Privacy Policy

Last Revised: July 12, 2024

The following discloses the privacy practices and disclaimers for Coalfire Systems, Inc.

California and Virginia Residents, please read our CA & VA Privacy Policy.

Coalfire Systems, Inc., (“Coalfire”) takes your privacy seriously.  We want you to know how we collect, use, share, and protect your personal data.

This Privacy Policy tells you:


This Privacy Policy applies only to personal data that we collect on the website as it may be modified, relocated and/or redirected from time to time (the “Site”).  This Privacy Policy does not apply to any other web sites that may be accessible through the Site.

If you do not want us to handle your personal data as described in this Privacy Policy, please do not use the Site. If you reside outside the U.S., you will not be able to submit personal data through this website unless you consent to this Privacy Policy. 

Personal data means information that relates to you as an individually identifiable person, such as your name, e-mail address, and mobile number.



a) Information You Give Us 
We collect personal data that you voluntarily share with us through the Site. For example, we may ask you to register and provide information when you download free information, such as white papers and email newsletters, or if you respond to a marketing campaign.

b) Information We Collect Through Technology On The Site

We collect information through technology to enhance our ability to serve you. When you access and use the Site, Coalfire and, in some cases, our third-party service providers collect information about how you interact with the Site.  We describe below methods we use to collect information through technology. 

IP Address
When you visit the Site, we collect your device identifier, browser information, and Internet Protocol (IP) address. An IP address is often associated with the portal you used to enter the Internet, like your Internet service provider (ISP), company, association, or university.  While an IP address may reveal your ISP or geographic area, we cannot determine your identity solely based upon your IP address. We do not link your personal data to device identifier information, browser information, and IP addresses.  Where, according to local law, IP addresses and the like are considered personal data, then we treat them as such.

Do We Use Cookies?
Yes.  We use cookies on this website. A cookie is information sent by a web server to a web browser, and stored by the browser. Each time the browser requests a page from the web server, the cookie communicates with the web server. This enables the web server to identify and track the web browser.   We use cookies to help us understand how users use the Site. For example, cookies gather information about how long you spend on a web page so that we can understand what web pages are of most interest to users. 

We, or our service providers, may send cookies which may be stored by your browser on your computer’s hard drive. We, or our service providers, may use the information we obtain from the cookies in the administration of this website, to improve the website’s usability and for marketing purposes. For example, our sales team may use information about website engagement to determine the potential interests of a user who has asked to be contacted about our services. We may use information obtained from cookies to recognize your computer when you visit our website, and to personalize our website for you. For example, we also may use information obtained from cookies to tailor how the website appears to you (including the advertisements and offers you receive) to better match your interests and preferences.

We may use anonymous cookies to record non-personal information such as website activity, date and time of visit, and domain type. We may use this information for retargeting purposes. For example, when you visits certain pages on our Site, we can bid to display advertisements to you on various advertisement networks on the Internet.

Most browsers allow you to refuse to accept cookies. (For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.) This will, however, cause some features of this website and other websites not to work. For example, without cookies, a website typically cannot remember that you have logged in when you move from page to page in the website.

Service Providers' Cookies
We use cookies provided by third-party service providers, such as Google Analytics, Pardot, BrightFunnel and Terminus to assist us in better understanding our Site visitors. These cookies generally collect data tied to a user’s IP address, such as the length of time a user spends on a page, the pages a user visits, and the websites a user visits before and after visiting the Site. For example, based on this information, Google Analytics compiles aggregate data about Site traffic and Site interactions, which we use to offer better Site experiences and tools in the future. Google Analytics does not collect any personal data (other than IP Address which may be considered personal data in some countries). You can obtain more information about Google Analytics here:

Web Beacons 
We include small graphic images or other web programming code, called web beacons (also known as "pixel tags", “web bugs” or "clear GIFs"), on the Site. The web beacons are minute graphics with a unique identifier. They are used to track the online movements of Web users. In contrast to cookies, which are stored in a user's computer hard drive, web beacons are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.  

