Privacy Statement and Cookie Policy
General
RiskApp provides its customers with a proactive, risk-based application security platform. We enable organizations to adopt a risk-based approach to their AppSec programs, offering customizable risk scoring, real-time metrics, and tailored scenario plans to address application security risks effectively (the “RiskApp Platform” or the “Service”).
RiskApp, Inc., RiskApp B.V. and any other legal entities comprising RiskApp (together: RiskApp) may collect your personal data when you visit our website, use our RiskApp Platform, order or purchase RiskApp products or services, use our apps, and/or when you are in contact with RiskApp. This Privacy Statement applies to the collection and processing of personal data of customers and users of RiskApp’s Platform and users of RiskApp websites, social media channels, and apps (hereafter: "you").
RiskApp, Inc., RiskApp B.V. and any other legal entities comprising RiskApp (together: RiskApp) may collect your personal data when you visit our website, use our RiskApp Platform, order or purchase RiskApp products or services, use our apps, and/or when you are in contact with RiskApp. This Privacy Statement applies to the collection and processing of personal data of customers and users of RiskApp’s Platform and users of RiskApp websites, social media channels, and apps (hereafter: "you").
RiskApp prioritizes the protection and security of your personal data. We will process your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable local privacy laws.
RiskApp may amend this Privacy Statement periodically. The latest version is always available at www.riskapp.com under “Privacy Statement” at the bottom of the website. We recommend reviewing this Privacy Statement regularly, particularly before sharing your personal data with RiskApp.
This Privacy Statement was last updated in November 2024.
Privacy Principles of RiskApp
RiskApp processes and stores personal data according to the following principles:
Legal Compliance
RiskApp processes and stores personal data in accordance with GDPR and other applicable regulations.
Transparency
RiskApp is open about the data it collects and how it is used
Data Minimization
We only process personal data that is relevant and necessary to provide our services.
Security
RiskApp employs technical and organizational measures to protect your data from unauthorized access, loss, or misuse.
Privacy by Design
Privacy considerations are incorporated into our product and service development processes.
Accountability
RiskApp assists customers, employees, and other stakeholders in understanding their data rights and provides clear information about data processing practices.
Who is Responsible for Processing Your Data?
RiskApp is responsible for processing personal data collected through its website. Our contact details are available at the end of this Privacy Statement.When data is processed within the RiskApp Platform, our customers are considered data controllers, and RiskApp acts as a data processor on their behalf. More details about our role as a data processor are provided in Part 2 of this statement.
Why Do We Collect Your Data?
RiskApp collects personal data to:
Offer RiskApp products and services.
Provide access to the RiskApp Platform, websites, and apps.
Respond to customer inquiries and manage requests.
Send newsletters (subject to your consent).
Comply with legal obligations.
Promote office security (e.g., through access control or camera monitoring).
Conduct research and feedback collection (with your prior consent).
What Personal Data Does RiskApp Collect?
RiskApp may collect:
Contact details: name, email address, phone number, and address.
Identification details: date.
Office security data: camera footage to ensure the safety of staff and visitors.
Customer service data: call recordings and correspondence for training and quality improvement.
Platform usage data: IP addresses, browser types, pages visited, and session details for diagnostic purposes.
Newsletter and Marketing Communications
With your consent, RiskApp may send you updates on products, promotions, or other activities. You can opt out at any time by:
Clicking the ‘unsubscribe’ link at the bottom of RiskApp emails.
Adjusting your preferences in your RiskApp account.
Emailing us at hello@riskapp.io
Legal Basis for Processing Personal Data
RiskApp processes your data based on:
Contractual Necessity
To deliver services or products you’ve requested.
Legitimate Interests
For marketing, product improvement, and customer service.
Consent
For sending promotional materials.
Legal Obligations
RiskApp employs technical and organizational measures to protect your data from unauthorized access, loss, or misuse.
Privacy by Design
To comply with applicable laws and regulations.
Retention Periods
RiskApp stores personal data only as long as necessary for the purpose for which it was collected. For example:
Marketing data is retained for up to two years after your last interaction with RiskApp.
Invoices are retained for at least seven years, in compliance with tax laws.
Sharing Personal Data with Third Parties
RiskApp does not share your personal data unless necessary for service delivery or legal compliance. Third parties may include:
Service providers (e.g., IT, hosting).
Marketing and analytics partners.
Legal authorities, when required by law.
All third-party processing is governed by Data Processing Agreements, ensuring compliance with GDPR.
Cookie Policy
RiskApp uses cookies to enhance your experience on its website and the RiskApp Platform. These include:
Necessary Cookies
Enable core functionality of the Service.
Preference Cookies
Remember your settings (e.g., language preferences).
Analytics Cookies
Provide insights into website performance.
You can manage cookies through your browser settings or opt-out of analytics cookies.
Your Privacy Rights
You have the right to:
Access your data.
Correct inaccuracies.
Request data deletion.
Restrict processing.
Transfer data to another controller.
Object to processing based on legitimate interests.
To exercise your rights, email hello@riskapp.io
Contact
For questions or concerns regarding your privacy, please contact us:
Postal Address
Company Registration Number
Part 2: Processing as a Data Processor
When acting as a data processor, RiskApp processes personal data on behalf of its customers, who act as data controllers. If you wish to exercise your rights regarding data processed within the RiskApp Platform, please contact the relevant customer (e.g., your employer).
For additional support, you can contact RiskApp at hello@riskapp.io.