This Policy explains your rights and choices related to the personal information we collect when:
- You interact with our websites, including www.sentinelone.com, support.sentinelone.com, app.scalyr.com, as well any other websites that we operate and that link to this Policy (our “Sites”);
- You visit, interact with, or use any of our offices, events, sales, marketing or other activities; and
- You use our platform, including software, mobile application, and other products and services (the “Solutions”)
This Policy does not cover:
- Applicant information. This Policy does not cover information related to our employment recruiting efforts. Please see our Applicant Privacy Statement for that information.
- Third Parties. This Policy does not apply to any products, services, websites, or content that are offered by third parties and/or have their own privacy statement.
SentinelOne determines the purposes for and means of the processing (i.e., we are the data controller) of your personal information as described in this Policy unless expressly specified otherwise.
Personal Information Collection
We may collect the following types of personal information:
- Business contact information, such as your first and last name, professional title, business affiliation and address, email, and phone number.
- Services account information, such as the Solutions you use, webinars and other events you sign up for, transactions, and business relationship information.
- Communications with us, including questions or inquiries you may send us, and any information that you create, input, submit, post, upload, transmit, store or display on our Sites.
We may also obtain personal information from other sources, including:
- Third parties, such as business intelligence services, event co-sponsors, and other data providers.
- Public sources, such as company websites and our pages on social media platforms.
How we Use Personal Information
We use personal information for the following purposes:
- SentinelOne Site. When you visit our Sites, we use personal information to interact with you, provide you relevant marketing data and information, contact you about our Solutions, personalize or customize your experience (based on preferences or geography, for example), conduct research (such as to test the performance and layout of our Sites), and to improve the content and availability of the Sites. If you interact with any publicly accessible blogs, community forums, comments sections, discussion forums, or other interactive features on our Sites, we may display any information that you post and that information might be read, collected, and used by others who access it.
- Administering the Solutions. If you subscribe or are exploring a subscription to our Solutions, we use personal information to create and administer your account, manage our business relationship, and communicate with you about the Solutions, including to send you notifications and keep you informed of any updates to the Solutions. We also analyze trends in the purchase and use of our Solutions to understand our customers’ needs and interests, recommend additional Solutions, forecast business needs, and to improve and develop our Solutions. We may accept payments on our Sites using a payment service provider. The information provided to the payment service provider in connection with payment and transactions is handled in accordance with the payment service provider’s terms and privacy policies.
- Testimonials. Where you permit us to share your experience with our Solutions, we may post testimonials on the Sites that may contain Personal Information. We obtain your consent to post your name along with your testimonial. If you wish to update or delete your testimonial, you can contact us at [email protected].
- Partners. If you partner with us to promote or provide the Solutions, including by using our Partner Portal, we use your information to maintain and administer our business relationship and to evaluate the performance of our partnership.
- Compliance and protection. We also use personal information to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities; protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims); audit our internal processes for compliance with legal and contractual requirements and internal policies; enforce the terms and conditions that govern our Solutions; and prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft.
- At your option. Other than as set out above, you will receive notice when personal information about you might be shared with third parties, and you will have an opportunity to choose not to share that information.
We will only use your personal information as described in this section if we have a valid legal ground for the processing under applicable laws. Our legal grounds for processing include: consent, where you have consented to the use of your personal information (including, where applicable, to receive marketing communications); legitimate interests, such as to promote, develop and improve our Sites and Services, to protect our legal rights, and to establish, exercise, or defend legal claims, provided that such interests are not overridden by your interests or your fundamental rights and freedoms; and legal obligations, including to comply with tax and accounting obligations. We may also process your personal information when necessary to protect your or another individual’s vital interests.
How We Share Personal Information
We share personal information with:
- Affiliates. All SentinelOne entities in the US and worldwide, for purposes consistent with this Policy.
- Service providers. Companies and individuals that provide services on our behalf or help us operate our Services (such as hosting, information technology, customer support, email delivery, and website analytics services). SentinelOne contractually requires all its third-party business partners with whom it shares personal information to take commercially reasonable steps and implement policies to safeguard your personal information, and to not use your personal information for any purpose other than to assist SentinelOne in serving its customers.
- Advertising vendors. Third party advertising companies, including for the interest-based advertising purposes described above, that can collect information on our Sites through cookies and other automated technologies.
- Third parties. We may also share your personal information with business partners and third parties, such as event sponsors when you attend one of our events, that may want to market products or services to you. If we share personal information with such unaffiliated third parties for their own marketing purposes, we provide you with an opportunity to opt out of such uses either at the point of collection or through the choice mechanisms set forth in this Policy.
- Professional advisors. Professional advisors, such as lawyers, auditors, bankers, and insurers, in the course of the professional services that they render to us.
- Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
- Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale, or other disposition of all or any portion of the business or assets of, or equity interests in, SentinelOne (including in connection with a bankruptcy or similar proceedings). We may assign or transfer this Policy, as well as your account and related information and data, including any personal information, to any person or entity that acquires all or substantially all of our business, stock or assets, or with whom we merge.
SentinelOne does not sell the personal information we collect as “sale” is defined in Virginia, Nevada, Colorado, and California.
The Sites may include links to third-party sites, products or services. Please note that your access to and use of these third-party sites, products or services may result in the collection of or sharing of your information, including personal information. These third parties have separate and independent privacy policies, and we are not responsible or liable for your interactions with such third-parties (as further described in our Master Subscription Agreement). The option to link to such third-party sites, products or services is not an endorsement or representation regarding any third-party sites, products or services, and we encourage you to review and understand such third-parties privacy policies.
