Privacy Policy

Scope of This Policy and Where to Send a Request

DigitalStakeout acts on privacy requests only for information it controls directly, and only where the request is verified and in scope. Requests that fall outside that scope are not handled by DigitalStakeout and are closed without action. Use the table below to identify the correct party.

If your request concerns…	Send it to…
Your DigitalStakeout account, billing, support, marketing, or website use	DigitalStakeout, at privacy@digitalstakeout.com
Information processed inside a customer’s private tenant	The customer that controls that processing. DigitalStakeout does not act on, forward, or mediate the request.
Information published or held by an independent website, platform, agency, or data source	The source operator that controls the original record. DigitalStakeout cannot remove or alter it.

1. About This Privacy Policy

DigitalStakeout, Inc. (“DigitalStakeout,” “we,” “us,” or “our”) provides business-to-business security intelligence, risk intelligence, monitoring, investigation, and related software and services (the “Services”).

This Privacy Policy explains how DigitalStakeout collects, uses, discloses, and protects personal information in connection with:

• DigitalStakeout websites, portals, applications, and other online properties that link to this Privacy Policy;
• customer accounts, sales, billing, support, and other direct business interactions with DigitalStakeout; and
• information processed through the DigitalStakeout platform on behalf of our customers.

An important distinction exists between information DigitalStakeout controls for its own business purposes and information DigitalStakeout processes at the direction of a customer. The privacy rights process applicable to each category is different, and is described in Section 12.

This Privacy Policy does not govern the independent privacy practices of DigitalStakeout customers, publishers, social networks, website operators, data providers, public-record custodians, or other third parties.

2. Our Different Privacy Roles

DigitalStakeout processes information in several distinct roles.

Information DigitalStakeout Controls Directly

DigitalStakeout acts as the business or controller for personal information collected through our own websites and direct business relationships, including account-registration information, business contact information, support communications, billing records, website usage information, and marketing preferences. DigitalStakeout is responsible for responding to applicable privacy requests concerning this information.

Customer-Directed Information

When a customer configures the DigitalStakeout platform to monitor, collect, retrieve, analyze, classify, store, or alert on information for the customer’s security or intelligence purposes, the customer determines the purpose and scope of that processing. For this information, the customer generally acts as the business or controller, and DigitalStakeout acts as its contracted service provider, contractor, or processor. DigitalStakeout processes such information according to the customer’s configuration, documented instructions, agreement, and applicable law.

Independent Source Information

Information retrieved through the Services may originate from independent websites, platforms, publishers, public records, repositories, customer-connected systems, data services, or other third-party sources. Those source operators independently control their original systems and records. DigitalStakeout does not own or control the original information maintained by those sources.

3. DigitalStakeout Is Not a Consumer Data Broker

DigitalStakeout is a security technology and contracted data-processing provider. DigitalStakeout does not operate a consumer data-brokerage business. In particular, DigitalStakeout does not:

• maintain a universal consumer-profile repository for sale or licensing to unrelated third parties;
• sell lists or profiles of individuals for advertising, direct marketing, or third parties’ unrelated commercial purposes;
• sell or share personal information for cross-context behavioral advertising;
• combine information from separate customer tenants to create consumer profiles for DigitalStakeout’s independent commercial use;
• use customer-directed intelligence information to market products or services to the individuals appearing in that information; or
• make a customer’s private monitoring data, searches, entities, alerts, investigations, or results available to other customers.

Customers pay DigitalStakeout for access to security software, collection infrastructure, processing, classification, analytics, storage, alerting, integrations, and related services. They are not purchasing a transferable DigitalStakeout-owned database of consumer profiles. Information may be processed, indexed, cached, classified, or retained within a customer’s private tenant as necessary to provide the contracted Services; that tenant-specific processing does not create a general-purpose, cross-customer consumer database for resale.

Nothing in this section limits any privacy right that applies under applicable law.

4. What “First-Party Collection” Means

DigitalStakeout may use the term “first-party collection” in descriptions of its technology. In this context, “first-party collection” means that DigitalStakeout operates collection technology that retrieves information directly from relevant sources instead of merely reselling a prepackaged third-party intelligence feed.

It does not mean that every person mentioned in collected content has a direct consumer relationship with DigitalStakeout. It also does not mean DigitalStakeout owns, controls, or can modify information maintained by the original source.

5. Customer-Directed Collection and Private Tenants

DigitalStakeout customers configure the entities, assets, people, organizations, locations, domains, keywords, queries, sources, rules, and risk conditions relevant to their authorized security operations.

Depending on the Services used, DigitalStakeout may retrieve and process information from publicly accessible or otherwise lawfully accessible sources, including websites, social platforms, forums, blogs, public records, security sources, dark-web sources, breach-related sources, customer-provided systems, and customer-selected integrations. DigitalStakeout may normalize, enrich, index, correlate, classify, summarize, store, and alert on that information within the customer’s private tenant.

