New! Learn about effective red teaming for GenAI Read Mastering GenAI Red Teaming

ActiveFence Privacy Policy

Last Updated: February 14, 2024

ActiveFence Ltd. provides threat intelligence and proactive detection services to business entities and digital platforms hosting any sort of user-generated content (respectively, “Services” and “Hosting Platforms”). As part of our mission to help our customers eliminate violating and threatening content and online activity, we process from time-to-time personal data posted by or related to individuals across the web.

We designed this Privacy Policy for transparency purposes regarding our data processing practices across our services, platforms and products.  

Introduction and Scope:

To ensure transparency and give you more control over your Personal Information (as defined below), this privacy policy (“Privacy Policy”) is designed to explain to you and to govern how we, ActiveFence Ltd. and our subsidiaries (together, “ActiveFence” “we”, “our” or “us”) access, process, use, collect and store Personal Information about you, a data subject (“you” or “data subject“), in one or more of the following use cases:

  1. When you browse or visit our website (“Website”) as a visitor (“Visitor”), including, when you contact us (e.g. via our Website, email, or social media pages), or when we process your job application.
  2. When you interact with a feature, interface or a Software we provide to one or more of our Business Partners to integrate into their own websites or platforms (“End User”).
  3. When you attend a marketing event and/or provide us with your Personal Data for marketing or business purposes, or if you are a business customer, including a Hosting Platform, a service provider, or a representative of a business entity who is engaged in a business contract with us, or a prospective customer or business partner (“Business Partner”).

This Privacy Policy does not cover our Personal Data processing activities relating to:

  1. An end-user of a Business Partner who is engaged with us and shares certain Personal Data with us for the purpose of threats detection and prevention, and/or
  2. Publicly available information that was manifestly published by you or about you and associated with a certain violation or threat we investigate (“Web User” or “Database Information”). 

A privacy statement related to the former will be stipulated in a dedicated data processing agreement (“DPA“) signed with our Business Partners, and a privacy statement related to the latter will be provided upon verifiable request, confidentiality obligation, or regulatory requirement governing GDPR article 14(5)(b), i.e. when disclosing such information is no longer likely to render impossible or seriously impair the achievement of the objectives of that processing.

Please read this Privacy Policy carefully, so you can fully understand our practices in relation to Personal Data. “Personal Data” or “Personal Information” means any information that can be used by us or others, either alone or together with other data, to uniquely identify you or be associated with you. In this Privacy Policy, the “Service(s)” shall additionally include online, offline, manual, or automated services provided to existing or prospective Business Customers, the Website, any other site or service agreement linking to this Privacy Policy, our Database, and/or any software, application, SDK, tag or file licensed by us (each one or jointly, the “Software”), and the services provided through such Software.

Table of contents:

  1. Preliminary Notes
  2. What Personal Data we collect, why we collect it, and how it is used
  3. Lawful Bases For Personal Data processing
  4. How we protect and retain your Personal Data
  5. How we share your Personal Data
  6. Interaction with Third Party Service
  7. International transfers of Personal Data
  8. Your privacy rights
  9. Minors
  10. Cookies and other web technologies
  11. Specific provisions applicable under California privacy law
  12. Contact us

1. Preliminary Notes

1.1 Binding Agreement. This Privacy Policy constitutes an integral part of our Terms of Service, and unless explicitly mentioned otherwise in another agreement with you, is part of our legal engagement. If you are a Web User, who has engaged with a Hosting Platform and manifestly posted information online, you may learn of your privacy rights with respect to such publicly available information directly from the Hosting Platform on which you posted the information, or, by exercising certain of your rights as instructed below (subject to exemptions according to your jurisdiction of residence).

1.2 Special Jurisdictions and regulations. This Privacy Policy was designed with the Israeli and European data protection regulations in mind (ILPA and GDPR, respectively), however, given the country of your residency, or the Hosting Platform’s jurisdiction of operation, other rules may apply to your Personal Data. If you are a resident of California, we advise you to refer to Section 11 below, and this CPRA Privacy Statement.

1.3 Business Partners engagements. When we act as a Data Processor in a business-to-business (B2B) engagement, we will supplement such engagement with the data processing information (DPA) related to such engagement to supplement this Privacy Policy.

1.4 Data Protection Officer. If you have any requests regarding the data collected under this Privacy Policy, including but without limitation to, requests to remove, delete, amend, modify or transfer Personal Data held about you, please contact our Data Protection Officer (DPO) at: [email protected]. Please include sufficient details about your inquiry or request, to allow us to verify your request and address it on a timely manner.

