Terra Security Privacy Policy

Last updated December 24, 2024

Terra Security Inc. (together with its affiliated companies – “Terra”, “we”, “our” or “us”) offer an AI-powered offensive security solution designed to analyze organizations’ ongoing cyber threats and vulnerabilities as well as penetration test services (“Services”). This Privacy Policy supplements and shall be read in conjunction with our Terms and Conditions, and may be supplemented by additional privacy statements, terms or notices provided to you. Capitalized terms which are not defined herein, shall have the meaning ascribed to them in our Terms and Conditions.

Terra processes Customer Personal Information (i.e. concerning Customer and its personnel) in our capacity as a “data processor” (as such term is defined under the GDPR) or similar term under applicable data protection laws in accordance with the Data Processing Agreement. If you have any questions or requests regarding Customer Data, please contact your organization directly.

1. YOUR CONSENT

PLEASE READ THIS PRIVACY POLICY BEFORE ACCESSING AND USING THE SERVICES. BY ACCESSING THE SERVICES, YOU AGREE TO THIS PRIVACY POLICY, INCLUDING TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION (AS DEFINED BELOW). IF YOU DISAGREE TO ANY TERM PROVIDED HEREIN, YOU MAY NOT ACCESS OR USE THE SERVICES.

Please note: You hereby acknowledge and agree that you are providing us with Personal Information at your own free will and that we may collect and use such Personal Information pursuant to this Privacy Policy and any applicable laws and regulations.

2. WHAT TYPES OF INFORMATION DO YOU COLLECT?

Non-Personal Information: “Non-Personal Information” is un-identified and non-identifiable
information pertaining to a user, which may be made available to us, or collected automatically via your
use of the Services which does not enable us to identify the person from whom it was collected. This
Non-Personal Information, which is being gathered, consists of behavioral information mainly of
technical and aggregated non-identifiable usage information, such as system data related to your
operating system and browser version, screen resolution, language, duration of usage of the Services,
etc.
Personal Information: “Personal Information” is information that identifies an individual or may with
reasonable efforts or together with additional information we have access to, enable the identification
of an individual, or may be of a private or sensitive nature relating to an identified or identifiable natural
person. Identification of an individual also includes the association of such an individual with a
persistent identifier such as a name, an identification number, etc. Personal Information does not
include information that has been anonymized or aggregated and can no longer be used to identify a
specific natural person. Personal Information that is collected by us consists of the following types of
Personal Information:
1. Terra Services. We collect account registration information from Customers’ authorized
  users such as name, phone, organization email address, role, IP address and log-in
  credentials (e.g. Google sign-up or other account authentication methods made available
  through the Services).
2. Prospect Data. We collect name, organization, role, and email of enterprises representatives
  who are prospective customers or partners of Terra. This includes Personal Information
  provided to Terra through the ‘contact us’ or similar option on our website, interactions made
  through social media platforms, conferences and events and similar business interactions.
3. Employees and Candidates. We collect name, email, phone, CVs and related information
  necessary for evaluation of candidates who are interested in working at Terra.

We do not collect any Personal Information from you or related to you without your approval, which is obtained,
inter alia, through your acceptance of this Privacy Policy.

3. HOW DO YOU COLLECT INFORMATION FROM ME?

We collect information through your use of the Services. In other words, we are aware of your usage
of the Service and may gather, collect and record the information relating to such usage, as further
detailed below.
We collect information that you provide us voluntarily. For example, we collect Personal Information
that you voluntarily provide when you request to provide us with your name and email upon your initial
registration for the Services.

4. WHY DO YOU COLLECT AND PROCESS MY INFORMATION?

To provide, operate and improve our Services and related offers and to manage our business.
To provide you with a better user experience, more fitted to their specific needs.
To be able to contact with users who requested such contact to be made, for the purpose of providing
them with further information on Terra and its Services.
To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or
illegal activities, whether suspected or actual.
To comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates.
To be able to send you our newsletters and information in connection with the Services, where you
registered to receive such messages or have otherwise provided us with their consent, or otherwise to
provide important notices with respect to Services to which you have registered.
To market our Services (including via our marketing service providers), and to be able to track and
evaluate our marketing activities and their results and attribute different marketing achievements to the
respective marketing efforts.
To act upon and comply with requests you may make pursuant to this Privacy Policy and the privacy
laws that apply to you.
To perform functions or services as otherwise described to you at the time of collection.