Each customer is responsible for:

• determining its lawful purpose and legal basis for using the Services;
• configuring the scope of its collection and monitoring;
• providing any notices required by law;
• limiting access to authorized users;
• responding to privacy requests for which the customer is the business or controller; and
• complying with laws applicable to its investigations, monitoring, security activities, and use of intelligence.

DigitalStakeout does not independently determine whether a customer should investigate or monitor a particular individual. DigitalStakeout supports applicable privacy requests concerning customer-directed information only upon verified instructions from the responsible customer or as otherwise required by law.

6. Independent Third-Party Sources

The Services may connect to, query, retrieve from, or display information originating from independent sources. These may include websites, publishers, social networks, public agencies, registries, repositories, search services, data services, APIs, customer systems, and other online or offline sources. DigitalStakeout does not control those sources and ordinarily cannot:

• delete or suppress information in the source system;
• correct the source’s records;
• change a source’s privacy settings;
• remove a page, post, profile, public record, breach record, or search result from the internet;
• prevent the source from collecting or publishing information in the future; or
• require an independent source to honor a request submitted to DigitalStakeout.

A request sent to DigitalStakeout does not remove information from its original source. Requests concerning original source information must be directed to the operator, publisher, custodian, platform, or organization that controls that source.

Where DigitalStakeout has been separately engaged by a customer to provide a remediation or removal service, DigitalStakeout may submit requests to an independent source on the customer’s behalf. Such services are performed only under the customer’s instructions and do not give DigitalStakeout control over the source or guarantee that the source will remove the information.

7. Information We Collect Directly

DigitalStakeout may collect the following information through its websites and direct business relationships.

• Business and Contact Information. Name, business email address, telephone number, job title, employer, mailing address, and information submitted through a contact form, request for information, demonstration request, or other communication.
• Account Information. Username, account identifier, organization, role, permissions, authentication information, security settings, product preferences, and account activity.
• Transaction and Billing Information. Subscription information, invoices, payment status, billing contact information, and transaction records. Payment-card information may be processed directly by a payment processor rather than stored by DigitalStakeout.
• Support and Communications Information. Support tickets, emails, meeting records, product feedback, technical requests, and other communications with DigitalStakeout.
• Website and Technical Information. IP address, browser type, device type, operating system, referring page, pages viewed, timestamps, session information, security logs, diagnostic information, and similar technical data.
• Customer Configuration Information. Entities, assets, alert rules, source selections, integrations, user settings, reports, and other configurations supplied by a customer or its authorized users.
• Security and Anti-Abuse Information. Information necessary to authenticate users, investigate suspected abuse, prevent unauthorized access, enforce agreements, protect the Services, and maintain the security and integrity of our systems.

DigitalStakeout collects this information from you directly, from your organization and its authorized users, from your devices and browsers as you use the Sites and Services, and from service providers that support our operations.

8. How We Use Information We Control

DigitalStakeout may use information it controls directly to:

• create and administer customer accounts;
• provide, maintain, secure, and improve the Services;
• authenticate users and manage permissions;
• process subscriptions, payments, and invoices;
• communicate about accounts, transactions, support, security, and product changes;
• respond to inquiries and demonstration requests;
• provide business-to-business marketing communications, subject to applicable opt-out rights;
• monitor performance and diagnose technical problems;
• prevent fraud, abuse, unauthorized access, and security incidents;
• enforce our agreements and policies;
• comply with legal obligations and valid legal process; and
• establish, exercise, or defend legal claims.

Where permitted, DigitalStakeout may use aggregated or deidentified operational information to measure system performance, improve service reliability, and understand general product usage. DigitalStakeout maintains and uses deidentified information only in deidentified form, does not attempt to re-identify it except to test that deidentification, and contractually obligates recipients to the same. DigitalStakeout does not use this process to create identifiable, cross-customer profiles of individuals appearing in customer intelligence data.

9. How We Disclose Information

DigitalStakeout may disclose information in the following circumstances.

• Customer Organizations. Account activity and customer-directed information may be available to the customer organization and its authorized administrators and users.
• Service Providers and Subprocessors. DigitalStakeout may use service providers for hosting, infrastructure, communications, payment processing, analytics, customer support, security, and other operational functions. These providers may process information only as necessary to perform contracted services and are subject to appropriate contractual restrictions. A current list of subprocessors used to provide the Services is available on request and as described in the applicable agreement or Data Processing Addendum.
• Customer-Directed Integrations and Sources. When a customer activates an integration, lookup, transform, connection, or third-party source, DigitalStakeout may transmit the query, identifier, technical information, or other data necessary to perform the customer’s requested operation.
• Legal and Safety Purposes. DigitalStakeout may disclose information when reasonably necessary to comply with law, regulation, subpoena, court order, or other valid legal process; protect legal rights; investigate fraud or abuse; protect the security of the Services; or address a threat to the safety of a person or organization.
• Corporate Transactions. Information may be transferred in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar corporate transaction, subject to applicable legal requirements.
• With Your Direction or Consent. DigitalStakeout may disclose information when you or the responsible customer directs us to do so or otherwise provides valid consent.

