your privacy is important to us. Accordingly, we’re providing this Privacy
Policy to explain our practices regarding the collection, use and disclosure of
personal information in respect of the individuals with whom we interact,
including those who access and use our website at [INSERT URL]  (which is
composed of numerous websites and webpages operated by us) [INSERT DESCRIPTION OF SERVICES] (collectively,
the “Services“).


Privacy Policy is incorporated into and subject to our Terms of Service (“Terms“) [INSERT URL]. Capitalized terms used but not defined herein shall be
as defined in the Terms.

Please note,
however, that if you are using the Services on behalf of
a company,
partnership, association, government or any entity or organization (“Organization”)
, your use of the Services may be subject to
an applicable enterprise agreement, between you and us pertaining to your or
your authorized users’ use of the Services (“Enterprise Agreement“). In this event, the terms of the
Enterprise Agreement (including as to our collection, use and disclosure of
personal information) will prevail to the exclusion of this Privacy Policy
(except as otherwise set forth in the Enterprise Agreement).

Privacy Policy applies to your access to and use of the Services made available
to you (the individual or Organization engaging the Services, “you”, “your”) by YellowHat Technology Inc. (“YellowHat”) and any of its subsidiaries or affiliates
(collectively, “YellowHat”, “we”, “us”, “our”), and
otherwise to individuals with whom we interact. This Privacy Policy does not
apply to any third-party websites, services or applications, even if they are
accessible through our Services.

Any information
that we collect is subject to the privacy policy in effect at the time that
personal information is collected. We may, however, modify and revise this
Privacy Policy from time to time. If we make any changes to this Privacy
Policy, we’ll notify you of those changes by posting them on our website or by
sending you an email or other notification, and we’ll indicate when those
changes will become effective.

strongly encourage you to refer to this Privacy Policy often for the latest
information about our personal information policies and practices. If you have
any questions about this Privacy Policy or don’t see your concerns addressed
here, you should contact us by email at [INSERT

It is YellowHat’s
policy to comply with the privacy legislation within each jurisdiction in which
we operate. Sometimes the privacy legislation and / or an individual’s right to
privacy are different from one jurisdiction to another. Consequently, the
rights and obligations contained in this Privacy Policy may not be available to
all individuals or in all jurisdictions.
If you are unsure if or how this Privacy Policy applies to you, please
contact our Privacy
 Officer for more information. 


The term
“personal information” means information about an identifiable individual, including
name, address, email address, and other information about an individual.

For the
purposes described in this Privacy Policy, we may collect and maintain
different types of personal information in respect of the individuals with whom
we interact. This includes:

submitted by you, which may include, but is not limited to: first and last
name, email address and telephone number;

Log data,
which may include, but is not limited to: Internet Protocol (IP) address,
browser type, operating system, the web page that you visited before accessing
our Website, the pages or features of our Website to which you browsed and the
time spent on those pages or features, search terms, the links on our Website
that you clicked on and other statistics; and

sent by your device: device identifier, user settings, operating system, as
well as information about your use of our Website.


We may
also collect market-related information, which may include personal
information, concerning market trends and activities impacting our business.
This information may include contract terms, financial information and other
information for the purpose of market analysis and strategic planning. We may
also collect information related to our media, investor and public relations
activities and information related to our interactions with financial and other
analysts and advisors.  


As a general rule, YellowHat collects personal
information directly from you.

In addition to the above, any information we
collect or that you provide directly to us may be de-identified or aggregated
with the information of other users in order to gain an understanding of the
usage habits and preferences of our users and to assist us with the selection
and adjustment of future content and features for the Website.

From time to time, we may utilize the services
of third parties in our business and may also receive personal information
collected by those third parties in the course of the performance of their
services for us or otherwise. Where this is the case, we will take reasonable
steps to ensure that such third parties have represented to us that they have
the right to disclose your personal information to us.

Where permitted or required by applicable law
or regulatory requirements, we may collect information about you without your
knowledge or consent.


We may collect personal information from you
for a variety of purposes, including
[LEGAL4] to:

facilitate and process the delivery of Services by us to you;

establish, maintain and manage our relationship with you;

enforce our Terms or any other agreement between you and us;

review and improve the Services that we provide to you;

comply with your requests;

enable us to provide certain security and privacy safeguards;

deal with security, debugging and technical support issues;

protect us against error, fraud, theft and damage to our goods
and property; and

comply with applicable law or regulatory requirements.


