SEARCH
CONTACT US
LASTLINE BLOG
SCHEDULE A DEMO
CONTACT US
SCHEDULE A DEMO
 

Privacy Policy

This Privacy Policy applies to www.lastline.com and our Service platform owned and operated by Lastline, Inc. (“Lastline”) that uses our customer’s Personal Data only in connection with the administration of their account as set forth in this Privacy Policy (“Policy”). Lastline respects the privacy of our customers and is committed to protecting the Personal Data that they share with us. This Policy describes how Lastline collects, uses, shares, secures and processes information from the networks of our customers in the course of providing threat detection Services (“Services”), and outlines the ways in which our customers can control our use of that information.

Terms

  • Artifact – means any potentially Malicious file, URL, email content, or other material collected by the Sensor or submitted by the Customer to the Licensed Product for analysis.
  • Artifact Sharing – means the sharing of Suspicious and Malicious Artifacts with Lastline as determined by the product SKU purchased by the customer. Customers not wishing to share Suspicious or Malicious Artifacts with Lastline can purchase an On-Premises Private or On-Premises Air Gap deployment.
  • Benign – Those Artifacts Lastline scores as 0-29.
  • Hosted –The Licensed Product is installed in a hybrid deployment where the Lastline deployment leverages a multi-tenant Hosted platform installed in the Lastline Datacenter and sensors deployed at various sites in the customer’s network.
  • Malicious – Those Artifacts Lastline scores as 70 or higher.
  • Meta data – Is data that describes the Artifact and results of the analysis of the Artifact.
  • On-Premises Artifact Sharing – The Licensed Product is installed in a data center located at a Customer’s site.  The Customer’s deployment shares information about Suspicious and Malicious Artifacts identified by their system with Lastline.
  • On-Premises Private – The Licensed Product is installed in a data center located at a Customer’s site.  The Customer’s system does not share any Artifacts with Lastline but is capable of receiving information about Malicious Artifacts from Lastline.
  • On-Premises Air Gap – The Licensed Product is installed in a data center located at a Customer’s site.  The Customer’s system shares no information with Lastline and does not receive any information about Malicious Artifacts from Lastline.
  • Personal Data – means any information relating to an identified or identifiable natural person (“data subject”) who can be directly or indirectly identified in particular by reference to an identifier, such as name, location etc.
  • Services – Means the analysis of Artifacts provided by Lastline to Company.
  • Suspicious – Those Artifacts Lastline scores between 30 and 69.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

Lastline participates in, and has certified its compliance with, the EU-US. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all Personal Data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List. [https://www.privacyshield.gov]

Lastline is responsible for the processing of personal data it receives under each Privacy Shield Framework and subsequently may transfer it to a third party acting as an agent on its behalf. Lastline complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer of liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Lastline is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have unresolved privacy or data use concerns that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Lastline commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Information the Lastline Product Collects

Lastline analyzes the traffic on a network and is designed to detect threats posed by malware, as well as communication with Malicious hosts on the internet. Lastline will collect and analyze certain Artifacts (files, URLs, as well as web and email content that could pose a threat to the organizations) that are transmitted via web traffic and as email attachments.

Lastline takes steps to avoid collecting information from our customer’s network that could personally identify their end users or collect or view any data that could be reasonably associated to such information.  However, the data we collect through our Services to identify security risks may also contain some Personal Data (i.e. username, email address or IP address). This information is only used in protecting the IT infrastructure of the organization

Information Lastline Inspects

Network traffic, including:

  • The domain names resolved on the network including the host (IP Address) that resolved the domain.
  • The content of some network connections that could pose a risk to an organization.
  • Network flows to which Lastline network sensors have visibility.
  • Executable programs, scripts, documents or other potential Artifacts that may contain executable code downloaded via the web (if Lastline network sensors are deployed) or sent as email messages and attachments (if Lastline email sensors are deployed).
    • This includes email headers and any potentially malicious content in the email body.
    • Refer to the Lastline Technical Support Knowledge Base for explicit details on files Lastline is able to analyze.
  • In On-Premises deployments of Lastline product offerings, with Artifact Sharing enabled (default behavior), the following Artifacts are shared with Lastline:
    • Artifacts Lastline identifies and scores as Suspicious (30+) or Malicious (70+) [default; users customizable] are shared with Lastline for additional analysis.
    • These sharing options can be altered by the customer pursuant to their license agreement to expand file types shared with Lastline. (customers may refer to the Lastline Technical Support Knowledge Base or the user documentation for additional information regarding this functionality.)

