Privacy Policy

PRIVACY POLICY

Last Modified June 1, 2021

This information is also available to download as a pdf here.

Within this Privacy Policy, “you” are a User of the Website (as defined below), and “we”, “us”, “our” or “OISF” refers to Open Information Security Foundation Inc., an Indiana nonprofit corporation. Collectively, all users of the website may be referred to as “Users” in this Privacy Policy. Unless otherwise noted, each section and provision of this Privacy Policy applies to all Users. Any terms used herein but not defined have the meaning set forth in our Terms of Use, located at https://oisf.net/terms-of-use/.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use the Services, as defined in the Terms of Use. By accessing or using the Services, you agree to this privacy policy. By using the Website, or by clicking to accept or agree to the Privacy Policy when this option is made available to you, you accept the terms herein. If you do not want to agree to these terms, you must not access or use the Website.

The Suricata Forum is provided through Civilized Discourse Construction Kit, Inc. (“Discourse”). Discourse may have access to your data including data that OISF does not have access to. For more information regarding how Discourse may use your data, including personal information, you should visit their policies. We are not responsible for any of Discourse’s policies or the use of your information, including personally identifiable information, by Discourse or by any third-party site Discourse may engage or share your information with.

We reserve the right to change this Privacy Policy at any time. Such changes, modifications, additions, or deletions shall be effective immediately upon notice thereof, which may be given by means of posting a notification on this site or by other means. It is your responsibility to review this Privacy Policy periodically and to be aware of any modifications. Your continued use of the site after such modifications will constitute your acknowledgment of the modified Privacy Policy and you agree to be bound by the modified Privacy Policy.

1. The Information We Collect. We may collect certain information from you described in the categories below (collectively referred to herein as “Information”):

1.1. Information by which you may be personally identified, such as your name and email address (collectively, “Personal Information”);
1.2. Information regarding how the Services are accessed and used by you, including but not limited to your internet protocol address, browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, the content and advertisements you have accessed or seen, and other diagnostic data (“Usage Data”); and/or
1.3. Tracking technologies to track the activity on the Services, including but not limited to session cookies, preference cookies, security cookies, web beacons, tags, and scripts to collect and track information and to improve and analyze the Services, which may be collected directly through the Services or via third-parties providing analytic services to us (“Tracking Data”).

Usage Data and Tracking Data may be collected for every User of the Websites. Personal Information is collected (i) for Users of the Suricata Forum when Discourse provides it to us or gives us access to such information, and (ii) for all Users, when you submit a request through any of the Websites in which you provide Personal Information to us. However, if any Information is provided to OISF in any manner by any User, this Privacy Policy will apply to such Information.

2. Collection of Information. We collect Information directly from you when you provide it to us through the use of any of our Services; automatically as you navigate through the Website and Services; and from certain third parties, including Discourse, and those parties more fully set forth below. Without limiting the generality of the foregoing:

2.1. We may collect information that Users choose to provide publicly on the Suricata Forum. All such contributions will be available to any person or entity having access to the Website. Any such contributions will be considered non-confidential, non-proprietary, and public. You should not post any submission or provide any information on the Suricata Forum that you do not desire to be made public.
2.2. We may work with third parties to monitor and provide analyses of the Usage Data and Tracking Data, including browsing patterns of visitors to our Website by tracking non-personally identifiable information about our visitors. Such third parties may include, for example, but are not limited to Google Analytics, Google AdWords, and Facebook. We may also work with third parties to provide us with additional opportunities to engage with you, such as social media providers who may collect your data on our behalf or provide advertisements to you based on your interests. Each third party may also set forth its own privacy policy.
2.3. Information may be obtained through the use of cookies, which are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device that can later be retrieved to identify you to us. To give you the best online experience possible we may use cookies or similar technologies; cookies make your use of the site easier, make the site run more smoothly, and help us to maintain a secure site. Cookies do not contain personally identifiable information; however, once you choose to enter our site with personally identifiable information that information may be linked to the data stored in the cookie. You expressly consent to the installation of cookies. However, you may be able to change your privacy preferences regarding the use of cookies and similar technologies through your browser. You are always free to decline our cookies if your browser permits, but some parts of our site may not work properly in that case. If you do not accept cookies, you may not be able to use some portions of the Services.

3. How We Use Information.

3.1. We may use the Information you provide about yourself to:

A. operate our Website, improve and tailor the Services to better fit our Users, to personalize your User experience, and to improve our marketing and promotional efforts;
B. perform or fulfill Services requested by you;
C. deliver information to you about our products and services;
D. inform you of changes to our Websites, Terms of Use, or this Privacy Policy, and to solicit additional information from you or to respond to requests or inquiries from you;
E. perform statistical, demographic, and marketing analyses of Users, and for such other purposes as it may deem necessary or beneficial to it from time to time; and
F. resolve disputes, troubleshoot problems and enforce our agreements with you, including under this Privacy Policy or our Terms of Use.

3.2. We may also use your Information to fulfill any other purpose for which you provide it, in any way we may describe when requesting the information, and for any other purpose with your consent. When you use certain Services, you are opting to receive certain messages from OISF and we will use your Information for such purposes.

