our employees who are an essential piece of this commitment.

Here are some of the measures we have adopted to keep our security posture strong:

SOC 2 Type 2 Certification:  An annual certification to ensure we continue to comply with the standards of reliability, integrity and confidentiality of customer data.    Conducted by a 3rd party that must be AICPA accredited.  For more information on our SOC2 certification, please see news on this here (blog) and here (press release).

Annual Penetration Test:  This is conducted by a 3rd party against our infrastructure and website

Quarterly Vulnerability Scans:  We run these internally on a fixed schedule against all our infrastructure servers and follow up with required remediation.

Our server deployment and security configurations follow NIST (National Institute of Standards and Technology) standards.

We have SIEM, Intrusion Detection and Threat Response for our core infrastructure with a 24×7 SOC in place to address any threats.

Soc 2 Type 2

Privacy Notice

Last Updated: October 2018
Effective: October 2018

Catchpoint Systems, Inc. (“Catchpoint”) provides web performance monitoring services that are used by our customers to measure, analyze and improve the speed, availability and reliability of their websites, web apps and web services (the “Catchpoint Services”). Catchpoint performs the Catchpoint Services for the benefit of its customers as a third party service provider. This Privacy Notice does not describe the activities of our customers’ websites, web apps or web services.

Scope
Catchpoint has prepared this Privacy Notice to describe our practices regarding the information we collect from: (i) visitors to our website located at www.catchpoint.com (the “Corporate Website”); (ii) individual users, typically representatives of Catchpoint’s customers, authorized to log into the Catchpoint Services user interface (“Platform Interface”); and (iii) visitors to or users of our customers’ websites, web apps and web services on which the Catchpoint Services are deployed.

Catchpoint’s customers are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements or other obligations, relating to the collection of personal information in connection with the use of the Platform Interface by individuals (also referred to as “data subjects”) accessing and using the Platform Interface pursuant to our customers’ agreements with Catchpoint. With regard to such individuals, Catchpoint processes Personally Identifiable Information only pursuant to its customers’ directions in connection with such individuals’ access to and use of the Platform Interface. Catchpoint does not have a direct relationship with those individuals. Any individual accessing and using the Platform Interface pursuant to a Catchpoint customer’s agreement with Catchpoint should contact that customer directly.

Contact information:
Catchpoint Systems, Inc.
150 W. 30th Street, Third Floor
New York, NY 1000310001
USA
privacy@catchpoint.com


Corporate Website and Platform Interface
Information about visitors collected by the Corporate Website and Platform Interface


Our Corporate Website provides information about Catchpoint and the Catchpoint Services. The Corporate Website also provides access to the portal used by Catchpoint Services customers to log into the Platform Interface. The Platform Interface is also accessible via the Catchpoint app.

The following information is collected about a visitor to the Corporate Website and by the app, where relevant:

• The Personally Identifiable Information that is voluntarily submitted by a visitor, in connection with, for example, a request for more information about Catchpoint Services or for a free trial;
• The information that is automatically provided by the visitor’s computer browser (“Browser Information”), such as the computer operating system, Internet Protocol (IP) address (from which we can infer a visitor’s location), time and day of access, browser type and language, and the website the consumer visited before visiting the Corporate Website;
• The username and password that is entered by an authorized individual user (“Catchpoint Services User”) to gain access to the Platform Interface; and
• The name, email address, and company affiliation (i.e., the Personally Identifiable Information) of each Catchpoint Services User logged into the Platform Interface.

How information about visitors is collected by the Corporate Website and Platform Interface
The Corporate Website and Platform Interface use cookies and similar technologies, such as embedded scripts and web beacons (also known as tags or pixels), to collect the information described above.

Cookies
Cookies are used to respond, by way of example, to a visitor’s request for more information about the Catchpoint Services or for a free trial. Cookies also authenticate the username and password of a Catchpoint Services User entered by that Catchpoint Services User in the Platform Interface. Some cookies are set by the Corporate Website and the Platform Interface to permit our service providers to perform services on our behalf. Any information transferred to our service providers is governed by our agreements with those service providers.

Embedded are used to measure the pages and features of the Corporate Website used by visitors. Embedded scripts are also used by Catchpoint’s service provider to collect the name, email address and company affiliation of Catchpoint Services Users.

Web beacons (or tags or pixels) are used to transfer information between a visitor’s browser and the computers of Catchpoint’s service providers in order to power some features of the Corporate Website (for example, to automate requests for further information, and to enable web analytics) on Catchpoint’s behalf.

How Catchpoint uses the information it collects from the Corporate Website and Platform Interface
Catchpoint uses the information collected through the Corporate Website for the purposes for which such information was provided. For example, if you share your name and contact information with us when submitting a request for a free benchmark or an inquiry through our website, we will use this information to respond to you and provide you with the services or information requested. Where we seek and obtain your consent to engage in these processing activities, we will rely on such consent to process your personal data until you withdraw it. In other cases, we will process your personal data as necessary to perform our contractual obligations with you or to otherwise provide the requested services or information.

