LAST UPDATED: July 6, 2020

A. INTRODUCTION

Huntress Labs Incorporated ("Huntress Labs" or "We" or "Us") has created this Statement in order to inform and disclose its data collection and dissemination practices for the Huntress Security Platform ("Huntress Security Platform" or "Platform"). This Statement contains numerous details describing the steps we take to respect your privacy concerns.

Please read this document in its entirety. It provides important information that you should be familiar with before using the Platform. We reserve the right to modify this Statement at any time. A current version can always be found at https://huntress.io/privacy.html

By using the Platform, you help us identify new threats and provide better protection for all Huntress Labs' customers. The information collected is used by Huntress Labs to enhance the Platform and to further advance solutions against malicious software.

Data collection is integral to the Huntress Security Platform. Do not use the Platform if you do not agree to provide the data required for the Platform to properly function.

Legal Issues (if applicable)

Huntress Labs may be subject to the laws of several jurisdictions because the Platform may be used in different jurisdictions, including the United States of America. Huntress Labs shall disclose information without your permission when required by law, or in good-faith belief that such action is necessary to investigate or protect against harmful activities to Huntress Labs guests, visitors, associates, property or to others. As mentioned above, laws related to data and information processed by Huntress may vary by country.

Huntress Labs may be required by law enforcement or judicial authorities to provide some information to appropriate governmental authorities. If requested by law enforcement or judicial authorities, we shall provide this information upon receipt of the appropriate legal documentation. Huntress Labs may also provide information to law enforcement to protect its property and the health and safety of individuals as permitted by statute.

B. COLLECTED INFORMATION

We may collect both personally identifiable information ("PII") and non-personally identifiable information ("Non-PII"). PII is information that is either: (1) expressly provided by you, such as your name, or (2) information that can be used either alone or in combination with other information to personally identify you, such as your email address, phone number, and user name. Non-PII is all information that is not PII or is information that was PII but which we modify and/or aggregate with other data in order to make it Non-PII.

In addition, we may retrieve files as part of the Huntress Security Platform. The files provide additional data to analyze for security threats. Files, file names, file paths, and computer names, for example, may contain PII if such information is included therein. The information in these files, including PII, is used solely for the purpose of assisting in the identification of potential security threats, and for no other reason.

We use PII to shape our external communication and for messaging efforts. Other than the exceptions noted below, we do not share PII with third parties.

Analytics

Our servers automatically record information about how a person ("User") uses the Platform ("Log Data"). Log Data may include a User's Internet Protocol (IP) address, browser type, operating system, web page that the User was visiting before accessing our server, search terms, and the pages or features of the Platform accessed by the User and the time spent there. We may share Log Data with web analytics service providers.

Third-Party Service Providers

We may engage third-party service providers to administer and provide our services. We may provide PII to such third parties only for the purpose of performing services on our behalf. We require such third parties to agree not to disclose your PII or use your PII for any other purpose.

Business Transactions

Information that we collect from Users, including PII, is considered a business asset. Accordingly, if we go out of business or enter bankruptcy, or if we are acquired, e.g., as a result of a transaction such as a merger, acquisition, or asset sale, your PII may be disclosed or transferred to the third-party acquirer in connection with the transaction.

C. INFORMATION RECEIVED VIA SOFTWARE

In order to identify new security threats and to quickly send notification of threats and suspicious applications, the User agrees that the Huntress Agent software ("Software" as defined in the Huntress Platform Terms of Service) automatically provides the following information to us:

• Information about applications configured to autostart in any pre-programmed, scheduled, or automated way. This information may include all data associated with the launch and execution of such autostarting applications including (but not limited to) registry data and user account information, as well as the user environment the application runs under;
• Details about files associated with the autostarting applications (executable files, libraries, script files, and configuration files) consisting of the file's attributes, size and checksums (MD5, SHA1, SHA2-256), creation/build date and time, change/modification date and time, autoplay status, names of packers, information about signatures, executable file flag, format identifier, and entropy, file name and full path, the file's digital signature and timestamp of its generation, and file header.

For additional examination, the User agrees that the Software automatically provides to us files (executable files, libraries, script files, and configuration files) for and related to autostarting applications that the Platform has not catalogued. Additionally, the following information about the file will be collected:

• The name of a file being collected, including its full path on the computer;
• The file size and file change and/or modified date;
• The file checksum (MD5, SHA1, SHA2-256).

In order to promptly respond to errors associated with installation, uninstallation, and updating of the Platform and Software, and to record the number of users, the User agrees that the Software automatically provides to us:

• Information about the date of installation and activation of the software on the computer;
• Type of software installation on the computer (initial installation, updating, etc.) and an installation success flag or the installation error number;
• Identifier of the update job.

In order to increase the level of support, the User agrees that the Software automatically provides to us the following information about the results of testing software operability after applying of updates:

• Information about the set of all installed updates, and the set of most recently installed/removed updates;
• The type of event that caused the update information to be sent;
• Duration since the installation of last update;
• CPU and memory usage data.

