Skip to content
Castle
LoginStart for free

Privacy Policy

Learn how Castle collects, uses and protects personal information.

Last updated:

1. Introduction

Castle Intelligence, Inc. [and our affiliates and subsidiaries] (“Castle”, “we” or “us”) helps online businesses (our “Clients”) detect and address user account compromise and other malicious behavior in web, mobile and API applications (“Applications”). To do so, we collect information about how Internet users (“Users”) interact with our Clients’ Applications.

This Policy is incorporated by reference into the Castle Terms of Service (the “Terms”). All terms not defined in this Policy will have the meanings set forth in the Terms.

2. Purpose and Scope

This Policy tells you how we use and protect personal information collected through use of the “Services”, defined as our website(s) and our products and services, including the Castle Service (as that term is defined in the Service Agreement).

This Policy covers only information that is collected by us in the course of our business, including through the Services and with respect to the people we employ and manage. It does not apply to other web sites, products or services that may be linked to or available via or from the Services or used in association therewith; nor does this Policy apply to practices of companies that we do not control or to people we do not employ or manage. Except as otherwise expressly included in this Policy, this document addresses only the use and disclosure of information we collect from you or that you provide to us.

3. Information We Collect

3.1 Information Collected Through Our Website

When you visit our website, we may collect certain information automatically, including:

  • Your IP address and general location information
  • Browser type and version
  • Operating system
  • Pages visited and time spent on our site
  • Referring website information

3.2 Information You Provide

We collect information you provide directly to us, such as when you:

  • Create an account or sign up for our services
  • Contact us for support or inquiries
  • Subscribe to our newsletter or marketing communications
  • Participate in surveys or feedback forms

3.3 Information Collected Through Our Services

When our Clients use our Services to protect their Applications, we may collect and process information about Users’ interactions with those Applications, including:

  • Device information and fingerprints
  • IP addresses and network information
  • User behavior patterns
  • Authentication events
  • Risk signals and security-related data

4. How We Use Information

We use the information we collect for various purposes, including:

  • Providing Services: To deliver, maintain, and improve our fraud detection and prevention services
  • Security: To detect, prevent, and respond to security threats and fraudulent activities
  • Analytics: To analyze usage patterns and improve our Services
  • Communication: To respond to inquiries, provide support, and send important updates
  • Legal Compliance: To comply with applicable laws and regulations
  • Business Operations: To manage our business operations and relationships

5. Information Sharing and Disclosure

5.1 With Our Clients

We share risk assessments, security insights, and related information with our Clients to help them protect their Applications and Users.

5.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating our business and providing Services, subject to appropriate confidentiality agreements.

We may disclose information when required by law, legal process, or to protect the rights, property, or safety of Castle, our Clients, or others.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, information may be transferred as part of the transaction, subject to appropriate protections.

6. Data Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Employee training on data protection practices
  • Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. Factors that influence our retention periods include:

  • The nature and sensitivity of the information
  • Legal and regulatory requirements
  • Business and operational needs
  • Security and fraud prevention purposes

8. International Data Transfers

Castle operates globally, and information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:

  • Adequacy decisions by relevant authorities
  • Standard contractual clauses
  • Certification schemes
  • Other appropriate safeguards as required by applicable law

9. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information, including:

  • Access: The right to access your personal information
  • Rectification: The right to correct inaccurate information
  • Erasure: The right to request deletion of your information
  • Portability: The right to receive your information in a portable format
  • Restriction: The right to restrict processing of your information
  • Objection: The right to object to certain types of processing

To exercise these rights, please contact us using the information provided in the “Contact Us” section below.

10. Cookies and Similar Technologies

We use cookies and similar technologies to enhance your experience on our website and Services. These technologies help us:

  • Remember your preferences and settings
  • Analyze website usage and performance
  • Provide personalized content and features
  • Detect and prevent fraud

You can control cookie settings through your browser preferences, though this may affect the functionality of our Services.

11. Children’s Privacy

Our Services are not directed to children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete such information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Policy on our website
  • Sending email notifications to registered users
  • Providing other appropriate notice as required by law

Your continued use of our Services after the effective date of changes constitutes acceptance of the updated Policy.

13. Regional Privacy Information

13.1 European Union and United Kingdom

If you are located in the EU or UK, additional rights and protections may apply under the General Data Protection Regulation (GDPR) or UK GDPR. These include enhanced rights to access, rectify, erase, and port your personal data, as well as the right to lodge complaints with supervisory authorities.

13.2 California Privacy Rights

California law permits Users who are California residents to request and obtain from us once a year, free of charge, a list of the Third Parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. Castle does not share Personal Information with Third Parties for their own marketing purposes.

14. Definitions

The following capitalized terms shall have the meanings herein as set forth below:

  • “Agent” means any Third Party that Processes Personal Information pursuant to the instructions of, and solely for, Castle or to which Castle discloses Personal Information for use on its behalf.
  • “Employee” refers to any current, temporary, permanent, prospective or former employee, director, contractor, worker, or retiree of Castle or its subsidiaries worldwide.
  • “Personal Information” is any information relating to an identified or identifiable natural person (“Individual”).
  • “Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • “Third Party” is any company, natural or legal person, public authority, agency, or body other than the Individual, Castle or Castle’s Agents.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Castle Intelligence, Inc.
Email: privacy@castle.io
Address: [Company Address]
Phone: [Company Phone Number]

16. Revision History

TitleEffective Date
Castle Privacy Policy2016-02-28
Updated Castle Privacy Policy2018-05-24
Updated Castle Privacy Policy2019-09-23