Privacy Policy

Gnowbe Group Ltd. (“Gnowbe,” “we,” or “us”) respects your privacy and is committed to protecting it through our compliance with this policy. This Privacy Policy explains the types of information we collect from you, how we use and share that information, and your rights regarding it. This Privacy Policy applies when you access our website (www.gnowbe.com), our mobile applications, or any other online products, services, or applications offered by Gnowbe (collectively, the “Service”), or when you otherwise interact with us.

‍

We primarily host and process data in the United States, but we adhere to applicable privacy regulations, including the General Data Protection Regulation (GDPR) for EU/EEA users, the UK GDPR, and other relevant data protection laws.

1. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will revise the “Last Updated” date at the top. In some cases, we may provide additional notice (e.g., posting a statement on our homepage or sending you an email). We encourage you to review this Privacy Policy whenever you access or use the Service so that you remain informed about our information practices. Your continued use of the Service after any changes constitute your acceptance of the updated policy.

2. Information We Collect

2.1 Information You Provide to Us

We collect information you provide directly to us, for example when you:

• Register for an account on the Service.
• Create or modify your profile and user account.
• Upload, download, collaborate on, or share files and other User Content.
• Participate in an interactive feature (e.g., survey, contest, promotion, sweepstakes).
• Make a purchase or subscribe to our Service.
• Request customer support or otherwise communicate with us.

Types of Information

• Personal Details: Name, username, email address, photo, postal address, phone number, employer’s name, and job title.
• Transactional Information: Services purchased or subscribed to, billing address, payment details (in accordance with PCI DSS compliance where applicable).
• User Content: Files, materials, or other information that you upload or create within the Service.

Important: Do not provide us with any special category data (e.g., health, racial or ethnic origin, political opinions, religious beliefs, union membership, sexual orientation). If you do so, we disclaim all liability for such information. If we inadvertently receive special category data, we may delete or anonymize it to the extent feasible.

‍

2.2 Information We Collect Automatically

When you use the Service, we automatically collect certain information, including:

• Usage Information: Actions you take within the Service, such as the features you use, the content you upload, download, share, or access, and which Gnowbe web pages you visit.
• Log Information: IP address, access times, browser type and language, referring URLs, ISP information, and system configuration.
• Device Information: If you access the Service via mobile device, we collect device-specific details like hardware model, operating system, unique device identifiers, and mobile network information (as allowed by the platform).

2.3 Cookies and Other Tracking Technologies

We use cookies, web beacons (tracking pixels), and other technologies to:

• Remember your preferences and settings.
• Understand which areas and features of the Service are popular.
• Analyze site traffic and trends.
• Deliver and measure the effectiveness of marketing campaigns.

You can manage or disable cookies in your browser settings, but doing so may affect the functionality of the Service. For more details, see Section 10.3 (Cookies).

2.4 Information From Third Parties

We may receive information about you from third-party sources and combine it with the information we collect directly. For example, if you create or log in to your Gnowbe account through a social network (e.g., Facebook, LinkedIn), we may have access to certain profile information authorized by that platform’s terms.

3. How We Use Your Information

We may use your information for the following purposes:

• Service Delivery and Improvement
  • Provide, operate, maintain, and improve the Service.
  • Enable you to collaborate on and share User Content with others.
  • Process and complete transactions, billing, and account management.
• Communication
  • Send technical notices, updates, security alerts, and administrative messages.
  • Respond to your inquiries, comments, or support requests.
• Personalization
  • Tailor the Service, content, and features to better match your preferences.
  • Provide relevant advertisements or promotional information.
• Analytics and Research
  • Monitor and analyze usage trends and activities.
  • Conduct research, testing, and troubleshooting to improve user experience.
• Marketing and Promotions
  • Send you promotional messages, newsletters, offers, and surveys (where permitted by law or with your consent).
  • Process and deliver contest or sweepstakes entries and rewards.
• Security and Compliance
  • Investigate and prevent fraudulent transactions, unauthorized access, and other illegal activities.
  • Enforce our Terms of Service and comply with legal obligations.
• Other Purposes
  • As described to you at the point of data collection or with your consent.

4. Legal Bases for Processing (EU/EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we only process your personal data when we have a valid legal basis, including:

• Consent: Where you have given explicit consent (e.g., receiving marketing emails).
• Contractual Necessity: Where processing is necessary to provide the Service or perform a contract with you.
• Legitimate Interests: Where processing is necessary for our legitimate interests, provided those are not overridden by your rights and interests (e.g., analytics, fraud prevention).
• Legal Obligation: Where we have a legal obligation to process your data.

We strive to remain in compliance with GDPR and other relevant data protection regulations, ensuring that your data is handled lawfully, fairly, and transparently.

5. Sharing and Disclosure of Information

We do not share your personal information with third parties except in the limited circumstances described below or with your consent.

5.1 Vendors, Consultants, and Service Providers

We may share your information with third parties who provide services on our behalf (collectively, “Vendors”). These Vendors require access to your information to perform their tasks (e.g., data hosting, customer support, analytics). They are contractually obligated not to disclose or use it for other purposes.

5.2 Collaboration and Sharing Features

If you use collaboration or sharing features (e.g., sharing content via social media), the information you provide may be shared with others who have access to those features, including:

• Your name, email, or profile details.
• The User Content you choose to share.

5.3 Third-Party Applications

We may enable integrations with third-party applications or services at your request. If you choose to connect these, your information (e.g., username, email) may be shared to facilitate the integration. This Privacy Policy does not govern those third-party applications; we recommend reviewing their policies before connecting.