To improve performance of the Platform and the Software, the User agrees that the Software automatically provides to us:

• Information about errors that occurred during operation of the software, the error type, code and time of occurrence, the ID of the task or update category during which the error occurred;
• Information about general run-time errors and abnormal termination of the software, including the creation date and time of the error, its type, the name of the process linked to the error, and any trace, log, or dump file related to the error;
• Information about software operation, including data on the processor (CPU) and memory usage, the length of time the software was in operation before the error occurred;
• Event identifiers (unexpected power-off, third-party application crash, errors of interception processing), date and time of the unexpected power-off;
• Information about third-party applications that caused the error, including the application name, version and localization, the error code and information about the error from the system log of applications, checksums (MD5, SHA1, SHA2-256) of the application's executable file, full path to application's executable file;
• Information on the status of computer protection, including the protection status code;
• Version of the Updater component, number of crashes of the Updater component while running update tasks over the lifetime of the component;
• ID of the update task, number of failed update attempts;
• Information about the software installed on the computer, including the name of the software and the name of its publisher, information about registry keys and their values, information about software components files, including checksums (MD5, SHA1, SHA2-256), name of a file, its path on the computer, size, version and digital signature;
• Information about hardware installed on the computer, including type, name, model name, firmware version, parameters of built-in and connected devices;
• Information about the last unsuccessful operating system restart, including the number of unsuccessful restarts.

The User agrees that the Software automatically provides to us the following information for all purposes mentioned above:

• Local time of the computer at the moment of the provision of information;
• The unique software installation identifier;
• Information about software installed on the computer, including the operating system version and service packs installed, version and checksums (MD5, SHA1, SHA2-256) of the operating system kernel file;
• Information about the computer's hardware, including but not limited to CPU architecture, RAM, hard drive size;
• Information used to uniquely identify the computer including the computer name, domain/workgroup name, User provided description, IP address(es), and MAC address(es).

In order to help Huntress Labs' authorized representatives identify potential security incidents, confirm an actual security incident, and/or provide further details to those responding to an incident, additional information will or may be collected. This includes, but is not limited to, the following:

• List of processes running on the computer and details about any loaded modules associated with those processes;
• Details for files associated with the running processes, including the file's attributes, size and checksums (MD5, SHA1, SHA2-256), creation/build date and time, change/modification date and time, autoplay status, names of packers, information about signatures, executable file flag, format identifier, and entropy, file name and full path, the file's digital signature and timestamp of its generation, the user the application is configured to run as, PE-file header information, name of the account from which the process is running, and names of any registry keys and the values and value data that are associated with the process;
• A file list from the directory where a suspicious/malicious file is or was located; including the name, file size, file change and/or modified date, and file checksums (MD5, SHA1, SHA2-256) of all the files within the directory;
• Files related to autostarting applications and/or processes and/or suspicious events that the Platform has not catalogued. In addition to the file contents, the following will also be collected: the name of the file being collected, the full path on the computer, the file size and file change and/or modified date, and the file checksum (MD5, SHA1, SHA2-256);
• List of drives and/or folders shared from the computer;
• List of local user accounts and user groups on the computer;
• Operating system security options to include password policies and account lockout restrictions;
• Network configuration details including, but not limited to, entries in the computer's hosts file, routing information, and network services;
• The computer's system log files and/or specific information about events in the computer's system logs, including the event's timestamp, the name of the log in which the event was found, type and category of the event, name of the event's source and the event's description;
• Information about the state of the computer's anti-virus protection, including the versions and release dates and times of the anti-virus databases being used, and if the anti-virus application is managed through the Platform, details about the anti-virus application's configuration and any events that it may have detected.

Securing the Transmission and Storage of Data

Huntress Labs is committed to protecting the security of the information it collects and processes. The information is stored on computer servers with limited and controlled access. Huntress Labs operates secure data networks protected by industry-standard firewall and password protection systems. Huntress Labs uses a wide range of security technologies and procedures to protect information from threats such as unauthorized access, use, or disclosure. Our security policies are periodically reviewed and enhanced as necessary, and only authorized individuals have access to the data that we process. Huntress Labs takes steps to ensure that your information is treated securely and in accordance with this Statement. Unfortunately, no data transmission can be guaranteed secure. As a result, while we strive to protect your data, we cannot guarantee the security of any data you transmit to us or from our services or software, including without limitation the Huntress.io website, and you use all the service at your own risk.

We treat the data we process as confidential information; it is, accordingly, subject to our security procedures and corporate policies regarding protection and use of confidential information. All Huntress Labs employees are aware of our security policies. Your data is only accessible to those employees who need it in order to perform their jobs. Huntress Labs does not combine the data stored by the Huntress service with any data, contact lists, or subscription information that is processed by Huntress Labs for promotional or other purposes.

D. USE OF THE DATA

Huntress Labs collects and processes the data described above along with other information collected by the system in order to analyze and identify potential security risks, and to improve the ability of Huntress Labs' services to detect malicious software and other types of computer security threats to provide the best possible level of protection to Huntress Labs' customers in the future.

Disclosure of Information to Partners

Huntress Labs may share collected executable files and libraries with anti-malware and security industry partners. The files can be analyzed by automatic tools and security analysts to detect malicious code and to improve antivirus engines and other security solutions. Huntress Labs only provides the file--no other information about the file is provided.

In order to promote awareness, detection and prevention of Internet security risks, Huntress Labs may share certain information with research organizations and other security software vendors. Huntress Labs may also make use of statistics derived from the information processed to track and publish reports on security risk trends.

E. DATA PRIVACY - RELATED INQUIRIES AND COMPLAINTS

Huntress Labs believes in your right to privacy. If you have any questions or concerns, please contact Huntress Labs by email: support@huntress.com.

We reserve the right to send infrequent alert messages to users to inform them of specific changes that may impact their ability to use our services that they have previously signed up for. We also reserve the right to contact you if compelled to do so as part of a legal proceeding or if there has been a violation of any applicable licensing, warranty or purchase agreements.

Huntress Labs is retaining these rights because in limited cases we feel that we may need the right to contact you as a matter of law or regarding matters that may be important to you. These rights do not allow us to contact you to market new or existing services if you have asked us not to do so, and issuance of these types of communications is rare.