5. WHAT ARE YOUR LEGAL GROUNDS FOR COLLECTING MY PERSONAL INFORMATION?

With your consent: We ask for your agreement to process your information for the specific purposes
stated in this Privacy Policy and you have the right to withdraw your consent at any time.
Performing an agreement with you: We collect and process your Personal Information in order to provide you with the Services, following your acceptance of this Privacy Policy and pursuant to the Terms and Conditions.
Legitimate interests: We process your information for our legitimate interests while applying
appropriate safeguards that protect your privacy. This means that we process your information for
purposes like detecting, preventing or otherwise addressing fraud, abuse, security, usability,
functionality or technical issues with our Service; protecting against harm to the rights, property or
safety of our properties, our users or the public as required or permitted by law; enforcing legal claims,
including investigation of potential violations of this Privacy Policy; and in order to comply and/or fulfill
our obligations under applicable laws, legal process, subpoena or governmental request.

6. WHO DO YOU SHARE MY INFORMATION WITH AND WHY?

We may share information with third parties (or otherwise allow them access to it) only in the following manners and
instances:

Internally – We may share information with our affiliates, as well as our employees, for the purposes
described in this Privacy Policy. In addition, should Terra or any of its affiliates undergo any change in
control, including by means of merger, acquisition or purchase of substantially all of its assets, your
information may be shared with the parties involved in such event under strict security conditions, for
the purpose of evaluating such event and in accordance with the terms of this Privacy Policy. If we
believe that such change in control might materially affect your Personal Information then stored with
us, we will notify you of this event and the choices you may have, through prominent notice on our
Services.
Protecting Our Rights and Safety – We may share your information to enforce this Privacy Policy
and/or the Terms and Conditions, including investigation of potential violations thereof; to detect,
prevent, or otherwise address fraud, security or technical issues; or otherwise if we believe in good faith
that this will help protect the rights, property or personal safety of any of our users, or any member of
the general public.
Third Parties & Business Partners – We may share your Personal Information with a number of
selected service providers whose services and solutions are required or otherwise facilitate
achievement of the purposes of processing set forth under Section 4 above, including without limitation
certain third-party artificial intelligence model providers. These third parties serve in facilitating and
enhancing our Services and related services, including such third-party services required to allow
platform analytics and other essential third party services. Our third party services providers act as our
sub-processors and may only process your information according to our instructions (which are given
in accordance with this Privacy Policy).
Law Enforcement – We may cooperate with government and law enforcement officials to enforce and
comply with the law. We may therefore disclose any information to government or law enforcement
officials as we believe necessary or appropriate to respond to claims and legal process (including but
not limited to subpoenas), to protect our or a third party’s property and legal rights, to protect the safety
of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of
being, illegal, unethical, inappropriate or legally actionable.

For the avoidance of doubt, we will NOT sell (as “sell” is traditionally defined) your Personal Information. That is, we
will not provide your name and email or other personally identifiable information to third parties in exchange for
money. We may share anonymized or de-identified information with any other third party, at our sole discretion.
However, under California law, certain cases of sharing information, such as for advertising purposes, may be
considered a “sale” of personal information. However, to the extent applicable, including if a supervisory authority
determines that our practices include the selling and/or sharing of your personal information (as such terms are
defined under applicable US State Privacy Laws including the CCPA), and you would like to opt out of the “sale” or
“sharing” of your personal information, please contact us at support@terra.security.

7. WHERE DO YOU TRANSFER OR STORE MY INFORMATION?

Your information may be transferred to, maintained, processed and stored by us and our authorized affiliates and
service providers in Israel and the United States. Please note that the data protection laws in the above jurisdictions
may not be as comprehensive as those in your country of residence. Residents of certain countries may be subject to
additional protections, as set forth below.

