Privacy Policy

Last Updated: August 17, 2023

Hello! Orca Security Ltd., together with our affiliates and subsidiaries (together, “Orca”, “we”, “our”, or “us”) welcomes you to our website at orca.security (the “Website”), and any other website, portal, webinar or other services we may offer you from time to time in connection with our support or marketing activities (collectively, the “Sites“).

We respect your privacy. Therefore, we make every effort to ensure that our Sites adhere to the highest privacy standards. This Privacy Policy (the “Policy”) details how we may access, collect, use, store and share Personal Data (defined below) about you (“Visitor”, “User”, “you”), when you visit or interact with any of our Sites. Please read this Policy carefully, so you can fully understand:

This Policy complements and should be read in conjunction with our Website Terms of Use (the “Terms of Use”) and our Cookie Policy (the “Cookie Policy”). Any capitalized terms not defined herein shall have the meaning assigned to them in our Terms of Use and/or Cookie Policy. If you use Orca’s products and services, other privacy disclosures and information may apply. Nothing in this Policy is intended to limit in any way your statutory right, including your rights to a remedy or means of enforcement.

What information do we collect about you?

Personal Data or Personally Identifiable Information (PII), means information that identifies an individual or may, with reasonable efforts, enable the identification of an individual, or as otherwise defined by applicable laws.

We collect Personal Data from you and any device you may use, in the following scenarios: (i) when you actively and voluntarily provide it to us, (ii) when you interact with our Sites, and (iii) when other third parties provide it to us, as further described below.

I. Personal Data Actively Provided by You

We collect Personal Data about you when you actively share it with us through our Sites, such as:

  • Contact details: We collect contact details such as your full name, company, professional title, email and phone number when you actively submit such information through an online form on our Sites, such as the “Contact Us” or “Request a Demo” forms on our Website.
  • Content, Comments & Feedback: We collect comments and feedback you provide us through our Sites and any social media websites, platforms or apps and through events operated by us. For example, you may provide us with content when you participate in our events.
  • Marketing Information: We collect your preferences for receiving communications about our events, newsletters, webinars, etc., including details about how you engage with our marketing communications.
  • Job Candidate Information: We welcome qualified candidates to apply to any of the open positions posted on our Website or other social platforms by sending us contact details and CVs (“Candidate Information”). We are committed to keeping Candidate Information private and will use it solely for our internal recruitment purposes, which we manage on a third-party recruitment platform.

II. Personal Data that We Collect Automatically When You Use our Sites.

We collect information about you and any devices you use while browsing and interacting with our Sites.

  • Usage Information: We may collect data about how you interact with and use features in our Sites. This information may include what links you have clicked on and what videos you have watched, etc. When we collect user analytics, we use techniques that hash, filter or otherwise scrub Personal Data in order to exclude information that might identify you or your organization.
  • Device and Connectivity Information: We may collect information about the devices you use to access the Sites. This device information may include your connection type and settings, your operating system, browser type, IP address, URLs of referring/exit pages and device identifiers.
  • Cookies and Other Tracking Technologies: Orca and our third-party service providers, such as our analytics vendors, use cookies and other tracking technologies, such as web beacons, device identifiers and pixels, to provide service functionality and to authenticate you across different services and devices. Please see our Cookie Policy, which includes information on how to control or opt out of these cookies and tracking technologies.

III. Personal Data that We Receive from Third Parties

We may receive your information from other Visitors, Users, third-party services, social media and public databases.

  • Information Referrals Provide About You: We may receive your name, company and email address from a referral when they have the opportunity to refer a friend, a contact, or otherwise when your employer is inviting you to participate in one of our events.
  • Third-Party Service Providers: Subject to applicable laws, we may receive information about you from third-party service providers of marketing, advertising, business information and social media, such as your job title, email, phone number, social media profile, for the purposes of advertising our services, personalized communications and event promotion.

We may combine the information we collect through the different means described above in order to update and improve our records, identify new customers and suggest services that may be of interest to you.