In the event you interact with the chatbot, you may be asked to provide Personal Information. Note that our chatbot will only ever ask for your name and email address; any other Personal Information you provide is at your own discretion and not required. Please do not provide any sensitive information. If you use our chatbot, know that when you share personal data, you’re giving us permission to monitor, collect, and record the personal data. By using these tools and technologies, you consent to your conversations being monitored and recorded.

Your ‘Do Not Track’ Browser Setting
We support the Do Not Track (DNT) browser setting. DNT is a preference you can set in your browser’s settings to let the websites you visit know that you do not want the websites collecting your personal data.

We may track your online activities over time and across third-party websites or online services. For example, we might use web beacons to help us determine what links or advertisers brought you to our Site. We then track your activities on our Site. However, we will not engage in tracking if you select the DNT browser setting.

c) Information Third Parties Provide About You

We supplement the information we collect about you through the Site with records received from third parties in order to enhance our ability to serve you, to tailor our content to you, and to offer you information that we believe may be of interest to you.

Back to top


 We use the information we collect to serve you and improve your experience on the Site. These purposes include:

  • Responding to requests for information
  • Responding to requests for service quotes
  • Providing users free white papers
  • Registering users for Coalfire promotional materials and events
  • Contacting users for marketing, advertising, and sales purposes
  • Responding to questions and feedback
  • Conducting market research and analysis
  • Continuously evaluating and improving the online user experience
  • Network and information security
  • Fraud prevention
  • Reporting suspected criminal acts
  • Compliance with the law or to protect the rights, property, or safety of Coalfire, our users, or others

Data Retention 
We retain your personal data for the duration of the customer relationship, if any. We also retain your personal data for 12 months after our last interaction with you.

Back to top



We do not sell or rent your personal data to third parties.  The following are some of the ways we share your personal data:

  • Required Disclosures: We may be required to share personal data in a court proceeding, in response to a court order, subpoena, civil discovery request, other legal process, or as otherwise required by law.
  • Legal Compliance and Protections: We may disclose account and other personal data when we believe disclosure is necessary to comply with the law or to protect the rights, property, or safety of Coalfire, our users, or others. This includes exchanging personal data with other companies and organizations for fraud protection and credit risk reduction.
  • Corporate Transactions: We reserve the right to disclose and transfer your data, including your personal data:
    • To a subsequent owner, co-owner, or operator of the Site or successor database.
    • In connection with a corporate merger, consolidation, bankruptcy, the sale of substantially all of our membership interests and/or assets or other corporate change, including to any prospective purchasers.

Back to top


The security and confidentiality of your personal data is important to us.  We have technical, administrative, and physical security measures in place to protect your personal data from unauthorized access or disclosure and improper use. 

For example, we use Transport Security Layer (TSL) encryption to protect the data collection forms on our Site. In addition, access to customer information is restricted to authorized personnel only.  Only employees who need the personal data to perform a specific job (for example, a customer service representative) are granted access to personal data. Employees with access to personal data are kept up-to-date on our security and privacy practices.  Credit card numbers are used for payment processing and automatic renewals where applicable, and are not retained for other purposes.
It is important for you to protect against unauthorized access to your password and to your computer. Be sure to close your browser after you have completed your visit to the Site.

Please note that despite our reasonable efforts, no security measure is ever perfect or impenetrable, so we cannot guarantee the security of your personal data.

Back to top


You may contact to access, update, correct, and delete your personal data.

Managing Cookies and Other Data Collection Technologies: You have a number of options to control or limit how we and our vendors use Cookies and other technologies including for advertising:

  • To prevent your data from being used by Google Analytics, you can install Google’s opt-out browser add-on.
  • To opt out of interest-based advertising, you can visit!/ and follow NAI’s on-screen instructions. Note that if you opt out through the NAI, you will still receive advertising, but the advertising will not be tailored to your interests. In addition, if you opt out through NAI and later delete your cookies, use a different browser, or buy a new device, you will need to opt out of interest-based advertising again.
  • To opt out of ads on Facebook or Google that are targeted to your interests, use your Facebook, LinkedIn, or Google Ads settings.
  • Check your mobile device for settings that control ads based on your interactions with the applications on your device. For example, on your iOS device, enable the “Limit Ad Tracking” setting, and on your Android device, enable the “Opt out of Ads Personalization” setting.