Related to the Services

When you
elect to register for the Services, you will be required to provide us with
your contact information. We use this information to: (a) create your account
during the registration process; (b) manage your account; and (c) to help us
efficiently provide the Services. Additionally, in order to provide you with
the Services, we will access and store information and data from your accounts.
To the extent you add authorized users to your account (“Authorized Users“), we may collect
information that you provide to us regarding those Authorized Users.

servers may automatically record your log data. We use this information to
administer the Services and we analyze (and may engage third parties to
analyze) this information to improve and enhance the Services by expanding
their features and functionality and tailoring them to your needs and preferences.

We also
use your personal information to contact you in connection with your use of the
Services. We may use also use your personal information to tailor our Services
to your interests and to track your compliance with our policies and terms.

Questions and Comments

You may
also provide us with feedback or a comment, question or complaint. We use this
information to respond to you and may retain this information to assist you in
the future. We also may use your feedback, comments, questions or complaints to
monitor and improve our Services.

Polls and Customer Research

time to time, we may offer you the opportunity to participate in one of our
surveys, polls or other customer research. The information obtained through our
surveys and customer research is used in an aggregated form. We use this
information to help us understand activities engaged through our Services and/or
to enhance our Services offerings, promotions and events.


time to time, we may also use your personal information to send you email or
other communications that may be of interest to you and to tailor
communications to your interests. You may opt out of any communications, other
than communications necessary as part of any Services you use, by using the
“Unsubscribe” mechanism or otherwise contacting us as set out in the
“How to Contact Us” section below.

Collected Using Cookies and other Web Technologies

Services uses automated data collection tools such as Cookies to collect certain
information. “Cookies” are small text files that are placed on your hard drive
by a web server when you access our Services. We may use both session Cookies
and persistent Cookies to identify that you’ve logged in to the Services and to
tell us how and when you interact with our Services. We may also use Cookies to
monitor aggregate usage and web traffic routing on our Services and to
customize and improve our Services. Unlike persistent Cookies, session Cookies
are deleted when you log off from the Services and close your browser. Although
most browsers automatically accept Cookies, you can change your browser options
to stop automatically accepting Cookies or to prompt you before accepting
Cookies. Please note, however, that if you don’t accept Cookies, you may not be
able to access all portions or features of the Services. Some third-party
services providers that we engage (including third-party advertisers) may also
place their own Cookies on your hard drive. YellowHat does not control these
third party Cookies and shall bear no responsibility or liability for them, and
they are also not subject to this Privacy Policy.

Our website
may also use a technology provided by third parties called “tracer tags” or
“Web beacons” which are tiny graphic files embedded in a website or email that
send information from your browser back to the Web beacon’s originating server.
This technology allows us to understand which pages you visit on our website
and the sites you visit before and after ours and is used to help us optimize
and tailor our website for your visits to our website. YellowHat does not
control these third party “tracer tags” or “Web beacons” and shall bear no
responsibility or liability for them, and they are also not subject to this
Privacy Policy.


For the purposes described
in this Privacy Policy, we may share your personal information with our
employees, contractors, consultants and other parties who require such
information to assist us with managing our relationship with you. We may engage
third party service providers to work with us to administer and provide the
Services. These third-party services providers have access to your personal
information only for the purpose of performing services on our behalf. For
additional information about the manner in which our third party service
providers treat your personal information, contact us by email at [INSERT EMAIL].
uses contractual or other means to provide a level of protection comparable to
those set out in this Privacy Policy when information is being processed by a
third party on YellowHat’s behalf.  

Shared with Third Parties

We may
share aggregated information and non-identifying information with third parties
for industry research and analysis, demographic profiling and other similar

Our websites
may contain links to other sites that we do not own or operate. The Services
also integrate with third party applications and tools (“Third Party Applications”). We do not have any control over the
linked websites and the Third Party Applications, and therefore we have no
responsibility or liability for the manner in which the organizations that
operate the linked websites and the Third Party Applications may collect, use,
disclose, secure and otherwise treat any personal information you provide to
them. The linked websites and the Third Party Applications have separate and
independent privacy statements, notices and terms of use, which we recommend
you read carefully.

Disclosed in Connection with Business Transactions

We may
transfer any information we have about you as an asset in connection with a
merger or sale (including transfers made as part of insolvency or bankruptcy
proceedings) involving all or part of YellowHat or as part of a corporate
reorganization or stock sale or other change in corporate control.

Disclosed for Our Protection and the Protection of Others

We and
our service providers may provide your personal information in response to a
search warrant or other legally valid enquiry or order, or to an investigative
body in the case of a breach of an agreement or contravention of law, or as
otherwise required or permitted by applicable Canadian, United States or other
law. We may also disclose personal information where necessary for the
establishment, exercise or defense of legal claims or to prevent actual or
suspected loss or harm to persons or property.