Email contents, including:

  • Header information from email messages inspected by the Lastline Sensor or submitted via the API.
  • In hosted Deployments: Potentially Suspicious or Malicious Email Attachments
  • On-Premises Artifact Sharing Deployments: Any submitted Suspicious and Malicious content.

Information Lastline Retains

  • Alert information, as well as activity that could become an alert, is collected whenever a computer is attached to a customer’s network and performs Malicious activity for the purpose of providing organizations with meaningful reports regarding their security posture.
    • In On-Premises deployments, this data is stored on the local Manager, and not share with Lastline
    • In Hosted deployments, this data is stored in the Lastline Data Center.
  • Lastline will retain versions of all content submitted to the Lastline Hosted infrastructure, directly leveraging the UI or via the API. Artifacts are retained if submitted via the API, unless the delete after analysis flag has been set in the API call. Artifacts are always retained when submitted via the UI.
  • For customers with a Hosted deployment, Lastline will retain all Artifacts captured by the Lastline Sensor as well as any file the user uploaded or has configured to be uploaded to the system.
  • Lastline will generate and retain metadata as well as subsequent stage Artifacts generated during the Lastline analysis. This includes metadata about the file and behaviors observed during analysis, process snapshots, screenshots of analyzed content.
  • Customers with On-Premises systems can use the configuration options provided in the product portal to view, manage, and disable information that should never be shared/transmitted to Lastline. All data is retained for customers with a Hosted deployment for 30 days after the term of the agreement.

Information Lastline Shares

  • Lastline will share the hashes and Meta data about Malicious Artifacts that are detected within a Hosted or On-Premises deployment (if Artifact Sharing is enabled).
    • Metadata about the file is not available to a customer, unless that customer’s Lastline deployment has analyzed the same Artifact, or the Artifact is publicly available on the Internet.
  • Lastline may exchange some Malicious Artifacts and Artifact metadata submitted to the Lastline Platform with other cyber security vendors, with whom we have a confidentiality agreement, to allow both vendors to improve and enhance their respective technologies to defend against new threats or attack vectors.
    • Pursuant to the license agreement, Customers can opt-out of this level of sharing any Malicious Artifacts with Lastline by sending an email to support@lastline.com.

Information Lastline Collects

In order for a customer to license our products and obtain technical support Services, we will collect certain Personal Data, such as the first and last names of our contacts, mailing address (including postal code), email address, cell phone or work phone. This information is used only in connection with the administration of a customer’s account with Lastline and for no other purpose.

For the purpose of marketing activities, we may collect the following Personal Data from you: name, title, location, company name, phone number and email address via our website, if you wish to request some types of product or company related content, a product demo or contact us for other reasons.

If you believe that we have inappropriately collected your Personal Data and you would like to request that it be removed from our databases, please contact our Data Protection Officer at privacy@lastline.com.

User Data Supplementations

We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data and may combine this data with information we already have about you. This is to help us update, expand and analyze our records, identify new customers, and provide products and Services that may be of interest to you. If you provide us Personal Data about others, or if others give us your information, we will only use that information for the specific purpose for which it was provided to us.

Examples of the types of Personal Data that may be obtained from public sources or purchased from third parties and combined with information we already have about you, may include:

  • Address information about you from third party sources, such as the U.S. Postal Service, to verify your address so we can properly send necessary correspondence.
  • Purchased marketing data about our prospects or customers from third parties that is combined with information we may already have about you to create more tailored information about our products.

In order to opt-out of our marketing communications, please send a request to our Data Protection Officer at privacy@lastline.com.