1.5 Changes and updates to this Privacy Policy. We reserve the right to modify or update this Privacy Policy at any time, to reflect changes in our Services, data processing practices or to conform to a regulatory requirement. Such changes will be effective immediately upon the display of the revised Privacy Policy. The last revision date will be reflected in the “Last Updated” heading. If we make material changes to this Privacy Policy, we will make our best efforts to notify you, by email if possible, or by means of a notice on our Website.

1.6 Your personal data. You are not required by law to provide us with any information. You can always avoid providing us certain Personal Information, however, you acknowledge that it may prevent us from providing you certain Services. We sometimes process Personal Data about data subjects that were not provided to us by them; in such cases, we make sure to demonstrate our legal basis for such processing activities. When it is required by law, and subject to special exemptions, we allow data subjects to access their Personal Information, edit, delete or obtain data collected about them. If you wish to exercise any of your rights, use the information in Section 11 below.

2. What Personal Data we collect, why we collect it, and how it is used

The Personal Information we process originates from the following sources: (1) Information you actively provide to us, including by way of contacting us or interacting with our Software; (2) Information automatically accessed or collected while you use our Services or while we operate them on a B2B level; (3) Information made publicly available and/or manifestly shared by you or about you, processed for our own or a third party’s (as defined in Article 5 below) lawful purpose; (4) Information shared by third parties such as Hosting Platforms, based on their agreement with you, and for their own lawful purposes. The two latter sources are not covered by this Privacy Policy and will be provided upon request, or upon B2B contractual engagement as per the specific purpose of such engagement.

2.1 Visitors

Type of Information

How do we use it and for how long?

Online Identifiers: We process certain online identifiers such as IP addresses, cookies, pixel tags, user-agent (namely, in addition to your IP address, your browser’s type, version, language and country from which you access the Website or Service).

We may either directly or indirectly collect our Visitors’ Online Identifiers, used for one or more of the following purposes:

(a) Extracting analytics and statistical information about the visits of our Website. 
(b) Preventing and protecting against spam or fraud.
(c) Necessary cookies will be used as part of our legitimate interest and for purposes of the Website’s functionality.
(d) In certain cases, and upon your consent (if you are an EU/EEA or UK resident), third-party cookies and tags will be used for purposes of marketing our Services.

We retain online identifiers for as long as required to achieve each of these purposes or until deleted by you via your browser’s settings. Cookies’ expiry dates are varied as a dependency of the type and purpose and can be found in our cookies policy.

Device Information: We may automatically collect certain information about the device from which you access the Website or Services, such as type (mobile/desktop), type, and version of your operating system.

Based on your consent, or in certain cases, our legitimate interest, we may process device information for compatibility purposes. We retain device information for as long as required to achieve this purpose or until otherwise requested by you.

Online activity: We also collect certain technical information related to your use of the Website such as your click stream, type of browser, time and date, and other actions across the site (retained in the form of log files).

We use this technical data in order to operate and manage our Website, this information does not include Personal Information. We retain device information for as long as required to achieve this purpose.

Contact details: In the event you contact us for support, feedback, or other inquiries, request to receive a quote, either through an online form available on the Website, by sending us an email, or by other means of communication we make available (such as submitting a bug report or filling in a survey) you will be requested to provide us with your first and last name, email address, your organization and role within your organization (or other contact detail), and the subject matter of your inquiry.

We will use this information for our legitimate interest and solely for the purpose of responding to your inquiries and providing you with the support or information you have requested. We retain such information for as long as needed to provide you with the inquiry requested or as required under applicable law.

Subscription: If you voluntarily subscribe to our email communications, you will be asked to provide us with your email address. You can unsubscribe at any time using the unsubscribe option within the body of the email sent to you or rather by contacting our Data Protection Officer at [email protected].

We will use your email address in order to send you information related to our Services and to keep you up to date regarding new Services, as well as provide you with tips related to our Service, and promotional and marketing emails, all subject to your consent. We retain this information so long as you didn’t instruct us otherwise.

Job Application: In the event that you are interested in joining one of our teams, and wish to submit an application, you will be asked to provide us with your first name, last name, email address, phone number and to upload the file of your CV. You may add additional optional information such as your LinkedIn profile URL, or any other information with relevance to your application.

Your provision of personal information in connection with recruiting is voluntary, and you determine the extent of information you provide us. We will use the information you have provided solely to communicate with you, to manage our job application processing, and to comply with corporate governance and legal and regulatory requirements. If you are hired, the information may be used in connection with employment and corporate management. We retain this information for as long as required to achieve these purposes or until otherwise requested by you.