We or
our third party service providers may engage in certain information, technology,
data, and processing in the United States so that we may operate our business,
provide you with our Services and otherwise for the purposes described in this
Privacy Policy.
[LEGAL7] As a
result, your personal information may be processed by us and/or our service
providers in the United States, where it may be subject to laws regarding the
disclosure of personal information to government authorities in the United

addition to the above, we may disclose your personal information with your
consent for specific purposes that we advise you at or before the time we
collect such personal information.


endeavors to maintain physical, technical and procedural safeguards that are
appropriate to the sensitivity of the personal information in question. These
safeguards are designed to protect your personal information from loss and
unauthorized access, copying, use, modification or disclosure.

security of your personal information is important to us. Please immediately
advise us at [INSERT EMAIL] of any
incident involving the loss of or unauthorized access to or disclosure of
personal information that is in our custody or control.

While YellowHat
makes good faith efforts to safeguard your personal information and to secure
your data during use of the Services, no transmission of data over the
Internet, wireless network, or any other public network can be guaranteed to be
100% secure.
In addition, if you are visiting, using or interacting with our Services from a
country other than the United States and Canada, your personal information may
be transferred to, and maintained on, computers located outside of your country
or other governmental jurisdiction where the privacy laws may not be as
protective as those in your jurisdiction
 . YellowHat
cannot ensure or warrant the security of any information that you transmit to
us and we do not take any responsibility for any breach that may occur.


retain personal information of users for no longer than necessary for the
purposes stated above or to otherwise meet legal requirements.


By using
the Services, we assume that you consent to the collection, use and disclosure
of your personal information as explained in this Privacy Policy.

addition, you may change or withdraw your consent at any time, subject to legal
or contractual restrictions and reasonable notice, by contacting us at [INSERT EMAIL]. In some circumstances, a
change in or withdrawal of consent may severely limit or even prevent our
ability to provide our Services to you. All communications with respect to such
withdrawal or variation of consent should be in writing and addressed to [INSERT EMAIL].


You have
the right to access, update, and correct inaccuracies in your personal
information in our custody and control, subject to limited exceptions
prescribed by applicable laws. You may do so directly by updating your account
or by emailing us at [INSERT EMAIL].  

requesting access to your personal information, please note that we may request
specific information from you to enable us to confirm your identity and right
to access, as well as to search for and provide you with the personal
information that we hold about you. In the event that we cannot provide you
with access to your personal information, we will endeavor to inform you of the
reasons why, subject to any legal or regulatory restrictions.

In some
circumstances, we may not agree with your request to change your personal
information and will instead append an alternative text to the record in

right to access the personal information that we hold about you is not absolute.
There are instances where applicable law or regulatory requirements allow or
require us to refuse to provide some or all of the personal information that we
hold about you. In addition, the personal information may have been destroyed,
erased or made anonymous in accordance with our record retention obligations
and practices.


We have
appointed a Privacy Officer to oversee compliance with this Privacy Policy. If
you have any questions, concerns or complaints regarding our Privacy Policy or
the manner in which we or our service providers treat your personal
information, please contact us at:





interpretation associated with this Privacy Policy will be made by our Privacy
Officer.  This Privacy Policy includes
examples but is not intended to be restricted in its application to such
examples, therefore where the word ‘including’ is used, it shall mean
‘including without limitation’.

Privacy Policy does not create or confer upon any individual any rights, or
impose upon YellowHat any rights or obligations outside of, or in addition to,
any rights or obligations imposed by applicable laws. Should there be, in a
specific case, any inconsistency between this Privacy Policy and such laws,
this Privacy Policy shall be interpreted, in respect of that case, to give
effect to, and comply with, such laws.




As noted in the draft Terms of Service,
please advise if YellowHat may enter into an overarching b2b enterprise
agreement. This Privacy Policy is currently drafted in a way that contemplates
that such an overarching agreement might exist and which might take precedence
over this Privacy Policy (as applicable).

INTERNAL: “Privacy
Officer” can be replaced with the title of the individual who is
overseeing the administration of this policy.

Please confirm the scope of information that will be collected from the YellowHat
website. We have included some baseline information that is typically collected
(e.g. information submitted by a user, or information that may be automatically
collected on the backend such as log data and device data).

We have included various reasons why collection might occur—please review and
let us know if adjustments are needed. 


We have included various typical uses for which collected information is
put—please review and let us know if adjustments are required (some of these
may not be relevant if they are not intended to be in scope for the Services,
e.g. the account creation process; cookies, etc.).

We have inserted various reasons for which information may be disclosed. Please
review and let us know if adjustments are needed. 

If personal information will be transferred outside of Canada (e.g. via a third
party processor), please provide the list of countries to which such
information will be transferred. We have included placeholder language for
US-based transfers in the meantime. 

As above, this statement will need to be verified based on whether cross-border
transfers will take place.  

Scroll to Top