10. No Sale or Targeted Advertising

DigitalStakeout does not sell or share personal information that it controls directly for cross-context behavioral advertising. DigitalStakeout does not provide customer-directed intelligence data to advertising networks or use such information to advertise products or services to the individuals appearing in that data.

Because DigitalStakeout does not engage in these practices, there is no sale or targeted-advertising activity to opt out of with respect to information DigitalStakeout controls directly. Where DigitalStakeout receives a recognized opt-out preference signal, such as Global Privacy Control, it is treated consistently with this position to the extent required by applicable law.

A request labeled “Do Not Sell My Information” does not require DigitalStakeout to remove information from an independent source or independently modify information processed for a customer within the customer’s private tenant.

11. Cookies and Similar Technologies

DigitalStakeout may use cookies and similar technologies that are necessary to operate its websites and Services, authenticate users, maintain sessions, remember preferences, protect accounts, measure website performance, and diagnose technical issues.

You may control certain cookies through your browser or available consent-management tools. Disabling necessary cookies may prevent parts of the Sites or Services from functioning correctly. DigitalStakeout does not use customer-directed intelligence information for cross-context behavioral advertising.

12. Privacy Requests: Scope and Handling

DigitalStakeout evaluates and acts on a privacy request only where DigitalStakeout is the controller of the information and the request is verified and in scope. A request that does not meet those conditions is outside the scope of this Policy and of DigitalStakeout’s obligations. DigitalStakeout does not respond to, act on, acknowledge, forward, or mediate requests that are out of scope, misdirected, unverifiable, frivolous, or manifestly unfounded, excessive, or repetitive, and may close them without further action. Before acting on any request, DigitalStakeout may require verification of identity, authority, jurisdiction, and relationship to the information, and may require an authorized agent to provide proof of authorization.

In Scope — Information DigitalStakeout Controls Directly

DigitalStakeout will evaluate verified requests concerning information you provided directly to DigitalStakeout — your DigitalStakeout account, business contact information, support communications, billing information, or marketing preferences — and will respond as required by applicable law. Submit these requests to privacy@digitalstakeout.com.

Out of Scope — Information in a Customer’s Private Tenant

Information processed within a customer’s private tenant is controlled by that customer, not by DigitalStakeout. DigitalStakeout is bound by confidentiality obligations to its customers and will not search, access, review, disclose, correct, or delete any customer’s tenant in response to a request from any person who is not that customer. DigitalStakeout will not confirm or deny whether any customer has searched for, monitored, investigated, or holds information about any individual. Requests concerning tenant information must be directed to the customer that controls it. DigitalStakeout does not act on, forward, or mediate such requests, and acts on tenant information only on the verified instruction of the responsible customer or as required by valid legal process.

Out of Scope — Information Held by an Independent Source

DigitalStakeout does not control independent websites, publishers, platforms, government agencies, registries, repositories, or data providers, and cannot delete, correct, or suppress information in those source systems. A request to DigitalStakeout does not remove information from its original source. Requests concerning source information must be submitted directly to the source that controls the record. DigitalStakeout does not act on or forward such requests.

Requests DigitalStakeout Does Not Act On

A generalized request such as “delete me from your database” that does not identify a DigitalStakeout account or direct interaction, a specific record DigitalStakeout controls, or another legally sufficient basis for DigitalStakeout to act is not a valid instruction to search, disclose, alter, or delete information in any customer tenant or any independent source. To the extent permitted by applicable law, DigitalStakeout closes such requests — together with requests it cannot verify and requests that are frivolous, manifestly unfounded, excessive, or repetitive — without further action. Closing a request does not limit any right the requester may pursue directly with the responsible customer or source.

DigitalStakeout will not discriminate against an individual for exercising a privacy right that applies under applicable law to information DigitalStakeout controls directly.

13. U.S. State Privacy Rights

Several U.S. states provide residents with privacy rights. These rights apply to information for which DigitalStakeout is the business or controller, and they apply only as provided by, and subject to the exceptions in, the applicable state law. Most state privacy laws, including the Georgia Consumer Privacy Protection Act, do not treat information about individuals acting in a commercial or employment context (business-to-business contacts) as covered “consumer” personal data. For information processed on behalf of a customer, the customer is the controller and requests should be directed to that customer as described in Section 12.

