Site Map  |  Privacy Policy  |  Advisories

About Us



IOActive Labs

IOActive Labs IOBOT! Click to learn more.


Privacy Policy

Last updated: October 1, 2013

IOActive is very sensitive to the privacy concerns of our clients and the public at large. This statement discloses the privacy practices for IOActive, Inc. (IOActive). This IOActive Online Privacy Statement applies to data collected by IOActive through the majority of its website, as well as its offline support services.

Our mailing address:
IOActive, Inc.
Attention: Privacy
701 5th Avenue, Suite 6850,
Seattle, WA 98104

Our e-mail address:

Collection of Your Personal Information

On our website, or during other interactions with IOActive, we may ask you to provide personal information, such as your e-mail address, name, home or work address or telephone number.

We may collect information about your visit, including the pages you view, the links you click and other actions you take in connection with IOActive's website and services. We also collect certain standard information that your browser sends to every website you visit, such as your IP address, browser type and language, access times, and referring website addresses.

Our sites are not intentionally designed for or directed at children under the age of 13 years. It is not our policy to knowingly collect or maintain information about anyone under the age of 13.

Information We Collect

We collect information about you in two ways. First, we collect personal information provided to us directly by you, such as when you:

  • Register as a licensed user
  • Participate in a survey, blog or forum
  • Place an order
  • Authenticate an order
  • E-mail us
  • Request information from us

Second, we automatically receive information from your browser, including but not limited to, your internet protocol (IP) address; information about your browser, cookie, and web beacon; or web bug information.


A cookie is a very small file sent to your web browser by a website's server to process information more efficiently. A cookie file can contain information such as a user ID that the website uses to track the pages you have visited. However, the only personal information a cookie can contain is information you supply yourself. Cookies cannot read data off your hard drive, destroy files, or send viruses. Cookies basically avoid duplication of information. For example, by setting a cookie on the website, you do not have to enter a password more than once. This saves you time when visiting the website.

Cookies also enable us to track and target the interests of our users to enhance their experience on our website. You can set your browser to reject a cookie. If you do so, you will still be able to use the website, but you may be limited in some areas of the website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our website. For more information about cookies and how to turn them off, please visit the Interactive Advertising Bureau's website at

Use of Your Personal Information

IOActive collects and uses your personal information to deliver the services or carry out the transactions you have requested. If you send us a resume or curriculum vitae to apply online for a position with IOActive, we will use the information provided to match you with available opportunities.

IOActive may also use information you provide to more effectively operate and improve its website. These uses may include:

  • Providing you with more effective customer service
  • Making the website or services easier to access
  • Performing research and analysis aimed at improving our products, services and technologies
  • Displaying content that is customized to your interests and preferences

We also use your personal information to communicate with you. We may send certain mandatory service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements. We may also occasionally send you product surveys or promotional mailings to inform you of other products or services available from IOActive and its affiliates.

Personal information collected on IOActive sites and services may be stored and processed in the United States or any other country in which IOActive or its subsidiaries or agents maintain facilities. By using an IOActive site or service, you consent to any such transfer of information outside of your country.

Sharing of Your Personal Information

Except as described in this statement, we will not disclose your personal information outside of IOActive and its controlled subsidiaries and agents without your consent.

We occasionally hire other companies to provide limited services on our behalf, such as:

  • Handling the processing and delivery of mailings
  • Providing customer support
  • Hosting websites
  • Processing transactions
  • Performing statistical analysis of our services

Those companies will be permitted to obtain only the personal information they need to deliver the service. They are required to maintain the confidentiality of the information and are prohibited from using it for any other purpose.

We may access and/or disclose your personal information if we believe such action is necessary to:

1) Comply with the law or legal process served on IOActive.

2) Protect and defend the rights or property of IOActive (including the enforcement of our agreements).

3) Act in urgent circumstances to protect the personal safety of users of IOActive services or members of the public.

Accessing Your Personal Information

If you wish to change or view the information kept by IOActive about you or your organization, please contact your IOActive sales representative or contact us at the above mailing address or e-mail address.

Communication Preferences

If you do not want IOActive to contact you or your company for marketing purposes by e-mail, postal mail, fax and/or phone, you may opt out by contacting our customer service representatives via e-mail, or by writing to us at the above addresses.

Your Choice

You may choose to stop receiving communications from us at any time. To request removal from our mailing list, to access your personal information or to ask us to remove your personal information from our database, please send a message with your request to the Privacy Policy Manager at

Security of Your Personal Information

IOActive is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. For example, we store the personal information you provide on computer systems with limited access, which are located in controlled facilities. Our personnel who have access to the data have been trained to maintain the confidentiality of such information. When we transmit highly confidential information over the Internet, we protect it through the use of encryption.

Safe Harbor Compliance

The company complies with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. The company has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view the company's certification, please visit the Safe Harbor website.

We self-certify compliance with

Changes to This Privacy Statement

We will occasionally update this privacy statement to reflect changes in our services and customer feedback. When we post changes to this Statement, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how IOActive will use your personal information, we will notify you either by prominently posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how IOActive is protecting your information.



More Information

Need more information?
Contact IOActive today.

IOActive Profile:
Established: 1998
Headquarters: Seattle, WA and London, UK
Privately held and self-funded
IOActive Services:
Application Security, SCADA and Smart Grid, PCI and Compliance, Security Development Lifecycle, Infrastructure Audit, Incident Response and Training.
Global 500 companies including power and utility, game, hardware, retail, financial, media, travel, aerospace, healthcare, high-tech, social networking, and software development organizations.


We can confidently say that IOActive has provided us with excellent thought leadership around application security, that their mature practices have been invaluable, and that we are proud to use them as a trusted advisor to eBay, Inc."

— Dave Cullinane, CISO of eBay