Catchpoint uses the information collected from the Corporate Website as necessary for its legitimate business purposes. Depending on the context, Catchpoint can use the information collected to respond to a visitor’s request, to communicate with visitors about Catchpoint and the Catchpoint Services, or to otherwise operate, manage, secure and improve Catchpoint, the Corporate Website, and the Catchpoint Services.

Catchpoint’s use of the information collected from the Platform Interface is limited to providing the Catchpoint Services which its customers have engaged. For example, the information is used to allow Catchpoint Services Users to log into the Platform Interface, to provide support, training and other services related to the Catchpoint Services, to optimize the user experience on the Platform Interface, to understand how a Catchpoint Services User interacts with the pages and features of the Platform Interface, and otherwise to operate, manage, and improve Catchpoint, the Platform Interface, and the Catchpoint Services. We will process this information as necessary for our legitimate business interests or as necessary to perform our contractual obligations with our customers. With the exception of information collected in connection with Catchpoint Services Users’ registration or authentication into the Catchpoint Services, this Privacy Policy does not apply to Catchpoint’s security and privacy practices in connection with access to and use of the Catchpoint Services. More information regarding Catchpoint’s security practices can be found here [link to above landing page].

Catchpoint does not sell, rent or lease the Personally Identifiable Information that it collects on the Corporate Website and Platform Interface to third parties. The Personally Identifiable Information collected from the Corporate Website and Platform Interface may be shared with Catchpoint’s affiliates, and with the service providers that work on Catchpoint’s behalf. These service providers are restricted from using Personally Identifiable Information in any way other than to provide services for us and subject to our documented instructions only. Such information may also be disclosed by Catchpoint as required by law, valid court order, or other request from a governmental authority.

Individuals from the European Economic Area only
Catchpoint will only collect Personally Identifiable Information from visitors to the Corporate Website where: (a) Catchpoint has your consent to do so (e.g., when you voluntarily submit an inquiry through the website), or (b) where Catchpoint has a legitimate interest (or a third party has a legitimate interest) that is not overridden by your data protection interests. If you have given consent, you can reverse that consent at any time.

Catchpoint Services
Information collected by the Catchpoint Services about consumers


The Catchpoint Services measure the performance of our customers’ websites, web apps and web services (each, a “Web Property”) by testing speed, reliability and availability. With the exception of the following, the Catchpoint Services run tests that model a hypothetical consumer’s experience on a customer’s Web Property using equipment located worldwide that is managed by Catchpoint Systems. In addition, the Catchpoint Service known as “Real User Measurement” (the “RUM Service”) is used by Catchpoint’s customers to measure a consumer’s actual experience of a Web Property. The RUM Service measures how fast a web page and its components load on a consumer’s browser to provide web developers with information to improve speed and reliability, and to detect and fix errors. With the exception of the RUM Service, the Catchpoint Services do not measure or collect information about actual consumer visits or actual consumers.

In connection with providing the RUM Service to a customer, Catchpoint collects the following information about a consumer from a customer’s Web Property:

• Browser Information; and
• Information about a consumer’s usage of the Web Property that our customer asks Catchpoint to collect, which can include, for example, factors such as the number of visits, the number of page views per visit, whether the visit results in a purchase or other transaction, and whether the Web Property produced any errors during the visit.

How the RUM Service collects information about consumers
Catchpoint Services use cookies and similar technologies, such as embedded scripts and web beacons (also known as tags or pixels), to collect the information described above. Cookies are used to associate a consumer’s web browser with the information our customers specify. Embedded scripts are used to measure how a consumer uses a Web Property. Web beacons are used to transfer information between the cookies and Catchpoint computers.

In addition, Catchpoint Services is authorized by our customers to set a Catchpoint cookie on our customers’ Web Properties in connection with providing the RUM Service. These cookies are used by the RUM Service to recognize a returning visitor, and to determine the number of unique visitors to a Web Property.

How Catchpoint uses the information collected by the Catchpoint Services
The information collected by the Catchpoint Services on a customer’s behalf is owned by that customer, and our ability to use that information is limited by Catchpoint’s contract with our customer. Catchpoint is permitted to use that information to provide reporting and analysis services for our customer’s benefit. Catchpoint is also permitted to share “aggregated” information collected from many companies with our customers, prospective customers, and partners in order to improve our products and services, to provide reports and market research, and to understand market trends. Aggregated information does not identify individuals or our customers or website URLs. This aggregated information may be transferred to a successor in interest to Catchpoint, such as a company that acquires Catchpoint or the Catchpoint Services. Catchpoint is also permitted to disclose information as required by law, valid court order, or other request from a governmental authority.