How we use the information we collect and our legal basis for Personal Data processing

The use of the information we collect depends on which Sites you use, how you use them, how you interact with us, and any preferences you have communicated to us. Under applicable data protection laws (such as the GDPR, CCPA/CPRA and others), companies must have a legal basis to process Personal Data. We rely on a different legal basis to process your Personal Data for various purposes, as described below:

I. Processing necessary to perform our contract with you

We process Personal Data as necessary to conclude and perform our contract with you, which is our Site’s Terms of Use. The categories of Personal Data used and why and how they are processed are set out below:

Why and How We Process Your Personal DataData Categories Used
  • To generally operate the Sites, customize and improve your experience, we:
    • Collect information for troubleshooting, diagnostics and debugging.
    • Collect and aggregate metrics to monitor Site performance, reliability, and efficiency.
    • Test out new Site features to see if they work and undertake experimentation to evaluate the impact of new features.
  • To ensure the safety, security, and integrity of our Sites, we:
    • Verify visitors’ activity to detect, prevent, and respond to potential or actual security incidents.
    • Investigate and address any deceptive, fraudulent, or illegal activity, including violations of our Sites policies.
  • Provide support and respond to your requests by:
    • Processing requests for support.
    • Responding to your requests, such as when you submit a request to schedule a demo.
    • Responding to messages that you submit through our Sites.
  • Contact details
  • Content, Comments & Feedback
  • Your use of the Sites
  • Device and Connectivity Information
  • Cookies and Other Tracking Technologies

II. Your Consent

We process Personal Data for the purposes described below when you have given us your consent. The categories of Personal Data used, why and how it’s processed are set out below:

Why and How We Process Your Personal DataData Categories Used
  • Place customer case studies on our Sites:
    • We may publish customer case studies to promote our Services and our Sites, subject to your permission.
  • Contact details
  • Content, Comments & Feedback
  • To market, promote and drive engagement with the Sites:
    • We, our service providers and third-party advertising partners may use your contact and usage information (such as cookies) to send promotional communications that may be of specific interest to you, including by email and by displaying Orca ads on other companies’ websites and applications.  You can control whether you receive direct communications as described below under “Unsubscribe from communications.”
  • Contact details
  • Device and Connectivity Information
  • Cookies and Other Tracking Technologies

If you have consented to our use of information about you for a specific purpose, you have the right to withdraw your consent at any time, but this will not affect any processing that has already taken place. To exercise your rights, see the “How you can access and control your personal data” section below.

III. Compliance With A Legal Obligation

We process Personal Data to comply with a legal obligation, including, for example, to access, preserve or disclose certain information if there is a valid legal request. Please note that new laws may be enacted, or other obligations may become binding on our processing.

Why and How We Process Your Personal DataData Categories Used
  • Compliance with Enforcement Requests and Applicable Laws
    • In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, including, for example, to access, preserve or disclose certain information if there is a valid legal request from a regulator, law enforcement or others.
  • Contact details
  • Content, Comments & Feedback
  • Your use of the Sites
  • Device and Connectivity Information
  • Cookies and Other Tracking Technologies

IV. Protection Of Your Vital Interests Or Those Of Another Person

Why and How we Process Your Personal DataData Categories Used
  • For protecting your vital interests or those of another person.
    • We may use your Personal Data to protect our customers or the public from harm or illegal activities, or respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
  • Contact details
  •      Content, Comments & Feedback
  • Your use of the Sites
  • Device and Connectivity Information
  • Cookies and Other Tracking Technologies

V. Legitimate Interests

We rely on our legitimate interests or the legitimate interests of a third party, such as our users, where they are not outweighed by your interests or fundamental rights and freedoms (“legitimate interests“):

Why and How We Process Your Personal DataData Categories Used
  • To protect our legitimate business interests and legal rights, we:
    • use information about you in connection with legal claims, compliance, regulatory, law enforcement and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
    • enforce our agreements, policies and terms of service, protect the security or integrity of our Sites, products and services.
  • Contact details
  • Content, Comments & Feedback
  • Your use of the Sites
  • Device and Connectivity Information
  • Cookies and Other Tracking Technologies

We may anonymize and aggregate information about you, in a way that we are unable to identify you as an individual user (“Anonymous Information”). We may use Anonymous Information and/or disclose it to third parties without restrictions.