2.2. Business Partners

Type of Information

How Do We Use It?

Identifiers: depending on the method of communication between you and us, we process the following Personal Information about Business Partners: First and last name, email address, role with the organization, name, and address of the organization, phone number.

We will use this information for the purpose of performing our contract with you, provide you with the Services you have requested, and designate your account. We will use your contact details in order to send you the required information related to the Services and our business engagement. We retain information about business partners for as long as required to achieve the purposes above.

Account information: depending on the type of our communication or engagement with you, you may choose to add optional details and information to your account.

This information is optional and is fully managed by you. If submitted, we may use your merged email address to provide you with similar updates and notifications as described above. We retain this information so long as you didn’t instruct us otherwise.


2.3.  End Users interacting with our Software Interface

In addition to the information we process about Visitors, as stated above, we may process data and media items submitted directly by you, as per as the then-current option provided via our interface.

2.4. Web Users (also, Database Information)

In the course of developing our platform and providing our Services to our customers in B2B engagements, we engage in the processing of information that is publicly available and manifestly published on the web or with information provided to us from our clients, all in our capacity as data processors. In some cases, such information may be linked to or associated with Personal Data. While we make great efforts to de-associate such information from human individuals, sometimes, doing so may significantly impair the purpose for which we process the information to start with.

Such Personal Data is used for detection, prevention and monitoring of threats, fraud, or other illegal content or activity, to identify and repair errors, conduct audits, and for security purposes. Personal Data may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims or otherwise as instructed by our customers who are the controllers of such Personal Data.

A privacy statement relating to our Database Information is mainly drafted by our B2B customers, the controllers, and will be made available by us upon request, regulatory requirement or B2B engagement, provided that such disclosure is not likely to render impossible or seriously impair the achievement of the objectives of that processing.

In certain cases, we may or will anonymize or de-identify your Personal Data. “Anonymous Information” means information that does not enable the identification of an individual user, such as aggregated information about the use of our services. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, to improve our services and enhance your experience with them).

3. Lawful Bases for Personal Data Processing

If you are a resident of the EU, EEA, or the UK, refer to the following as the lawful bases for our data processing, as those defined by the General Data Protection Regulations (“GDPR”): 

3.1. Website Visitors. We process Visitors information based on: (i) consent when this is explicitly required by law (for example, if we use Visitors information for marketing, advertising and certain analytics purposes, or if we wish to place functional cookies and other web technologies to improve certain functionalities we may offer), or, when you actively contact us, completing a form by us or submit any information or files to us (including your CVs); (ii) legitimate interest in serving the Website, offering the Services, securing and safeguarding them, certain analytics we extract about the general usage of our Website and aby spam or fraud protection. 

3.2. Business Partners. We process Personal Data about Business Partners based on our legitimate business interest of preparing for a contract, proposing a business offering, or fulfilling a contractual obligation with them. The latter includes the lawful basis of a contract as well.

3.3. End Users.  We may process End User’s Personal Data based on their consent, when actively submitting data to our Software’s UI (user interface), for example, when we validate the data, analyze and investigate it. If the data submitted to us indicate a threat, fraud or malicious behavior we may further process it as per our legitimate interest, other End Users’ interest to browse a protected environment, or, our Business Partner’s legitimate interest to prevent malicious activity or content on their Hosting Platform.

In certain cases and upon our Business Partner’s need, we may process End Users Data to (i) prepare for a legal claim (ii) for the public interest, including the interest of Hosting Platform users to be free from criminal or other abusive behavior (iii) based on the consent they provided to a Hosting Platform, that includes the processing of Personal Data by third parties.

3.4. Web Users. Information processed in our DataBase is based on several lawful bases, all of which are detailed in our supplemental privacy notice, which is scoped out of this Privacy Policy. Those include, without limitation the following lawful bases:

  • Fraud and violating behavior: Legitimate interest of a Business Partner or their end-users to protect against criminal or other violating or misleading behavior on their Hosting Platform.
  • Security and Safeguard: Legitimate interest of us and our Business Partners to (i) secure and safeguard their platforms, (ii) indicating possible criminal or policy-violating act or threat to public or Web Users’ security.
  • Startup and scaling up our Services: our legitimate business interest to start and scale up our Services.
  • Data validation and accuracy purposes: Legitimate interest of us and our Business Partners to validate data, ensure its relevance, accuracy, and scores associated with such data.
  • In certain cases and upon our Business Partner’s need, we may process Web Users Data to (i) prepare for a legal claim (ii) for the public interest, including the interest of Hosting Platform users to be free from criminal or other abusive behavior (iii) based on the consent they provided to a Hosting Platform, that includes the processing of Personal Data by third parties.