How Catchpoint’s customers use the information collected by Catchpoint
Our customers use the reports, analytics and metrics compiled by the Catchpoint Services to operate, identify issues on, improve and optimize their Web Properties. The Catchpoint Services help our customers to provide a better user experience to the people who use their Web Properties. To learn more about how a particular company or Web Property uses the information that Catchpoint collects on its behalf, please consult the privacy notice for that Web Property or company.

Managing Cookie Settings
Some of the Catchpoint Services use cookies to help collect the information described above. Most Internet browsers automatically accept cookies, but you can usually modify your browser settings to block all cookies or to block just those set by companies other than the one whose website you are visiting (often called “Third-Party Cookies”). Please consult the instructions specific to your browser to change your cookie settings.

Our Corporate Website may use first- and third-party cookies and similar technologies for targeted advertising based on user interests, demographics, and past browsing activity. If you would like to opt out of having your information collected and used by us for these purposes, please visit here or here if you’re in the United States (if you’re in Europe, please visit here).

Your options with respect to a Web Property’s cookies (“First-Party Cookies”) are explained in that Web Property’s or company’s privacy policy. Please consult the privacy policy for that Web Property or company for more information.

Information Security
Catchpoint employs robust security measures to prevent the loss, misuse or alteration of information collected by the Corporate Website, the Platform Interface, and Catchpoint Services. Of course, data transmission over the Internet is inherently insecure, and we cannot guarantee the security of data sent over the Internet. See more information here.

General Data Protection Regulation
Catchpoint complies with the European Union’s General Data Protection Regulation (“GDPR”) with regards to the collection of personal data of European Union citizens. More information regarding Catchpoint’s GDPR compliance can be found here.

Changes to This Privacy Notice
Catchpoint may update this Privacy Notice to reflect changes to our practices. If we decide to change our privacy statement, we will post those changes to this Privacy Notice. We will post any Privacy Notice changes on this page and, if the changes are significant, we will provide a more prominent notice.

If you have any questions about this Privacy Notice, please contact us at Catchpoint Systems, Inc.

228 Park Avenue South #28080
New York, NY 10003
USA
privacy@catchpoint.com


Definitions
A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the website again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies.

Embedded scripts are bits of programming code included within some of our web pages that measure how you use those web pages (for example, the pages you visit and how long you stay on a page). You may be able to turn off scripting functionality, such as JavaScript, within your browser (please refer to your browser’s help function).

Personally Identifiable Information is information that allows someone to identify or contact a consumer, and includes, for example, a consumer’s name, physical address, and email address.

Web beacons (or “tags”) are bits of programming code included in web pages, emails, and ads that notify Catchpoint (or the companies that help us run our business) when those web pages, emails, or ads have been viewed or clicked on.

GDPR

What is the GDPR and who does it cover?

The EU General Data Protection Regulation (“GDPR”) is a data privacy regulation passed by the European Union Parliament that will have the force of law on May 25, 2018.  The GDPR replaces the EU Data Protection Directive (Directive 95/46/EC) that was previously in effect.  The GDPR gives EU citizens certain privacy rights over their personal data, including security, confidentiality, the right to consent to data collection, the right to erasure of data, the right to notice of data usage and many others.

The GDPR imposes obligations on organizations that are located in the EU or that control (a “data controller”) or process (a “data processor”) the personal data of EU citizens, including the way they access, acquire, share, and store personal data and how they provide individuals with access to their own personal data.

What is personal data?
Personal data is information that can be used to directly or indirectly identify a natural person. Personal data includes names, email addresses, IP addresses, photos and many other types of information.

What are data controllers and data processors?
An organization can be either a data controller or a data processor with regard to personal data, or it can be both of these.  A data controller decides the purpose and means of processing personal data.  A data processor processes personal data for a data controller.

What is Catchpoint doing about the GDPR?
We believe that data privacy is a fundamental right of individuals and that respecting and protecting the privacy of individuals that use or are affected by its service is of the utmost importance. We are committed to keeping personal data secure and complying with the GDPR.  We are working with customers worldwide to prepare for using our services after the GDPR comes into effect, and to ensure support for customers for their own GDPR requirements.  Where personal data controlled by Catchpoint customers is transferred outside of the European Economic Area, those customers must ensure that the data is processed in compliance with applicable data protection law, including the GDPR.  Such customers may need data protection agreements in place to achieve those aims.  Customers can obtain Catchpoint’s data protection agreement by submitting a request to privacy@catchpoint.com.

Catchpoint is SOC 2 compliant and has implemented data security and control measures to help ensure that any personal data that it maintains is protected and secure.  See more on Catchpoint’s security here.

Where can I get more information about Catchpoint’s GDPR compliance?
If you have any other questions about the ways in which Catchpoint handles GDPR compliance please reach out by emailing us at privacy@catchpoint.com.