How we share your Personal Data

Sharing with third parties

We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Sites.

  • Service Providers: We work with third-party service providers to provide Sites development, hosting, maintenance, backup, storage, analysis and other services for us, which may require them to access or use information about you.  If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including appropriate security and confidentiality procedures.
  • Links to Third-Party Sites: The Sites may include links that direct you to other websites or services whose privacy practices may differ from ours. If you submit information to any of those third-party sites, your information is governed by their privacy policies, not this one. We encourage you to carefully read the privacy policy of any website you visit.
  • Third-Party Widgets: Some of our Sites contain widgets and social media features, such as the Twitter “tweet” button or Facebook “like” button. These widgets and features may collect your IP address, which page you are visiting on the Sites, and may set a cookie to enable the feature to function properly. Widgets and social media features are either hosted by a third-party or hosted directly on our Sites. You should always check the privacy settings and notices in these third-party services to understand how those third-parties may use your information.  To learn more please refer to our Cookie Notice.
  • With your consent: We share information about you with third parties when you give us consent to do so.  For example, we often display case studies and testimonials of satisfied customers on our Website. With your consent, we may post your name alongside the testimonial.

Sharing with affiliated companies

We share information we collect with affiliated companies and, in some cases, with prospective affiliates.  Affiliated companies are companies owned or operated by us.  The protections of this privacy policy apply to the information we share in these circumstances.

  • Orca Security Companies: We share information we have about you with other Orca Security corporate affiliates in order to operate and improve the Sites, products and services and to offer other Orca-affiliated services to you.

Business Transfers: We may share or transfer information we collect under this privacy policy in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the Services if a transaction takes place, as well as any choices you may have regarding your information.

How we store, secure and retain Personal Data

Information storage and security

We use industry-standard technical and organizational measures to secure the information we store. However, please note that we cannot guarantee that the information will not be compromised as a result of unauthorized penetration to our servers.

How long we keep Information

How long we keep the information we collect about you depends on the type of information, as described in further detail below.  After such a time, we will either delete or de-identify your information.

  • Marketing Information: We retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last responded to an email from us or submitted an online form.  We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created (read more in our Cookie Notice).
  • Job Candidate Information: We retain Candidate Information so we can re-consider candidates for other suitable positions and opportunities at Orca; so we can use the Candidate Information as a reference for future applications, and in case the candidate is hired, for additional employment and business purposes related to their employment with us.

Please note, in some circumstances, we may store your Personal Data for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. We have an internal data retention policy to ensure that we do not retain your Personal Data perpetually.

How we transfer information we collect internationally

  • Internal transfers: Transfers within the Orca affiliates will be covered by an internal processing agreement entered by members of the Orca Group (an intra-group agreement), which contractually obligates each member to ensure that Personal Data receives an adequate and consistent level of protection when transferred.
  • Access from Israel: Access to Personal Data from Israel is covered by the European Commission’s Adequacy Decision regarding Israel.

You can read more here: Adequacy decisions | European Commission.

  • External transfers: When we transfer your Personal Data outside of the EU/EEA, for example, to third parties who help us provide our products and services, we will obtain adequate contractual commitments from them to protect your Personal Data and in accordance with the applicable data privacy laws.

When we receive requests for information from law enforcement or regulators, we carefully validate these requests before any Personal Data is disclosed.

How you can access and control your Personal Data

Privacy rights. Depending on your location and your residence, you could be entitled to submit the following requests about your Personal Data in accordance with the  governing data protection laws and regulations.