Subject to applicable law and verification, eligible residents may have the right to: confirm whether we process their personal information and access it; correct inaccurate personal information; delete personal information; obtain a portable copy; and opt out of sale, targeted advertising, or certain profiling. As stated in Section 10, DigitalStakeout does not sell personal information it controls directly and does not use it for targeted advertising. To exercise a right concerning information DigitalStakeout controls directly, contact privacy@digitalstakeout.com.

14. Exceptions to Deletion and Other Requests

DigitalStakeout may retain or continue processing information where permitted or required for purposes such as:

• completing a transaction or providing a requested service;
• maintaining account and system security;
• detecting and preventing fraud or abuse;
• preserving evidence of security events;
• complying with legal and contractual obligations;
• responding to valid legal process;
• exercising or defending legal claims;
• maintaining records of privacy requests;
• protecting the rights or safety of others; or
• maintaining information in backups until it is deleted through the ordinary backup lifecycle.

Public availability alone does not determine every privacy obligation. DigitalStakeout evaluates requests according to the applicable law, its role concerning the information, and the purpose for which the information is processed.

15. Retention

DigitalStakeout retains information it controls directly for as long as reasonably necessary to provide the Services, administer business relationships, maintain security, comply with law, resolve disputes, enforce agreements, and support legitimate business operations.

Customer-directed information is retained according to the customer’s configuration, subscription, agreement, data-processing terms, and documented instructions. Following termination, customer data is returned, made available for export, retained, or deleted according to the applicable agreement and backup lifecycle. DigitalStakeout may retain limited records necessary to demonstrate compliance, maintain security, investigate abuse, or establish and defend legal claims.

16. Security

DigitalStakeout maintains administrative, technical, and physical safeguards designed to protect information against unauthorized access, acquisition, loss, misuse, alteration, or disclosure. No security system or transmission method can be guaranteed to be completely secure. Customers are responsible for maintaining the confidentiality of their credentials, configuring appropriate permissions, and promptly reporting suspected unauthorized access.

17. International Processing

DigitalStakeout is based in the United States, and information may be processed in the United States or other locations in which DigitalStakeout or its service providers operate. Where applicable law requires an international-transfer mechanism, DigitalStakeout uses appropriate contractual or other recognized safeguards. For customer-directed information, the customer is responsible for determining whether its use of the Services involves an international transfer and for working with DigitalStakeout to implement any required data-processing terms.

18. European Economic Area, United Kingdom, and Similar Jurisdictions

For information DigitalStakeout controls directly, the legal bases for processing may include performance of a contract, compliance with legal obligations, DigitalStakeout’s legitimate interests in operating and securing its business, and consent where required. Individuals may have rights to access, correct, erase, restrict, object to processing, or receive a portable copy of applicable personal information, and may have the right to lodge a complaint with their local data-protection authority.

When DigitalStakeout acts as a processor for a customer, requests relating to customer-directed information should be submitted to that customer as controller. DigitalStakeout will assist the customer according to applicable law and the parties’ agreement.

19. Sensitive Information

Some Services may, under a customer’s direction, process information that is treated as sensitive under applicable law. DigitalStakeout processes such information only to provide the contracted Services, only on the responsible customer’s instructions, and subject to applicable law and contractual controls. For information DigitalStakeout controls directly, it limits its collection and use of sensitive personal information to what is necessary to authenticate users, secure accounts, and provide the Services.

20. Children

DigitalStakeout’s websites and Services are intended for organizations and authorized professional users. They are not directed to children, and DigitalStakeout does not knowingly allow children to create customer accounts or knowingly collect personal information from children through its own websites.

Customer-directed security processing may incidentally involve lawfully accessible information relating to minors. In those circumstances, DigitalStakeout acts as a processor, processes the information only under the responsible customer’s documented instructions, and applies applicable law and contractual controls. Requests concerning such information should be directed to the responsible customer as described in Section 12.

21. Data Processing Terms

Where DigitalStakeout acts as a processor or service provider, the processing is governed by the parties’ agreement and, where applicable, a Data Processing Addendum that addresses the subject matter and duration of processing, the nature and purpose of processing, the categories of data and data subjects, the parties’ obligations, subprocessing, and any required international-transfer mechanisms. Customers may request the applicable Data Processing Addendum and the current list of subprocessors through their account contact.

22. Changes to This Privacy Policy

DigitalStakeout may update this Privacy Policy to reflect changes in its Services, practices, or legal obligations. The updated version will be posted with a revised effective date. Where required, DigitalStakeout will provide additional notice of material changes.

23. Contact Information

For privacy questions or requests involving information DigitalStakeout controls directly, contact:

DigitalStakeout, Inc.
Email: privacy@digitalstakeout.com
Mail: 234 Morrell Road, Suite 360, Knoxville, Tennessee 37919

Requests involving customer-directed information should be submitted to the DigitalStakeout customer responsible for the processing. Requests involving an independent source should be submitted directly to that source.