3.3. OISF will not sell or rent your Personal Information. We may share de-identified or aggregated Information for certain marketing or advertising uses to promote the Websites. We may use and share your Personal Information with affiliated and non-affiliated organizations as necessary to perform business purposes as follows:

A. To our subsidiaries and affiliates, and to contractors, service providers, and other third parties affiliated with us in order to continue to develop our Website, improve our Services, and provide the Services to you.
B. As part of a transfer or assignment if we are acquired by, sold to, or merged with another entity, or otherwise reorganized or liquidated.
C. In response to legal process, court order, or government or regulatory request; to enforce other agreements with you, and if we believe disclosure is necessary or appropriate to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, to verify or enforce compliance with the policies governing our sites and applicable laws or as otherwise required or permitted by law or consistent with legal requirements.
D. With IT service providers (including IT platform provides and website analytic service providers) in order to provide the Services to you and to analyze your use of the Services, such that they may support our IT systems, provide hosting, processing and analyzing services with respect to information and data collected, and provide maintenance of such systems, in the course of the performance of a contract or on the basis of other legitimate interests.
E. With our agents and other service providers, in order for the same to perform function on our behalf, such as hosting, billing, notification, storage, content management, analytics, customer service, fraud protection, etc., in the course of the performance of a contract, on the basis of other legitimate interests, by legal obligation, or through your consent.

4. Children. The Website and Services are not directed to children under 16. We do not knowingly collect Personal Information from children under 16. If you become aware that a child under 16 has provided us with Personal Information without parental consent, please contact us. If we become aware that a child under 16 has provided us with Personal Information without parental consent, we will take steps to terminate the child’s Registered User account and delete any Personal Information provided to us.

5. Terminating your Account. Terminating your Account. If you have an account on the Suricata Forum, you can close your account by visiting https://www.discourse.org/contact. If you close your account, any information or submissions previously submitted to the Suricata Forum will remain on the Suricata Forum and remain subject to our policies. We may also maintain residual copies of your information in our backup systems unless prohibited by law, or unless you opt-out pursuant to the terms of this Privacy Policy.

6. California Consumer Privacy Act. The following provisions apply to you if you are a California resident or use our Services in California. For the purposes of this Section 6, “Personal Information” is information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device, and does not include information that is publicly available, or deidentified or aggregated information.

6.1. You have the right to request that we disclose to you (i) the categories of, and specific pieces of, Personal Information that we have collected about you; (ii) the categories of sources from which the Personal Information was collected; (iii) the business or commercial purpose for collecting such Personal Information; (iv) if any, the categories of third parties with whom we have shared such Personal Information; and (v) if any, the categories of your personal information that we have disclosed to third parties for a business purpose.
6.2. You have the right to request that we delete any Personal Information about you which we have collected from you, unless that information is necessary for us to retain pursuant to Cal. Civ. Code § 1798.105(d), which for instance, allows retention of such information for completing the transaction for which the Personal Information was collected, detecting security incidents, or complying with a legal obligation.
6.3. To submit requests for information or deletion pursuant to this Section 6.1 or 6.2, you may reach out via email to info@oisf.net. Please note that we can only delete information which is stored on our systems.
6.4. For a request under Section 6.1, we will endeavor to disclose and deliver requested information to you, without charge, within 45 days of receiving your request, and if an extension of such timeframe is reasonably necessary, we will provide you notice of such extension. The information provided will cover the 12-month period preceding our receipt of your request. We not required to provide such information more than twice in a 12-month period. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We are not required to, and may not in some cases, retain Personal Information about you if you have submitted the Personal Information in a one-time transaction.
6.5. We will not discriminate against you in violation of Cal. Civ. Code § 1798.125 for exercising your rights set forth in this Section 6.
6.6. We do not sell, or disclose, release, transfer, or otherwise communicate your Personal Information to any third-party for monetary of other valuable consideration.
6.7. We have collected certain information from the following categories of Personal Information as set forth in CA Code 1798.140(o)(1), from our users in the past 12 months: (i) identifiers, such as a real name, alias, online identifier, Internet Protocol address, email address, or other similar identifiers; (ii) internet or other similar network activity information, including, but not limited to, as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement; (iii) geolocation data; and (iv) inferences drawn from other personal information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, or trends.

7. Opt-Out. If at any time you do not wish to receive certain communications stated herein from us, you may “opt-out” by writing to us by emailing info@oisf.net. It may take up to 15 days for the change to be fully effective. Please note that in order to retain an account on the Suricata Forum, you may be unable to opt out of all communications from us, such as legal notices.

8. Security of Your Information. We have put in place industry-standard procedures to safeguard and help prevent unauthorized access, to maintain data security, and to use correctly the information we collect online, such as dedicated virtual private servers, a web application firewall, an encrypted database, and no third party access to the server. Unfortunately, we cannot guarantee that 100% of the data transmissions are secure. Therefore, while we strive to protect your personally identifiable information, you acknowledge that: (a) there are limitations to security and privacy of the Internet that are beyond our control; (b) the security, integrity and privacy of your personally identifiable information exchanged between you and us cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party.

9. Privacy Policies of Third-Party Sites. Except as otherwise discussed in this Agreement, this document only addresses the use and disclosure of Information we collect from you. Other sites accessible through our Website (including GitHub and Discourse) have their own privacy policies and data collection, use and disclosure practices. We may offer third party products or services (or allow third parties to advertise the same) via the Websites. Please consult each site’s privacy policy and terms of use. We are not responsible for the policies or practices of third parties.

For questions or suggestions regarding this Privacy Policy, please contact us at info@oisf.net.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.