How We Use the Data We Collect

Lastline does not sell, trade or rent to third parties any of the information we collect from our customer’s network, or Personal Data (together “the Data”). We may use the Data that we collect for the following purposes:

  • To provide our customers with our Services;
  • To provide our customers with customized content;
  • To process and respond to inquiries related to the Services or to our customer’s account;
  • To provide our customers with important notices relating to the Services, including scheduled downtime and updates to the software;
  • To provide, maintain, protect and improve our Services; and
  • To protect Lastline and our customers.

Tracking Technologies

Lastline and its partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.

As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.

We partner with a third party to implement marketing programs promoting Lastline and our products on third-party websites using cookies or similar technology. As part of this process we do not collect any Personal Data about website visitors. Anyone can remove themselves from these programs simply by erasing the cookies on their computer. If you also wish to opt-out of interest-based advertising click here or if located in the European Union click here. Please note that you will continue to receive generic ads on some websites other than Lastline.com; this is outside of the control of Lastline.

The use of cookies by our partners, affiliates, tracking utility company, and service providers is not covered by this Policy. We do not have access or control over these cookies. Our partners, affiliates, and service providers use session ID cookies to understand usage patterns on the website. These companies are obligated to protect our customer’s Personal Data in accordance with their own policies, and Lastline is not responsible for the privacy practices of other companies’ websites or Services to which our products and Services may link or otherwise refer.

In order to personalize communications with our customers and to improve our Services, we may also ask you to provide consumer satisfaction information regarding your experience with our Services. You have the option of choosing not to provide that information.

Third Party Partners

To provide the Lastline Hosted and some On-Premises Services, we may share submitted Artifacts and other meta data with third parties that provide Services, such as information processing, data storage and security Services, for instance Cloud hosting and data service providers.  These third parties are only authorized to use our customer’s data as necessary to provide Services to Lastline and are obligated to protect our customer’s network data with provisions at least as protective as those contained in this Policy, and each such provider has security measures in place at least as protective as those described in this Policy.

Sharing with Service Providers

We may share your information with third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your Personal Data only as necessary to provide these services to us. These services may include:

  • Delivering letters or packages
  • Payment processing
  • Providing customer service
  • Sending marketing communications
  • Conducting research and analysis
  • Providing cloud computing infrastructure

Legal Notice

We may disclose your Personal Data as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

If Lastline is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership, uses of your Personal Data, and choices you may have regarding your Personal Data.

We may also disclose your Personal Data to any other party with your prior consent.

Protection of Personal Data

Lastline takes precautions, including administrative, technical, and physical measures, to safeguard our customer’s Data against loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration and destruction.

Lastline uses industry-standard efforts to safeguard the confidentiality of Data, including encryption, firewalls and SSL (Secure Sockets Layer). We have implemented reasonable administrative, technical, and physical security controls to protects against the loss, misuse, or alteration of our customer’s Data.

Lastline as a Service Provider

Lastline collects information under the direction of its customers and has no direct relationship with the individuals whose Personal Data it processes. If you are an employee or client of one of our customers and have questions, please contact your IT Security Team or Managed Service Provider for additional information. We may transfer contact information of customers and prospects to companies that help us provide our Service. Transfers to subsequent third parties are covered by the service agreement with our customers.

Lastline acknowledges that you have the right to access your Personal Data. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to our customer (the data controller). If requested to remove data, we will respond within a reasonable timeframe.

Access & Data Retention

Upon request, Lastline will provide you with information about whether we hold any of your Personal Data. If you wish to correct, amend, cancel your account or request that we no longer use your information to provide Services, you may contact us at: info@lastline.com. We will respond to your request within a reasonable timeframe. We will retain your information for as long as your account is active or as needed to provide you with our Services. We will retain and use your information only as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Newsletter Preferences

You may sign up to receive an email or newsletter or other communications from us. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or at your member profile on our website or by contacting us at support@lastline.com.

Notification of Privacy Policy Changes

We may update this Policy from time to time to reflect changes to Lastline’s information practices. If we make any material changes, we will notify you by email (sent to the email address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage our customers to periodically review this page for the latest information on our privacy practices.

Lastline, Inc.
203 Redwood Shores Parkway, Suite 500
Redwood City, CA 94065
privacy@lastline.com