EFFECTIVE DATE: Friday, 28 March 2014

Privacy Policy

Shadowserver is committed to protecting the privacy of individuals who visit our Website ("Visitors"); Shadowserver's members, recruits, contractors, and affiliated organizations (the "Members"); the non-member users of the Shadowserver IRC channels and discussion groups ("Friends"); and the persons, companies, and organizations who sign up for Shadowserver's services as defined below ("Customers") (collectively "Users"). This Privacy Statement describes Shadowserver's privacy practices in relation to the use of Shadowserver's Website, the Shadowserver IRC channels, the Shadowserver mailing list, and the related applications and services offered by Shadowserver (the "Services").

Unless specifically defined, terms used throughout this statement have the same definitions as those given in the Shadowserver Terms of Service, available at https://www.shadowserver.org/wiki/pmwiki.php/Shadowserver/TermsOfService.

For your convenience, we offer a quick guideline to our Privacy Statement in the box on the right.

Information we collect

  • Like most website operators, Shadowserver collects information of the sort that web browsers and servers typically make available through the use of commonly-used information-gathering tools such as cookies (please see our section on "Cookies" for details). This information includes the visitor's browser type, language preference, referring site, additional websites requested and the date and time of each Visitor request. We also collect potentially personally-identifying information like Internet Protocol (IP) addresses. Shadowserver's purpose in collecting non-personally identifying information is to better understand how our Visitors use our website.
  • You may visit our Website without creating an account, but you will not have full access to our Service. Visitors who wish to use the Service must create an account, thus becoming a User. To create an account, Users must either provide Shadowserver with personal contact information, such as a username, password, and email address. Visitors may also provide User Personal Information through entering into a contractual agreement with Shadowserver, such as a license agreement.
  • Either form of account creation may create "User Personal Information," which is any information about a User which could, alone or together with other personally-identifying information, personally identify him or her. Shadowserver collects User Personal Information only with your consent. User Personal Information may include, without limitation, information you provide us directly, such as your name, email address, and location, or information we collect through your use of our Services, such as your preferences or your search terms. We only gather the information you give us access to, and we only use it as described below.
  • User Personal Information does not include aggregated, non-personally identifying information. You may refuse to supply personally-identifying information, however, that refusal may prevent you from using Shadowserver's Services.
  • Shadowserver only collects the minimum amount of personal information necessary or appropriate to fulfill the purpose of your interaction with us.
  • To fulfill its business purposes, Shadowserver also collects certain potentially personally-identifying and personally identifying information about third parties that are not affiliated with Shadowserver ("Third Party Personal Information"). Shadowserver collects such information only insofar as is necessary or appropriate to fulfill its business purposes. Third Party Personal Information does not include:
    • publicly available information that is lawfully made available to the general public from federal, state, or local government records;
    • information not about an individual (e.g., information about a company or organization); or
    • aggregated, non-personally identifying information.
  • Shadowserver does not knowingly collect information from, or direct any of our content specifically to, children under the age of 13. If you are under 13, you may not create an account and you may not send us any personal information without parental consent. If we learn or have reason to suspect that a User of our Service is under the age of 13, we will promptly delete any personal information in that User's account.

How we use the information we collect

  • Shadowserver uses User Personal Information to perform and provide the Services you request, such as granting access to the Shadowserver IRC channels or generating reports.
  • Shadowserver may also use User Personal Information to communicate with Users. For instance, we may use information you provide to send you news about current Shadowserver research, or to notify you if our policies change.
  • Shadowserver may use aggregated, non-personally identifying information gathered from our web server to operate, improve, and optimize our Website and Services.
  • Shadowserver may use Third Party Personal Information to fulfill its business purposes. Examples of Shadowserver's use of Third Party Personal Information include, without limitation, performing research and analysis on current malware and botnet threats; documenting security threats; and generating reports and notifications to affected organizations and entities.