If you have any questions about this Privacy Policy, we'll do our best to answer them promptly. You can contact us at:

California residents who use the Site may request that we provide certain information regarding our disclosure of your personal data to third parties for their direct marketing purposes. You can make such a request by e-mail to

Back to top


a) All locations outside of the United States

The personal data collected through the Site is downloaded to a server maintained by Coalfire.  Coalfire is located at AWS-East-01 in the United States. Coalfire will comply with requests to exercise individual data rights in accordance with applicable law.  You can contact to request to exercise your data rights.

b) European Economic Area and Switzerland

The information in this section, as well as the information in the section above titled “All locations outside of the United States”, applies to users in the European Economic Area and Switzerland (collectively, the “EEA”).

Individuals in the EEA (“EEA Individuals”) are not required by statute or by contract to provide any personal data to the Site.  Coalfire sometimes uses EEA Individuals’ personal data submitted through the Site for automated decision-making. For example, Coalfire may display advertisements and send emails to you containing content automatically chosen based on the products you have ordered from us in the past. However, Coalfire will not use EEA Individuals’ personal data submitted through the Site for automated decision-making, including profiling, which produces legal effects or similarly significantly affects the EEA Individual.   

Cross-Border Data Transfers:
The personal data collected through the Site will be transferred to the United States.  The recipients of personal data collected through the Site (listed in Section 3 above) are located in the United States or in the country where the data was collected. The European Commission has not issued a determination that the United States ensures an adequate level of protection for personal data. 

Legal Bases For Processing:
Coalfire processes your personal data with your consent and as required by law.  In addition, Coalfire processes your personal data as necessary for the performance of the sales contract, for example, when processing your requests, and to take steps, at your request, before entering into a contract with you.  For example, if you ask us for quotes for products and services you are interested in buying, we may send them to you.  Coalfire also processes personal data as necessary for its legitimate interests as follows:

  • Marketing and advertising: Unless you opt out as described below, we use your personal data regarding products and services you have ordered, or in which you have otherwise demonstrated an interest, as necessary to provide you information about the products and services that we think might interest you in accordance with applicable law.
  • Network and information security, fraud prevention, and reporting suspected criminal acts: In the event of fraud, a security incident, or a suspected criminal act, we would examine personal data that appeared to be linked to the incident as necessary to determine what happened, remediate, report to the authorities, and prevent a recurrence.

Right to Object to Processing for Direct Marketing or Legitimate Interests:
EEA Individuals have the right to object to the processing of their personal data for purposes of Coalfire’s direct marketing or legitimate interests by contacting Coalfire at

Data Retention
We retain your personal data for the duration of the customer relationship, if any. We also retain your personal data for 12 months after our last interaction with you.

Individual Rights:
EEA Individuals have the right to access their personal data collected by the Site and to request that Coalfire update, correct, or delete their personal data as provided by applicable law.  EEA Individuals also have the right to object to, or restrict, Coalfire’s processing of their personal data.


In addition, EEA Individuals have the right to data portability concerning their personal data.  Subject to certain limitations, the right to data portability allows EEA Individuals to obtain from Coalfire, or to ask Coalfire to send to a third party, a digital copy of the personal data that they provided to the Site. EEA Individuals’ right to access their personal data includes their right to receive a copy of all, or a portion, of their personal data in Coalfire’s possession as long as Coalfire’s providing the personal data would not adversely affect the rights and freedoms of others.

EEA Individuals can exercise these rights by contacting  Coalfire will respond to such requests in accordance with applicable data protection law.  If EEA Individuals believe that their personal data has been processed in violation of applicable data protection law, they have the right to lodge a complaint with the relevant data protection authority in the country where they reside, where they work, or where the alleged violation occurred.

