Effective date: March 27, 2024

This Privacy Policy describes how CUJO LLC and each of its subsidiaries collect, use, and disclose personal data and what choices you have concerning such information. If you do not agree with the terms set therein, do not access or use our Services, websites, or any other aspect of CUJO’s business.

If you have any questions about the Policy, please send them to [email protected].

CUJO LLC is not responsible for the privacy or data security practices of our Customers and, with respect to Consumers’ personal data, acts as a Data processor.

If you have questions related to how our Customer utilizes your personal data, please contact them directly.

1. INTRODUCTION

The purpose of this Privacy Policy is to:

  1. explain how CUJO LLC and its subsidiaries (“CUJO”, “we”, “our”, or “us”) collect, use, store, protect, disclose, and share your personal information when you use any of our Services or/and Digital Resources (section 3 below), and
  2. inform you about your specific rights concerning your personal data (section 8 below).

This Policy is governed by Cujo’s Terms of Service (https://cujo.com/terms-of-service/ ). Capitalized terms that are not defined herein will have the meanings outlined in those Terms of Service.

Any information that is collected via our Services is covered by this Policy in effect at the time such information is collected. We may revise this Policy from time to time (as set in section 13 below).

All Data controllers and Data processors (if any) are responsible for the proper application of this Policy. CUJO maintains a log of the chain of custody PII processing (section 10).

This Policy covers information about the purpose of personal data collection and use (section 3), CUJO’s data protection officer (section 12), the business purpose and legal bases for processing, categories of personal data, information about data recipient(s), details of transfers to third countries, data protection controls, retention periods and criteria used to determine them, information about data subject’s rights (section 8), and the sources of the PII at issue (section 5).

To meet the European Union (“EU”) law requirements that PII transferred from the EU to the United States be adequately protected We do adhere to the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce (as set in section 8.A).

2. TERMS AND DEFINITIONS

“CCPA” means the California Consumer Privacy Act that took effect on January 1, 2020 and creates for California consumers new rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses;

“Customer” means an organization that is purchasing Services from CUJO for their end-users or their own needs only;

“Consumer” means an end-user whose IoT devices and digital life are protected by CUJO AI® products and solutions;

“Data controller” means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“Data processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Data controller;

“Data subject” is the individual the personal data relates to. Personal data can refer to a person’s name, his or her home address, publications on social networks and so forth;

“Digital resources” means collectively our branded social media pages, presentations of our products and Services, https://cujo.com, and other websites which we operate;

“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);

“Personal data” is defined as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“Personally Identifiable Information (PII)” means information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.;

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Services” means CUJO AI®-powered Digital Life Protection Services and Operational Intelligence and Network Analytics solutions described in https://cujo.com/solutions;

“Supervisory authority” means an independent public authority which is established by a Member State pursuant to GDPR Article 51;

Other terms and definitions used in this policy have the same meaning as in International standard ISO/IEC 27000:2018 “Information technology – Security techniques – Information security management systems – Overview and vocabulary”.

3. COLLECTION AND USE OF INFORMATION

The table below describes what data we collect, on what lawful basis, and to whom we disclose personal data.

CATEGORIES OF DATA

PURPOSE OF THE PROCESSING/USE

LAWFUL BASIS FOR PROCESSING

DISCLOSURE TO

Personally Identifiable Information (PII), such as your name, surname, email address, phone number, or LinkedIn profile

  • Provision of our Services
  • Enabling access to detailed and even customer-tailored Service/Product documentation, and/or
  • Engagement in product trials
  • Performance of contract or required proof prior to entry into contract (point (b), Art. 6(1), GDPR)
  • Data subject consent (point (a), art. 6(1), GDPR)
  • Legal obligation (point (c), art. 6(1), GDPR)
  • CUJO
  • Cloud platform providers and SaaS vendors (see section 10)
  • Professional advisors, such as lawyers, accountants, and auditors
  • Companies that operate Cookies and Tracking Technologies (see our Cookie Policy https://cujo.com/cookie-policy)
  • Other third parties that you have consented to the disclosure

Consumer’s Network/Device Identifiers, such as IPv4/IPv6 and/or MAC addresses, other IoT device identification, CUJO AI® platform-generated CUJO Agent IDs, or advertising identifiers

  • Provision of CUJO AI® Services or products
  • Engagement in product trial projects

Performance of contract or required proof prior to entry into contract (point

(b), Art. 6(1), GDPR)

  • CUJO
  • Cloud platform providers and SaaS vendors (see section 10)

Internet activity information and electronic device-specific identifiers

  • Provision of CUJO AI® Services or products
  • Engagement in product trial projects

Performance of contract or required proof prior to entry into contract (point (b), Art. 6(1), GDPR)

  • CUJO
  • Cloud platform providers and SaaS vendors (see section 10)

Customer

support audio records

Customer service

Performance of contract or required proof prior to entry into contract (point (b), Art. 6(1), GDPR)

  • CUJO
  • Relevant SaaS vendors (see section 10)

In addition to the above disclosures, we may share your personal data to respond to lawful requests by law enforcement or other government authorities, including to meet national security requirements. We may also de-identify, anonymize, or aggregate personal data to use or share with third parties for any purpose, where legally permitted.