Sharing the information we collect

  • We do not disclose User Personal Information outside Shadowserver, except as described below or in our section on "Compelled Disclosure."
  • Shadowserver may share User Personal Information with your consent, to perform services you have requested.
  • Shadowserver discloses User Personal Information only to those of our employees, contractors, and affiliated organizations that (i) need to know that information in order to process it on our behalf or to provide or improve our Service, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors, and affiliated organizations may be located outside of your home country; by using Shadowserver's Services, you consent to the transfer of such information to them. Please see "Gathering and protecting the information we collect" for more details.
  • Shadowserver may partner with other companies or organizations for the purpose of research and analysis. Shadowserver does not share User Personal Information with our business partners, but we may share Third Party Personal Information to business partners that (i) need to know that information in order to achieve the purpose, and (ii) have agreed not to disclose it to others.
  • Shadowserver may share User Personal Information if we are involved in a merger, sale, or acquisition. If any such change of ownership happens, we will continue to ensure the confidentiality of User Personal Information, and we will notify you before any transfer of User Personal Information on our Website. The purchaser will have to honor any promises we have made in this Privacy Statement or in our Terms of Service.
  • Shadowserver does not share, sell, rent, or trade User Personal Information with third parties for their promotional purposes.
  • Shadowserver may share Third Party Personal Information to those Members that (i) need to know that information in order to process it for Shadowserver's business purposes, and (ii) that have agreed not to disclose it to others.
  • Shadowserver may share Third Party Personal Information to Customer organizations seeking reports or data about themselves, in which case Shadowserver will disclose only such information as pertains to the individual Customer organization (or to the organization's designated agent with the explicit permission of the Customer organization). Shadowserver may also share Third Party Personal Information in the form of aggregated, non-personally identifying reports, or as described in Section 5.
  • Shadowserver does not use advertising on our Website or Service.
  • Shadowserver does not permit third-party tracking across our Website or Service.
  • "Do Not Track" is a privacy preference Users can set if they do not want web services to collect certain kinds of information about their online activity. There is no standard for setting and receiving "Do Not Track" preferences, or other mechanisms that allow Users to opt out of certain kinds of collection of personal information. Therefore, we cannot promise that we comply with all methods of opting out of tracking. We do not monitor or respond to "Do Not Track" preferences. However, Shadowserver does not track its Users on third-party sites, and we do not permit third-party tracking across our Website or Service.

Our use of cookies

  • Shadowserver uses cookies to make interactions with our Website easy and meaningful. A cookie is a small piece of text that our web server stores on your computer or mobile device, which we can then retrieve as needed. Cookies do not necessarily identify you if you are merely visiting the Shadowserver.org Website; however, a cookie may store a unique identifier for each logged in User.
  • Shadowserver uses temporary, or "session-based," cookies, which are removed when you close your web browser or reboot your computer or device. We use session-based cookies to provide services to you while you navigate our website; remember that you are logged in; and increase website security.
  • Shadowserver uses permanent, or "persistent," cookies, which remain stored on your computer or device until deleted, or until they reach a specified date of expiration. We use persistent cookies to enable our website to remember you each time you visit our website and keep track of your preferences in relation to your use of our website.
  • The cookies Shadowserver sets are essential for the operation of the Website, or are used for performance or functionality. By using our Website, you agree that we can place these types of cookies on your computer.
  • Shadowserver uses Google Analytics to help improve our Users' experience. Google Analytics uses both session-based and permanent cookies to collect information about how our Website performs and how our Users use the Website and Service. The Google Analytics tool helps us evaluate and monitor Users' use of our Website, compile statistical reports on activity on the Service, and improve our content. It may collect more information than Shadowserver collects. Google stores the information these cookies generate.
  • Shadowserver will not, nor will we allow any third party to, use the Google Analytics tool to track our Users; collect any User Personal Information other than IP address; or correlate your IP address with the identity of any User. Google provides further information about its own privacy practices and allows the ability to opt out of Google Analytics tracking here.
  • You may disable your browser or device's ability to accept cookies, but if you do, you will not be able to use Shadowserver's Services.

Gathering and protecting the information we collect

  • Shadowserver takes all measures reasonably necessary to protect User Personal Information and Third Party Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User
  • Personal Information and Third Party Information. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.
  • Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this privacy policy.

Compelled Disclosure

  • Shadowserver discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Shadowserver, third parties, or the public at large.

Your access to and control of the information we collect

  • Shadowserver Users may access, update, alter, or delete their basic user profile information by editing their user profile or contacting admin@shadowserver.org.
  • Shadowserver will retain User Personal Information for as long as your account is active or as needed to provide you services.
  • If you wish to cancel your account, delete your User Personal Information, or request that we no longer use your information to provide you services, please contact admin@shadowserver.org. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile within 30 days.
  • Customers may alter their User Personal Information as described above. However, Customers organizations and third parties may not alter or delete data Shadowserver has accumulated about them.
  • Shadowserver does not send marketing emails to our Users; however, Shadowserver does maintain a discussion mailing list. You may manage your receipt of these communications by clicking on the "unsubscribe" link located on the bottom of Shadowserver's emails.

Changes to this Privacy Statement

  • Although most changes are likely to be minor, Shadowserver may change its Privacy Statement from time to time, and in Shadowserver's sole discretion. We encourage visitors to frequently check this page for any changes to our Privacy Statement.
  • We will provide notification to Users of material changes to this Privacy Statement through our Website at least 30 days prior to the change taking effect.

Contacting Shadowserver

  • Questions regarding Shadowserver's Privacy Statement or information practices should be directed to admin@shadowserver.org.