SentinelOne protects devices, workloads, and endpoints at scale. The SentinelOne Agent enables this protection by deploying agents to locations across customer environments, monitoring those locations, and then sending the relevant information to the Singularity XDR Management Console where customers can visualize, detect, and respond directly to events. And for devices on the move, Singularity Mobile provides AI-powered full-device protection to all three major mobile platforms, sending information to the same SentinelOne Management Console. Our agents and mobile solution help identify not just malicious activity but also associated events in order to provide customers with the complete Storyline picture of a suspected or actual compromise. And because hackers are constantly evolving their tactics, techniques, and procedures, SentinelOne monitors vast amounts of machine metadata to help ensure malicious activity is not only caught but is also contextualized and traceable. The overwhelming majority of this metadata is machine generated and contains non-attributable data such as process ID, operating system version, information about applications, and command line arguments. In limited situations however, file names, and generalized location inferred from public IP addresses of the endpoint where the metadata is located are collected. This personal information is almost exclusively considered Customer Data and is collected on behalf of customers in accordance with the directions provided to us in the Data Protection Addendum.
In addition to Customer Data, we also collect and process System Data to provide the Solutions. System Data is information that we collect or generate during the provision and administration of the Solutions and related technical support. System Data consists of:
- Technical and Operational Data. This is information about the Solutions you are using and about the systems and related environment from which you access the Solutions. Examples include agent type and version, license information, UUID, and third-party systems used in connection with the product.
- Console Data. This is information about your usage of the Management Console. Examples include configuration settings, dashboards, user roles, authentication credentials, and other administrative settings.
- Feature Usage Data. This is information about how the Solutions are used. Examples include details about which features are used and user interface metrics.
- Threat Data. This is information about threats and potential threats identified on endpoints. Examples include malware, URLs, processes or techniques, metadata, or other data that is potentially related to unauthorized third parties.
System Data is processed to deliver the Solutions that you and our other customers request. We use System Data to help us improve the performance and functionality of the Solutions, including Threat Data specifically which is used in our proprietary machine learning engines to detect and protect endpoints autonomously from malicious activity. Any limited personal information contained within System Data is never incorporated into the Solutions, nor is it used to contact or market products or services.
SentinelOne maintains (and requires its service providers to maintain) appropriate organizational and technical measures designed to protect against unauthorized access, alteration, disclosure or destruction of personal information, taking into account the nature of the personal information and the processing, and the threats posed. We are constantly working to improve on these safeguards to help keep your personal information secure, however no security procedures or protocols are ever guaranteed to be 100% secure, and as such we do not guarantee the security of any personal information you provide to us or third parties.
International Transfer of Information Collected
SentinelOne is a U.S.-based company which operates globally. When you interact with our Sites, you provide your personal information to us in the United States. We transfer the personal information we receive to our affiliates and third parties as described in the How We Share Personal Information section above. We operate globally and our affiliates and the third parties with which we share information are based in the United States, European Union, and in other countries around the world, some of which may not have laws that provide equivalent protections for personal information as the laws in the countries in which you reside. We implement appropriate safeguards in accordance with applicable law to protect the information we transfer, including by using European Commission approved standard contractual clauses. For more information on how we transfer and safeguard your information, please contact us at [email protected].
Unsubscribe from marketing communications. You can unsubscribe from marketing-related communications by following the instructions at the bottom of the emails you receive from us or by contacting us as provided in the Contact Us section below. If you do so, you will continue to receive service-related and other non-marketing communications until you cease using our Services linked to those service updates.
Privacy rights. Depending on your location, you could be entitled to submit the following requests about your personal information:
- Access. Request that we provide you with information about our processing your personal information and give you access to your personal information.
- Deletion. Request that we delete the personal information that we maintain about you.
- Correction. Request that we update or correct inaccuracies in your personal information.
- Transfer. Request that we transfer a machine-readable copy of your personal information to you or a third party that you designate.
- Restriction. Request that we restrict the processing (including sharing) of your personal information.
- Objection. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
To exercise all other choices described above, please contact us at [email protected]. To avoid security breaches, we will need to authenticate your identity before we respond to the request and to assess whether these rights apply to you. Additionally, applicable law can limit these rights, for example, by prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. While we endeavor to satisfy the requests we receive, if you are unsatisfied with our response, you may have the right to complain to a privacy or data protection regulator in your country.
Children’s Personal Information
Our Solutions are not intended for use by children. If you have reason to believe that a child has provided personal information to us, please contact us at [email protected]. We will use commercially reasonable efforts to delete such personal information.
U.S. State Privacy Laws
Some U.S. state privacy and data protection laws like the California Consumer Privacy Act (CCPA) and Virginia Consumer Data Protection Act (VCDPA) require specific disclosures for state residents. If you are a resident of a state that has imposed specific privacy requirements, please refer to our U.S. State Privacy Notice.
We retain personal information for as long as necessary to fulfill the purposes for which we collect it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we process personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Changes to This Policy
If there are any material changes to this Policy, you will be notified by our posting of a prominent notice on our Sites prior to the change becoming effective or as otherwise required by law. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of our Sites constitutes your agreement to be bound by such changes to this Policy.
If you have questions regarding this Policy or about our privacy practices, please contact us by email at [email protected] or at:
444 Castro St., Suite 400,
Mountain View, CA 94041, United States
You may also send your questions or concerns regarding our privacy practices to our data protection officer by email at [email protected].
English Version Controls
Non-English translations of this Policy are provided for convenience only. In the event of any ambiguity or conflict between translations, the English version is authoritative and controls.