Note that:

  1. we do not collect such sensitive personal data as race or ethnicity, medical, financial or well-being information.
  2. we may transfer or disclose the personal data we collect to third parties (see below Section 10 – Key sub-processors), such as the cloud platform providers for our CUJO AI® products, providers of identity management services, website hosting and management, data analysis, data backup, security and cloud storage vendors.
  3. the virtual servers powering and facilitating our IT infrastructure are in vendor-controlled secure data centers in the US and EU, and your personal data may be stored in any one of them.

4. PURPOSE OF PROCESSING

We may process your personal data for the following purposes:

PURPOSE OF PROCESSING

LAWFUL BASIS

To provide our Services and Digital Resources, including:

  • enabling you to access the Digital Resources and our Services;
  • operating, maintaining, and improving the Services and Digital Resources, and
  • communicating with you.
  • Legitimate interests,
  • Contract,
  • Legal obligations

For our own business purposes, including:

  • maintaining internal business records and conducting internal reporting;
  • performing accounting and similar business functions;
  • auditing and managing projects related to our Services and or the Digital Resources;
  • performing IT security management and IT-related tasks, such as administration of our IT infrastructure, technologies and network;
  • evaluating and improving our business processes and practices, Services and Digital Resources; and
  • performing research and development of new Services, and Digital Resources.
  • Legitimate interests,
  • Contract,
  • Legal obligations

For legal, safety, and/or security reasons, including:

  • complying with legal requirements;
  • establishing controls and exercising their testing to defend against legal claims;
  • protecting the safety, security, and integrity of our intellectual property and the rights of those who interact with us or others;
  • investigating any content or conduct policy violations; and
  • preventing, detecting, and responding to security incidents or other malicious, deceptive, fraudulent, or illegal activity.
  • Legitimate interests,
  • Contract,
  • Legal obligations
  • Public interest

For marketing our products and Services, including:

  • soliciting or publishing endorsements or feedback about our products and Services;
  • sending you marketing and promotional communications or notes about our Services;
  • facilitating your participation in our product marketing events

NOTE: You may opt out of our marketing communications.

  • Consent (where required by law),
  • Legitimate interests

When you have voluntarily agreed to have your personal data processed, for example when sending your CV in response to a vacancy advertised by us.

  • Consent

5. SOURCES OF PERSONAL DATA

  • Information you provide to us directly, including when you send us a message by use of our Digital Assets (https://cujo.com/contacts/ ), visit our offices in person or participate in our events, marketing, and outreach activities.
  • Information collected from your employer, coworker, or your Internet Connectivity Service (ISP) provider.
  • Information automatically collected, including technical information about your interactions with our digital life protection products and services such as IPv4/IPv6 addresses and Media Access Code (MAC) address, and browsing/search history). More information is available in our Cookie Policy (https://cujo.com/cookie-policy ).
  • Information from other third parties, including information from third-party service and cloud platform providers, entities with whom we partner to sell or promote our products and services, and social media networks such as LinkedIn.

We may combine information that we receive from the various sources described in this Policy, including third-party sources and public sources, and use or disclose it for the purposes identified above.

6. TRACKING TECHNOLOGIES

The personal data of our website visitors is collected in a way that does not directly identify anyone. For more information please see our Cookie Policy page (https://cujo.com/cookie-policy/ ).

7. SECURITY AND RETENTION

We maintain appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, disclosure, alteration, or use, including but not limited to those contributing to our duly accredited ISO 27001:2018 certification:

  • adherence to the secure coding principles,
  • masking personal data in accordance with CUJO’s topic-specific policies and considering applicable legislation,
  • monitoring our networks, systems, and applications for anomalous behavior and taking actions to evaluate potential information security incidents,
  • preventing data leakage, and
  • deleting information stored in our information systems, devices, and any other storage when no longer required,

We store your data in an encrypted state and only to the extent required to fulfill the purposes stated in this document. The retention period depends on legal requirements and/or the duration of the contractual relationship.

8. YOUR RIGHTS

IF YOU ARE A CALIFORNIA RESIDENT

The California Consumer Privacy Act (CCPA) grants you the following rights:

  1. The Right to Know: You can request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources for that personal information, the purposes for which we use that information, and the categories of third parties with whom we disclose the information.
  2. The Right to Delete: You have the right to request us to delete personal information collected from you (with some exceptions).
  3. The Right to Opt-Out: You have the right to opt-out of the sale or sharing of your personal information.
  4. The Right to Non-Discrimination: You have the right to non-discrimination for exercising your CCPA rights.
  5. The Right to Correct: As of January 1, 2023, you have the right to correct inaccurate personal information that we have about you.
  6. The Right to Limit Use and Disclosure: As of January 1, 2023, you have the right to limit the use and disclosure of sensitive personal information collected about you, for example, your employment information.

California consumers may make a request pursuant to their rights under the CCPA by contacting us at [email protected] or by submitting their Data Subject Request online. We will verify your request using the information associated with your account, including the email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf. Authorized agents must submit proof of authorization.

