PRIVACY
STATEMENT
Last Updated: June 2026
APPLICABILITY
1.1. This privacy policy ("Privacy Policy") explains how VantaPrism, Ltd, collects, uses, stores and shares your ("User") data through its website at https://vantaprism.me/ and the VantaPrism threat intelligence API (collectively, the "Site").
1.2. By making any attempt to use the Site, or any part thereof, User agrees to be bound by the terms set forth hereunder.
1.3. VantaPrism may update this Privacy Policy from time to time. VantaPrism will notify User of any changes by posting the new Privacy Policy on the Site. If VantaPrism makes any changes to this Privacy Policy that materially affect VantaPrism's practices with regard to the personal data VantaPrism previously collected from User, VantaPrism will endeavor to provide User with notice in advance of such change by highlighting the change on the Site. User is advised to consult this Privacy Policy regularly for any changes. VantaPrism will seek User's prior consent to any material changes, if and where this is required by applicable data protection laws.
DATA COLLECTED BY VANTAPRISM
The data VantaPrism collects may be comprised of both personal identifiable information ("PII") and data which does not constitute PII ("Non-PII").
PERSONAL IDENTIFIABLE INFORMATION
3.1. PII provided by the User is comprised of information User provides VantaPrism with on the Site, when registering for an account or subscription, when sending VantaPrism a CV under the 'we're hiring' section or [email protected], or when contacting VantaPrism via the [email protected] address, and may include information such as User's first name, last name, e-mail address, phone number, organisation, professional background and any additional information provided via the "Contact Us" field.
3.2. User is under no legal obligation to submit personal data to VantaPrism. However, in case User chooses not to submit personal data to VantaPrism, User may not be able to use certain services provided by VantaPrism.
DATA COLLECTED BY THIRD PARTIES
4.1. The Site may contain links to certain third party services, websites, articles, links, icons, ads, videos, graphics, and/or any other content that is offered by third parties ("Third Party Content"). This Privacy Policy does not apply to any Third Party Content. VantaPrism has no control over such third parties' privacy practices, or the technology used by such third parties in order to collect any PII or Non-PII. Each User is advised to thoroughly review the third parties' privacy policies before making any use of such Third Party Content.
4.2. By clicking on a link to a third-party website or service, a third party may transmit cookies to User. This Privacy Policy does not cover the use of cookies by any third parties, and VantaPrism is not responsible for such third parties' privacy policies and practices.
USE OF THIRD-PARTY DATA PROVIDERS
We may utilize third-party data providers, such as Google Analytics, to supplement the information we use for our business operations.
VANTAPRISM'S USAGE AND SHARING OF THE COLLECTED INFORMATION
6.1. PII and Non-PII may be used by VantaPrism and/or anyone on its behalf as follows:
6.1.1. For everyday business purposes, such as to process transactions, manage and administer VantaPrism's business and records and carry out VantaPrism's obligations arising from any contracts entered into between VantaPrism and such User and to provide such User with the Site;
6.1.2. Provide User with information about other services VantaPrism offers that are similar to such services that User have already used or enquired about and which might interest User;
6.1.3. Administer VantaPrism's Site, and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
6.1.4. Notify User(s) about changes to the Site;
6.1.5. Undertake market research, including research and development research in connection with VantaPrism's technology and/or the Site; and
6.1.6. To prevent fraud, abuse, and other actual and potential prohibited or illegal activities; to comply with legal, and regulatory requirements, security and processing requirements, and to respond to court orders and legal investigations; and
6.1.7. Otherwise with consent or as permitted or required by applicable law.
6.2. In the following cases VantaPrism discloses, without notification, PII, Non-PII, any communications sent or received by each User, and any other information that VantaPrism has collected and/or was provided with:
6.2.1. If required to do so by law according to its understanding of such law (including, but not limited to, in cases of court orders or subpoenas);
6.2.2. To verify the information obtained by VantaPrism;
6.2.3. To prevent or investigate suspected fraud, or any activity that VantaPrism believes may be illegal or may expose VantaPrism to legal liability;
6.2.4. Events involving potential threats to the physical safety of any person or property if VantaPrism believes that User's information in any way relates to that threat;
6.2.5. If VantaPrism believes that User's conduct on or in connection with the Site is inappropriate and inconsistent with generally accepted norms of behavior;
6.2.6. In addition, VantaPrism may be required to disclose PII and Non-PII to relevant national, state and local law enforcement authorities, whom may further disclose the PII and Non-PII.
6.2.7. In the event that VantaPrism, or any of its businesses, are sold or disposed of, whether by merger, sale of assets or otherwise, PII and Non-PII collected hereunder may be one of the assets sold or merged in connection with such transaction. PII and Non-PII collected hereunder may also be disclosed in connection with a commercial transaction where VantaPrism or any of its businesses are seeking financing, investment, and support or funding.