5.4 Compliance with Laws and Safety

We may disclose your information if we believe it is reasonably necessary to:

• Comply with any applicable law, regulation, legal process, or governmental request.
• Enforce our agreements, policies, or Terms of Service.
• Protect the security or integrity of our Service.
• Protect Gnowbe, our customers, or the public from harm or illegal activities.
• Respond to an emergency that requires disclosure to prevent death or serious injury.

5.5 Business Transfers

We may share or transfer your information in connection with (or during negotiations of) any merger, sale of company assets, financing, or acquisition of all or part of our business by another company.

5.6 Aggregated or Anonymized Data

We may share aggregated or de-identified data that does not directly identify you with third parties for analytics, research, marketing, or other legitimate purposes.

6. International Data Transfers

As mentioned, we primarily host and process data in the United States. When you use our Service or provide information to us, your information may be transferred to or processed in the US or in other countries that may not provide the same level of data protection as your home jurisdiction.

We rely on valid data transfer mechanisms, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Other recognized frameworks (e.g., the EU-U.S. Data Privacy Framework, if applicable).

We take appropriate measures to ensure that your personal data receives an adequate level of protection and that any international transfer complies with GDPR and other relevant laws.

7. Your Rights (EU/EEA/UK Users)

If you are in the EU/EEA or the UK, you have the right (subject to certain exceptions) to:

• Access your personal data and receive a copy.
• Rectify inaccurate or incomplete data.
• Erase your data (the “right to be forgotten”).
• Restrict or Object to how we process your data.
• Port your data to another service provider.
• Withdraw Consent at any time, where processing is based on consent.

To exercise these rights, please contact us at support@gnowbe.com. We will respond within applicable statutory timelines.

8. Retention of Your Information

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law or our legitimate business needs. When you deactivate your account or request deletion, we will take reasonable steps to delete or anonymize your personal data in accordance with legal obligations. However, we may retain archived copies for a limited period to comply with legal requirements, resolve disputes, and enforce our agreements.

9. Security

We are committed to keeping your data safe. No data transmission or storage system is 100% secure, but we take reasonable measures to protect your information from loss, theft, misuse, and unauthorized access or disclosure. These measures include:

• Encrypted data transmission (HTTPS).
• Access controls and authentication protocols.
• Regular security assessments and penetration tests.

You are responsible for keeping your account credentials confidential and for notifying us immediately of any suspected unauthorized use. Always log out and close your browser after your session.

10. Your Choices

10.1 Account Information

You may update, correct, or delete certain account information at any time by logging into your account. If you wish to deactivate your account, please contact us. We may retain certain information as required by law or for legitimate business purposes (see Section 8).

10.2 Marketing Communications

You may opt out of receiving promotional or newsletter emails by following the unsubscribe instructions in the email or by contacting us at support@gnowbe.com. We may still send you non-promotional emails (e.g., account or security notifications).

10.3 Cookies

Most web browsers accept cookies by default. You can usually modify your browser settings to remove or reject cookies or prompt you before accepting them. If you choose to disable cookies, some features of the Service may become unavailable or not function properly.

11. Children’s Privacy

Persons under 16 (or a higher minimum age as required by the laws in your jurisdiction) are not permitted to create accounts unless their parent or legal guardian has provided verifiable consent. If we learn that we have collected personal information from a child without proper consent, we will take steps to delete that information as quickly as possible. If you believe your child has provided personal information to us without your consent, please contact us at support@gnowbe.com.

12. Subprocessors

To support our operations, we may engage third-party companies (“Subprocessors”) to process personal data on our behalf. These include, for example:

• Amazon Web Services, Inc. – Cloud Service Provider – United States
• HubSpot – Cloud-based CRM – United States
• Instabug, Inc. – Cloud-based Bug Reporting – United States
• MailChimp – Cloud-based Marketing Automation Service – United States
• OneSignal – Cloud-based Push Notification Services – United States
• Postmarkapp, Wildbit, LLC – Cloud-based Email Notification Services – United States
• Rollbar, Inc. – Cloud-based Bug Reporting – United States
• Segment.com – Cloud-based Data Infrastructure – United States
• Twilio – Cloud-based Communications Platform – United States
• Zendesk, Inc. – Cloud-based Customer Support Services – United States
• DeepL, SE – Cloud-based AI Services – Germany
• Google Cloud Platform – Cloud-based AI Services – United States
• OpenAI, LP – Cloud-based AI Services – United States
• Anthropic PBC – Cloud-based AI Services – United States
• Mixpanel, Inc. – Cloud-based Analytics Services – United States

We will update this list periodically. Each Subprocessor is vetted and contractually obligated to process personal data only as necessary to provide services to Gnowbe, in compliance with GDPR and other applicable privacy regulations.

13. Accountability for Onward Transfers

For data transferred from the EU/EEA, UK, or Switzerland, we remain responsible under applicable data protection laws if our third-party vendors process personal information in a manner inconsistent with legal requirements or our contractual obligations, unless we prove that we are not responsible for the event giving rise to the damage.

14. Recourse, Enforcement, and Liability

If you have any questions or complaints about our handling of your personal data, please contact us first at support@gnowbe.com. We will do our best to resolve the issue. If you are located in the EU/EEA or the UK and believe your complaint has not been adequately resolved, you have the right to contact your local supervisory authority.

15. Links to Third-Party Websites

Our Service may contain links to websites or services operated by third parties. This Privacy Policy does not apply to those websites. We encourage you to read the privacy policies of such third parties to understand their data practices.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please email us at:

support@gnowbe.com