In any other case, we may also process your Personal Data where you have provided us with consent to do so, or, where we have a legitimate interest and are not overridden by your data protection interests or fundamental rights and freedoms, such as when we use the data to provide the core Services, or when used for anti-fraud purposes.

4. How we protect and retain your Personal Data

4.1. Security. We have implemented appropriate technical, organizational and security measures designed to protect Personal Data or prevent unauthorized access to data. As the security of information depends in part on the security of the devices or network you, us or third party use, we cannot guarantee that all communications and Personal Data will be 100% safe at all times, however, we make highly strict efforts to ensure the highest level of protection. Additionally, we maintain and audited on an annual basis, a SOC 2 certificate, guaranteeing the implementation of trust service principles onto our data processing activities and facilities.

4.2. Retention of Personal Data. In addition to the retention criteria mentioned above, in some circumstances we may store Personal Data for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for our records in the event of any complaints, challenges, legal claim or regulatory action or (iii) if we reasonably believe there is a need (iv) upon a Business Partner’s need and/or request. 

5. How we share Personal Data

We share Personal Information with the following categories of third parties or partners, and only in the following circumstances and purposes: 

5.1. Third-Party service providers: We may share certain of your information with third parties that perform services for us and process data on our behalf (“Third-Party Services”), such as storage, hosting and data safeguarding (e.g. Amazon Web Service (AWS)), business intelligence and analytics for our online Services (such as Google Analytics and Hotjar), CRM and mailing lists management (e.g. SalesForce, MailChimp), Job application tracking and management system (ATS, Comeet), features providers, customer support and ticketing system, marketing and advertising. These third parties may be located in different jurisdictions than your country of residence and we require each to maintain adequate measures of information and privacy protection as required by applicable law.

5.2. Our auditors, consultants, investors and contractors with whom we may share samples of Personal Data on a need-to-know basis only and under strict confidentiality obligations.

5.3. Business Partners. We may share certain information with our Business Partners and clients that relate to content activity that was manifestly published on their platform, or share information based on Personal Data processing, such as risk level or named violated behavior performed, in our capacity as processors on behalf of such Business Partners.

5.4. Our affiliated companies. We may disclose Personal Information to any current or future affiliated company, parent companies, or subsidiaries to process for the purposes described in this Privacy Policy, all in compliance with applicable law. Affiliated companies are companies controlling, controlled by, or under common control with us.

5.5. Legal disclosure, policy enforcement, third-party rights. We reserve the right to disclose your Personal Information if required by law and/or to comply with a court order or similar legal process or when we believe in good faith that disclosure is necessary to protect our or third party rights, protect your safety or the safety of others, investigate fraud, criminal act or respond to a government request. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities.

5.6. Business Transitions. If we are involved in a merger, acquisition, or sale of all or a portion of the Company’s assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your personal information.

5.7. Upon your consent. In any other case, where you have provided your consent to us sharing or transferring your Personal Data (e.g., where you provide us with marketing consents or opt-in to optional additional services or functionality).

We may store Non-Personal and Personal Information on our servers or our cloud servers, use or share Non-Personal Information in any of the above circumstances, as well as for the purpose of providing and improving our Service as detailed above. Furthermore, we reserve the right to use, disclose or transfer (for business purposes or otherwise) aggregated and processed data to third parties, including, inter alia, affiliates, for various purposes including commercial use. This information may be collected, processed and analyzed by us and transferred in a combined, collectively and aggregated manner (i.e., your information is immediately aggregated with other users) to third parties. If you are a resident of California, we advise you to additionally refer to the CPRA Privacy Statement.

6. Interaction with Third Party Services

In case we enable you to interact with third-party websites, mobile software applications and products or services that are not owned or controlled by us (“Third Party Services“), we are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services can collect Personal Data from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third-Party Service.

7. International transfers of Personal Data

7.1. Transfers outside the EEA, EU or the UK: In addition to those locations of third parties services, who may have access to your Personal Data, We may store or process your Personal Information in the United States or in other countries, and may access to Personal Data from the United state or Israel. If you visit our Websites or use our Services from locations outside of the United States, or, if a Web User resides in other jurisdictions, their Personal Data may be transferred to and processed in countries other than the country from which you accessed our Websites or Services, or a HOsting Platform, including the United States and Canada, where our central database is operated. 