GDPR (EEA Users)

This section applies only to natural persons residing in the European Union, EFTA States, or the United Kingdom (for
the purpose of this section only, "you" or "your'' shall be limited accordingly). It is Terra’s policy to comply with the
EEA's General Data Protection Regulation (“GDPR”) and the UK GDPR.

In accordance with the GDPR, we may transfer your Personal Information from your home country to the U.S. and/or
other countries, provided that the transferee has provided appropriate safeguards, and on condition that enforceable
data subject rights and effective legal remedies for data subjects are available. Specifically, we may cause such
transfer if we ensured that at least one of the following applies:

The country to which Personal Information has been transferred, has been determined by the EU
Commission to be a country providing adequate protection to the privacy rights of EU residents.
Application of Standard Contractual Clauses where appropriate.

8. WHAT ARE MY RIGHTS?

Under certain laws, including the EU, UK and US-state data protection laws, individuals have rights regarding their Personal Information. You can exercise your rights at any time by contacting us at: support@terra.security. Those rights
may include, but are not limited to, the following:

Right of access. You may have a right to know what information we hold about you and, in some cases,
to have the information communicated to you. We reserve the right to ask for reasonable evidence to
verify your identity before we provide you with any information.
Right to correct Personal Information. We endeavor to keep the information that we hold about you
accurate and up to date. Should you realize that any of the information that we hold about you is
incorrect, please let us know and we will correct it as soon as we can. The setting for a particular forum
may also allow you to close your account, on the setting page for your account. Depending on the
settings for your particular forum, you may also be able to edit, anonymize, or erase your posts.
Data deletion. In some circumstances, you have a right to request that some portions of the Personal
Information that we hold about you be deleted or otherwise anonymized.
Data portability. In some circumstances, you may have the right to request that we will provide you
with the Personal Information you have made available to us, so you can transfer it to another party.
Restriction of processing. In some cases, you may have the right to request restriction of the
processing of your Personal Information, such as when you are disputing the accuracy of your
information held by us.

Please note that these rights are reliant upon the data protection and privacy laws that are applicable in your jurisdiction. Terra may refuse requests to exercise data subject rights if there is a legitimate reason, such as if we cannot authenticate your identity, if the request could violate the rights of a third party or applicable law, or prevent us from delivering a service you requested. If you would like to make any requests or queries regarding personal data we process as a data processor on our Customer’s behalf, including accessing, correcting or deleting your data, please contact Customer (i.e., your organization) directly.

9. DO YOU USE COOKIES OR SIMILAR TRACKING TECHNOLOGIES?

We use certain monitoring and tracking technologies, including ones offered by third party service providers. These
technologies are used in order to maintain, provide and improve our Services on an ongoing basis, and in order to provide a
better experience to our users. For example, these technologies enable us to:

Keep track of our users’ preferences and authenticated sessions.
Secure our Services by detecting abnormal behaviors.
Identify technical issues and improve the overall performance of our Services.
Create and monitor analytics.

Specifically, we may use cookies in connection with our Services. A “Cookie” is a small data file that is downloaded and stored
on your computer or mobile device when you visit our Services.

The cookies we use can be classified in one of the following categories:

Cookie TypePurposeStrictly Necessary cookiesWe use these cookies to enable you to use our Services features, such as enabling movement between pages and remembering information you enter on forms. Without these necessary cookies, our Services will not be possible and our Services will not perform as it should.Security cookiesWe use these cookies to help identity and prevent security risks.Performance and Analytics cookiesWe use these cookies to collect information about your use of our Services and to help improve the way it works.Functionality and Preference cookiesWe use these cookies to remember the choices you make such as which language you prefer and to provide you with personalized features.