EEA Individuals may use the contact information above, at any time, to withdraw their consent for the processing of their personal data where Coalfire requires their consent as a legal basis for processing their personal data.  Any withdrawal will apply only prospectively, and Coalfire will continue to retain the personal data that EEA Individuals provided before they withdrew their consent for as long as allowed or required by applicable law.

In addition, you may cancel or modify the email communications you have chosen to receive from Coalfire by following the instructions contained in emails from us.  Alternatively, you may visit and if your IP address is linked to your email address, you will instantly be unsubscribed from email communications. You may also revisit the link to resubscribe at any time. 

EU Representative:
Coalfire’s representative in the European Union is Andrew Barratt.  You can reach our representative at Suite 28 A, City Tower, Piccadilly Plaza, Manchester, UK, M1 4BT

Back to top


If we change this Privacy Policy, we will post those changes on this page and update the Privacy Policy modification date above. If we materially change this Privacy Policy in a way that affects how we use or disclose your personal data, we will provide a prominent notice of such changes and the effective date of the changes before making them.   

Back to top


This web site contains proprietary notices and copyright information, the terms of which must be observed and followed. This site and all content in this site may not be copied, reproduced, republished, uploaded, posted, transmitted, distributed, or used for the creation of derivative works without Coalfire's prior written consent, except that Coalfire grants you non-exclusive, non-transferable, limited permission to access and display the Web pages within this site, solely on your computer and for your personal, non-commercial use of this Web site. This permission is conditioned on your not modifying the content displayed on this site, your keeping intact all copyright, trademark, and other proprietary notices, and your acceptance of any terms, conditions, and notices accompanying the content or otherwise set forth in this site. Notwithstanding the foregoing, any software and other materials that are made available for downloading, access, or other use from this site with their own license terms, conditions, and notices will be governed by such terms, conditions, and notices.

Your failure to comply with the terms, conditions, and notices on this site will result in automatic termination of any rights granted to you, without prior notice, and you must immediately destroy all copies of downloaded materials in your possession or control. Except for the limited permission in the preceding paragraph, Coalfire does not grant you any express or implied rights or licenses under any patents, trademarks, copyrights, or other proprietary or intellectual property rights. You may not mirror any of the content from this site on another Web site or in any other media.

Certain disclaimers

Information on this web site is not promised or guaranteed to be correct, current, or complete, and this site may contain technical inaccuracies or typographical errors. Coalfire assumes no responsibility (and expressly disclaims responsibility) for updating this site to keep information current or to ensure the accuracy or completeness of any posted information. Accordingly, you should confirm the accuracy and completeness of all posted information before making any decision related to any services, products, or other matters described in this site.

Coalfire provides no assurances that any reported problems will be resolved by Coalfire, even if Coalfire elects to provide information with the goal of addressing a problem.

Use of Trademarks and Logos

All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them. 

Use of certain reference documents, collateral and use cases

Coalfire is solely responsible for the contents of Coalfire authored documents as of the date of publication.  The contents of these documents are subject to change at any time based on revisions to the applicable regulations and standards (HIPAA, PCI DSS Consequently, any forward-looking statements are not predictions and are subject to change without notice. While Coalfire has endeavored to ensure that the information contained in these documents have been obtained from reliable sources, there may be regulatory, compliance, or other reasons that prevent us from doing so. Consequently, Coalfire is not responsible for any errors or omissions, or for the results obtained from the use of this information.  Coalfire reserves the right to revise any or all of this document to reflect an accurate representation of the content relative to the current technology landscape. In order to maintain contextual accuracy of these documents, all references to these documents must explicitly reference the entirety of these documents inclusive of the title and publication date;  Neither party will publish references to these documents without prior written approval. If you have questions with regard to any legal or compliance matters referenced herein you should consult legal counsel, your security advisor and/or your relevant standard authority.

Back to top