IF YOU ARE A RESIDENT OF THE EUROPEAN ECONOMIC AREA OR THE UNITED KINGDOM

If you’re a resident of the European Economic Area (EEA) or the United Kingdom (UK), you have several rights under the General Data Protection Regulation (GDPR):

  1. The Right to Be Informed: You have the right to obtain confirmation from us whether we are processing your personal data and related information.
  2. The Right of Access: You have the right to access your personal data.
  3. The Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to have it rectified.
  4. The Right to Erasure: Also known as ‘the right to be forgotten’, this allows you to request the deletion or removal of your personal data where there’s no compelling reason for its continued processing.
  5. The Right to Restrict Processing: Under certain circumstances, you can request the restriction or suppression of your personal data.
  6. The Right to Data Portability: This allows you to obtain from us and reuse your personal data for your own purposes across different services.
  7. The Right to Object: You have the right to object to the processing of your personal data in certain circumstances.
  8. Rights in Relation to Automated Decision-Making and Profiling: You have the right not to be subject to a decision when it’s based on automated processing, and it produces a legal effect or a similarly significant effect on you.
  9. Right to Lodge a Complaint. You have the right to lodge a complaint with an appropriate supervisory authority (see section 8.A). In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, we commit to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

If you work or reside in a country that is a member of the European Union or that is in the EEA, you may find the contact details for your appropriate data protection authority on the following website. If you are a resident of the United Kingdom you may contact the UK supervisory authority, the Information Commissioner’s Office.

You also, under certain conditions, can invoke binding arbitration as CUJO is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to your organization and following the procedures and subject to conditions set forth in Annex I of Principles. For more information: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction 

8.A ENFORCEMENT AND DISPUTE RESOLUTION

CUJO complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce and is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). For more information: https://www.dataprivacyframework.gov/framework-article/7%E2%80%93RECOURSE-ENFORCEMENT-AND-LIABILITY

CUJO has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, CUJO commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, CUJO commits to resolve DPF Principles-related complaints about our collection and use of your personal information.  EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact CUJO at: [email protected].

Please be aware that for your benefit there is also an alternative dispute resolution provider that is designated to address complaints and provide appropriate recourse free of charge to you as an affected individual (section 8.A).

9. AGE LIMITATIONS

Our websites and Services are not directed to children under the age of 16, and we do not knowingly collect online personal data directly from children. If you are a parent or guardian of a minor child and believe that the child has disclosed online personal data to us, please contact us using the details provided in section 12 below.

10. KEY SUB-PROCESSORS

CUJO uses a limited number of third-party service providers to assist us in processing data for certain purposes. These third-party providers help support certain website features, perform cloud platform security monitoring and other technical operations, assist with the transmission of data, and provide secure data storage services. These third parties may process or store personal data while providing their services. CUJO maintains contracts with all these third parties restricting their access, use and disclosure of personal data in compliance with our obligations under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, including the onward transfer provisions, and CUJO remains liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.

Amazon Web Services, Inc

AWS cloud computing and storage platform for the CUJO AI® services

Microsoft Corporation

Azure access management services

File hosting service, SharePoint and O356 apps

Atlassian Pty Ltd

Cloud-based wiki platform for engineering documentation and work ticketing and tracking system

Slack Technologies LLC

Cloud-based communication platform used internally and for communicating with the Customers

WPEngine, Inc

WordPress web content management system for our cujo.com website

11. EXTERNAL WEBSITES

Our websites may be linked to or from third-party websites. We have not reviewed, do not control, and are not responsible for the content or privacy practices employed by websites that are linked to or from our websites. We do not assume responsibility for any of these sites, their content, or their privacy policies. We do not endorse third-party websites or make any warranties about any information, software, or other products or materials you may find there, or any results that may be obtained from using them.

You should consult such third parties and their respective privacy policies for more information or if you have any questions about their practices.

12. CONTACT INFORMATION

12.1 CONTACTING CUJO

Please feel free to contact us if you have any questions about this Privacy Policy or CUJO’s personal data protection practices, or if you are seeking to exercise any of your statutory rights. CUJO will respond within a timeframe that is compliant with all applicable regulations. You may contact us at [email protected] or at our mailing address below:

CUJO LLC

‍Attn: Data Privacy Officer

440 N Barranca Ave #2856

Covina CA 91723

USA

12.2 CONTACTING DISPUTE RESOLUTION PROVIDER

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, CUJO commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to the American Arbitration Association – International Center for Dispute Resolution (“AAA-ICDR”), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.adr.org/Support for more information or to file a complaint. The services of the AAA-ICDR are provided at no cost to you.

13. CHANGES AND VERSION CONTROL

We may modify this Privacy Policy from time to time, and updated privacy statements will be posted on Our website when amendments occur. We encourage you to review this Privacy Policy when you visit to obtain the most current statement. if you do not agree with any changes we make, you should stop interacting with us.


Subject access request

If you wish to submit a subject access request, please submit the form below:

    Cookie Policy

    To find out how we use cookies on this site, visit the Cookie Policy page.