We use the following third-party Cookies:

Cookie NamePurpose / FunctionalityPolicies & LinksCookie CategoryGoogleData analyticsGoogle Privacy PolicyPerformance and Analytics cookies

Learn more about your choices and how to opt-out of tracking technologies:

Please note though that if you do block or restrict tracking technologies on your device, you will still be able to use the Services, but various features and functionality of the Services may be impaired. Certain web browsers may transmit “Do Not Track” signals to websites with which the browser communicates. However, due to differences in how web browsers interpret this feature and send those signals, and lack of standardization, we do not change our practices in response to such “Do Not Track” signals. However, most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a cookie, or to block or remove cookies altogether.

In order to delete or block any tracking technologies, please refer to the “Help” area on your internet browser for further instructions, or you may also opt out of third party tracking technologies by following the instructions provided by each third party service provider in its privacy policy listed above or visiting www.youronlinechoices.eu or www.aboutads.info/choices. Please note however that deleting any of our tracking technologies or disabling future tracking technologies may prevent you from accessing certain areas or features of our Services, or may otherwise adversely affect your user experience.

10. HOW DO YOU KEEP MY INFORMATION SECURE?

We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your Personal Information. We limit access of your information only to those employees, third party service providers or partners on a “need to know” basis, and strictly in order to enable us to perform the agreement between you and us.

Despite these measures, Terra cannot provide absolute information security or eliminate all risks associated with Personal Information, and security breaches may happen. If there are any questions about security, please contact us
at support@terra.security.

11. HOW LONG WILL YOU RETAIN MY INFORMATION?

We will retain your Personal Information only as long as necessary for the purposes for which it was collected and
processed. If you withdraw your consent to our processing your Personal Information, we will delete your Personal
Information from our systems (except to the extent retaining such data in whole or in part is necessary to comply with
any applicable rule or regulation and/or to respond to or defend against legal proceedings brought against us or our
affiliates).

12. HOW DO YOU PROTECT THE PRIVACY OF CHILDREN?

To use our Services, you must be over the age of eighteen (18). Therefore, we do not knowingly collect Personal Information from individuals under the age of eighteen and do not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that individuals under the age of eighteen are not using the Services. If you believe that we might have any information from or about an individual under the age of eighteen, please contact us at: support@terra.security.

13. HOW DO WE USE THE INFORMATION OF JOB CANDIDATES?

We welcome qualified candidates to apply to any of the open positions posted on our Services by sending us your
contact details and CV or resume (“Candidate Information”). Since privacy and discreetness are very important to our
candidates, we are committed to keep Candidate Information private and will use it solely for our internal recruitment
purposes (including for identifying candidates, evaluating their applications, making hiring and employment decisions,
and contacting candidates by phone or in writing).

Please note that we may retain Candidate Information submitted to us even after the applied position has been filled or
closed. This is done so we could re-consider candidates for other suitable positions and opportunities at Terra; so we
can use Candidate Information as a reference for future applications; and in case the candidate is hired, for additional
employment and business purposes related to their employment with us.

14. DIRECT MARKETING

You hereby agree that we may use your contact details provided by you for the purpose of informing you regarding
updates and offers related to our Services that may interest you and other related marketing materials. You may
withdraw your consent via sending a written notice to Terra by email to the following address: support@terra.security
or by clicking the “Unsubscribe” button displayed in the email you received.

15. UPDATES TO THIS PRIVACY POLICY

This Privacy Policy is subject to changes from time to time at our sole discretion. The most current version will always
be posted on our Services. You are advised to check for updates regularly. Terra may provide you with notices
concerning this Privacy Policy by using the e-mail address you provide in connection with your account registration on
the Services. By continuing to access and use our Services after any updates become effective, you accept and agree
to be bound by the updated Privacy Policy.

16. GENERAL INFORMATION

This Privacy Policy, its interpretation, and any claims and disputes related hereto, shall be governed by the laws of the applicable laws set out in the Terms and Conditions without respect to its conflict of law principles. Any and all such claims and disputes shall be brought in, and you hereby consent to them being litigated in and decided exclusively by a court of competent jurisdiction as set out in the Terms and Conditions.

17. HOW CAN I CONTACT YOU?

If you wish to exercise any of the aforementioned rights or receive more information, please email us at: support@terra.security.