  • Access and update your information: You may request that we provide you with information about our processing of your Personal Data and give you access to your Personal Data. You may request that we update or correct inaccuracies in your personal information.
  • Data portability: Data portability is the ability to obtain some of your information in a format you can move from one service provider to another. Depending on the context, this may apply to information that you submit on our Sites.
  • Request that we stop the use of your information: In some cases, you may request that we restrict the processing (including sharing) of your personal information.
  • Request that we delete your data: In some cases, you may request that we delete your personal data. Where the data is no longer necessary in relation to the purpose for which it was collected/processed. In some circumstances in which we are required to retain your Personal Data in order to comply with our legal obligations etc.
  • Opt out of marketing communications: You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us as provided below to have your contact information removed from our promotional email list or registration database.  Even after you opt-out from receiving promotional messages from us, you will continue to receive transactional messages and other non-marketing communications from us regarding our Services.
  • Send “Do Not Track” Signals: Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the DNT signal, our Services do not currently respond to browser DNT signals. You can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving marketing from us as described above.
  • Additional Disclosures for California Residents: California Consumer Privacy Act (as amended by the California Privacy Rights Act) requires businesses to disclose whether they sell or share Personal Data. As a business covered by the CCPA, Orca does not sell Personal Data. We may share Personal Data with third-party advertisers as set above. In addition, we may allow third parties to collect Personal Data from our sites or services if those third parties are authorized service providers who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Data if you wish to opt-out please go to (Do not sell my information).Your Rights: If we maintain personal information about you that is subject to CCPA, you may exercise certain rights in connection with this data if you are a California resident.
    • Right to Know California residents have the right to request that we disclose certain information about our collection and use of your personal information over the past twelve months (“Right to Know”).  Once we receive and confirm your verifiable consumer request, we will disclose to you:
      • The categories of personal information we collected about you.
      • The categories of sources for the personal information we collected about you.
      • The categories of personal information that we have disclosed for a business or commercial purpose.
      • Our business or commercial purposes for collecting, selling, or sharing personal information.
      • The categories of third parties with whom we share or disclose that personal information.
      • The specific pieces of personal information we collected about you (i.e., a data portability request).
    • Right to Delete
      California residents have the right to request that we delete the personal information that we collected from you and retain, subject to certain exceptions (“Right to Delete”). Once we receive and verify your request, we will delete (and direct our service providers/contractors to delete) your personal information from our records, unless an exception applies.
    • Right to Correct
      California residents have the right to correct or amend the personal information we have on file (“Right to Correct”). You may correct or amend by logging into your account or by contacting us using the information below.
    • Right to Opt-Out of Sale or Sharing
      The CCPA provides California residents with the right to opt-out of the “sale” or “sharing” of their personal information (“Right to Opt Out”).
    • Right to Limit the Use of Your Sensitive Personal Information
      The CCPA provides California residents with the right to limit the use of their “sensitive personal information” to the purposes outlined in Cal. Code Regs. tit. 11, § 7027(m) of the CCPA regulations.
    • Right to Non-discrimination
      The CCPA provides California residents with the right not to receive discriminatory treatment for the exercise of their privacy rights conferred by the CCPA. We will not discriminate against you for exercising any of your CCPA rights.
    • Shine the Light Law In addition to the CCPA, California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes.

Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep.  Where you have asked us to share data with third parties, for example, by installing third-party apps, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.

If you wish to exercise your rights, you can contact us by submitting an inquiry or request via the following two methods:

  • Submitting an inquiry to  privacy@orca.security.
  • Sending a physical inquiry to Orca Security Ltd.3 Tushia St., Tel Aviv, Israel, 6721803

How do we protect children’s privacy

We do not offer our Sites, products or services for use by children, and therefore, we do not knowingly or intentionally collect personal data from and/or about children under the age of eighteen (18). If you are under the age of eighteen (18), do not provide any personal data to us without the involvement of a parent or a guardian. For the purposes of the GDPR, we do not intend to offer information or services directly to children. In the event that we become aware that you provide personal data in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at privacy@orca.security.

General Information

Updates to this Privacy Policy

This Privacy Policy is subject to changes from time to time at our sole discretion. The most current version will always be posted on our Services (as reflected in the “Last Revised” heading). You are advised to check for updates regularly. We will provide notice of substantial changes to this Privacy Policy on the homepage of the Services, and/or we will send you an email regarding such changes to the email address that you may have provided to us. Such substantial changes will take effect seven (7) days after such notice was provided on our Services or sent by email. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of the Services after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.

If you have any questions, concerns, or complaints regarding our compliance with this notice and the data protection laws, we encourage you to first contact us at: privacy@orca.security.