6.3. When VantaPrism shares User's data with third parties as specified above, VantaPrism requires such recipients to agree to only use the personal data VantaPrism shares with them in accordance with this Privacy Policy and VantaPrism's contractual specifications and for no other purpose than those determined by VantaPrism in line with this Privacy Policy.
6.4. It is clarified that VantaPrism is under no obligation to exercise its rights hereunder and shall not incur any liability with such exercise or lack of exercise of its rights.
ACCESS TO INFORMATION
7.1. Depending on applicable laws, each User may have the right to access PII and Non-PII held with respect to such User. Each User's right of access can be exercised in accordance with the relevant data protection legislation. Any request for access may be subject to a fee to meet VantaPrism's costs in providing such User with details of the PII and Non-PII VantaPrism holds on User.
7.2. VantaPrism will take reasonable steps to verify User's identity before granting User access or enabling User to make corrections.
7.3. VantaPrism will retain PII only for the time period needed for business purposes or as required by the applicable law and will securely destroy such information thereafter.
DATA SECURITY
VantaPrism has taken appropriate technical and organizational measures to protect any information VantaPrism collects about User from loss, misuse, unauthorized access, disclosure, alteration, destruction, and any other form of unauthorized processing. User should be aware, however, that no data security measures can guarantee 100% security.
PREVENTING IDENTITY THEFT
Each User is requested to pay attention and not to be misled by emails that appear to be from VantaPrism and ask for PII. If User receives a suspicious email requesting User's PII, User is requested to forward such email immediately to [email protected] and specify in the subject line "Suspicious email".
USERS IN THE EUROPEAN ECONOMIC AREA (EEA)
10.1 Legal Basis for Processing of Personal Data
VantaPrism will only process User's personal data if it has one or more of the following legal bases for doing so:
10.1.1. Contractual Necessity: processing of personal data is necessary to enter into a contract with User, to perform VantaPrism's contractual obligations to User under the TOU, to provide the Services, to respond to requests from User, or to provide User with customer support;
10.1.2. Legitimate Interest: VantaPrism has a legitimate interest to process User's personal data, including the prevention and detection of cybercrime and the protection of organisations and individuals from the harms of credential compromise;
10.1.3. Legal Obligation: processing of User's personal data is necessary to comply with relevant law and legal obligations, including to respond to lawful requests and orders; or
10.1.4. Consent: processing of User's personal data with User's consent.
10.2 User's Rights regarding Personal Data
Subject to applicable law, User has certain rights with respect to User's Personal Data, including the following:
10.2.1. User may ask whether VantaPrism holds personal data about User and request copies of such personal data and information about how it is processed if such data is stored by VantaPrism;
10.2.2. User may request that inaccurate personal data is corrected;
10.2.3. User may request the deletion of certain personal data;
10.2.4. User may request VantaPrism to cease or restrict the processing of personal data where the processing is inappropriate;
10.2.5. When User consents to processing User's personal data for a specified purpose by VantaPrism, User may withdraw User's consent at any time, and VantaPrism will stop any further processing of User's data for that purpose.
10.2.6. In certain circumstances, VantaPrism may not be able to fully comply with User's request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law; however, in those circumstances, VantaPrism will still respond to notify User of such a decision.
10.2.7. User can exercise User's rights of access, rectification, erasure, restriction, objection, and data portability by contacting VantaPrism at [email protected]. In some cases, VantaPrism may need User to provide VantaPrism with additional information, which may include personal data, if necessary to verify User's identity and the nature of User's request.
10.3 Transfer of User's Personal Data outside of the EEA
10.3.1. VantaPrism currently stores User data in cloud servers operated by reputable infrastructure providers.
10.3.2. When transferring personal data from the EEA to the United States or other jurisdictions, VantaPrism relies on recognised transfer mechanisms, including the European Commission's Standard Contractual Clauses, together with appropriate supplementary safeguards.
COMPLIANCE WITH CHILDREN'S ONLINE PRIVACY PROTECTION ACT
The Site is not intended for use by minors. VantaPrism will not knowingly collect PII and Non-PII from children, who it positively knows are under the age of 18 without the consent of a parent or a legal guardian.
INTERNATIONAL STORAGE
Each User is advised to be aware that PII VantaPrism collects may be transferred to, processed and stored outside User's jurisdiction, and that data protection laws in such jurisdiction where the information is collected, stored and/or processed may differ from User's jurisdiction. Each User hereby gives User's consent to this transfer, processing and storage of User's information outside its jurisdiction (e.g. outside the EU and/or the United States of America).
LAW AND JURISDICTION
This Privacy Policy and any dispute or claim arising out of it is governed by the laws of the State of New York, USA. Any dispute or claim arising out of or in connection with the Privacy Policy will be subject to the jurisdiction of the courts of the State of New York, USA.
CONTACT US
For any question with respect to this Privacy Policy, VantaPrism's privacy practices, or in connection with the Site, User is invited to contact VantaPrism at [email protected].