We will take the necessary steps to ensure that international transfers of Personal Information meet all requirements under applicable data protection laws. When personal data collected within the European Economic Area (“EEA”) or the UK is transferred outside the EEA, or the UK, we will take the steps necessary to ensure that the transfer of such data provides sufficient safeguards, and you may exercise your rights, where applicable, to receive information on such transfer mechanisms. Personal Information transferred outside the EEA or the UK is transferred for processing by AWS on its servers in the United States, and among the Company’s affiliates, in both cases pursuant to standard contractual clauses approved by the European Union, backed by measures to safeguard the Personal Data at transfer and rest. If you would like to understand more about these arrangements and your rights in connection therewith, please contact our Data Protection Officer at: [email protected].

7.2. Internal transfers: Transfers within the ActiveFence group of companies will be covered by an intra-group internal code of conduct and required agreements.

8. Your Personal Rights

8.1. Rights: The following rights (which may be subject to certain exemptions or derogations) apply to certain individuals, depending on their country of residence:

  • The right for disclosure of the Personal Data we process about you.
  • You have a right to access Personal Data held about you. Your right of access may normally be exercised free of charge, however, we reserve the right to charge an appropriate administrative fee where permitted by applicable law.
  • You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading.
  • You have the right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise, or defense of legal claims.
  • You have the right to object, to or to request restriction, of the processing;
  • You have the right to data portability in certain contexts. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller.
  • You have the right to object to profiling.
  • You have the right to withdraw your consent at any time, in circumstances where such consent was given by you. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular, if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • You also have a right to request certain details of the basis on which your Personal Data is transferred outside the European Economic Area, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality.
  • You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place of work or place of alleged infringement) at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.

8.2 You can exercise your rights by contacting us at [email protected]. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfill your request. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing and/or honoring your request. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law.

9. Minors

In the context of the use cases described in this Privacy Policy, we do not knowingly collect Personal Data from children under the age of sixteen (16). If you are under the age of sixteen (16), do not provide any Personal Data to us without the involvement of a parent or a guardian. In the event that we become aware of the Personal Data of children under the age of 16 in our Database, we will work to delete it. If you believe that we might have any such information, please contact us at [email protected].

10. Cookies and other web technologies 

When you access or use the Website, or interact with our Services, or, if a software we license to Hosting Platforms is being integrated, we may use “cookies” (or similar technologies), which store certain information on your device (i.e., locally stored) and which will allow us to provide certain services within the Website, or collect certain information as part of the Services. The use of cookies is a standard industry-wide practice. A “Cookie” is a small piece of information that a website assigns and stores on your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes such as allowing you to navigate between pages efficiently and making the interaction between you and our Services quicker and easier. 

We may permit third parties to use cookies or other technology to collect information about your online and application usage activities across our Services, this data may include Online Identifiers. 

We may link this automatically-collected data to other information we collect about you.  We may also combine this automatically collected log information with other information we collect about the services we offer you. 

We also use log files. The information stored in the log files includes internet protocol (IP) addresses, type of browser, Internet Service Provider (ISP), date/time stamp, referring/exit pages, clicked pages and any other information your browser may send to us. We use such information to analyze trends, administer the Website, track users’ movement around the Website.

11. Specific provisions applicable under California privacy law

11.1. CPRA Privacy Notice: If you are a California resident, we recommend you refer to our supplementing CPRA Privacy Statement.

11.2. Do Not Track Notice. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers, but we may allow third parties, such as companies that provide us with analytics tools, to collect Personal Information about Visitors and Web Users online activities over time.

11.3 Deletion of Content from California Residents. If you are a California resident under the age of 18, California Business and Professions Code Section 22581 permits you to remove content or personal information you have publicly posted. If you wish to remove such content or personal information and you specify which content or personal information you wish to be removed, we will do so in accordance with applicable law. Please be aware that after removal you may not be able to restore removed content. In addition, such removal does not ensure complete or comprehensive removal of the content or personal information you have posted and that there may be circumstances in which the law does not require us to enable the removal of content. 

11.4. Your Choices. You have certain choices about your Personal Information. Where you have consented to the processing of your Personal Information, you may withdraw that consent at any time and prevent further processing by contacting us as described in this Privacy Policy. Even if you opt-out, we may still collect and use non-Personal Information regarding your activities on our services and for other legal purposes as described above. While we cannot guarantee privacy perfection, we will address any requests to the best of our ability as soon as possible. We will process such requests in accordance with applicable laws. 


If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us at [email protected].