Privacy Policy for Checkbox (IoT Device Vulnerability Scanning Application)
Last Updated: 02/01/2024
Welcome to Checkbox, an IoT device vulnerability scanning application (referred to as the "Checkbox", "Service," or "Application"). Your privacy and security are important to us. This Privacy Policy explains how we collect, use, and protect your personal and device information which you may provide us (or we may otherwise collect) when you download, install, register with, access, or use the Checkbox software application for mobile devices.
In addition, when you carry out vulnerability scanning on your IoT devices, it is possible that our scanning engine may have access to personal information concerning you. This Privacy Policy outlines our practices concerning the collection, use, and disclosure of personal and non-personal information when you use Checkbox and the services provided through it.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Definition of terms
- Personal data: any information relating to an identified or identifiable natural person.
- Data Subject: an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or to one or more factors specific to that person.
- Data Controller: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
- Pseudonymization: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Information We Process
- Personal Data
- Account Information: email address
- Technical Information: IP addresses, MAC addresses
- Non-Personal data
- Device Information: Checkbox may collect and store information about your IoT devices, such as device names, software versions, and identified vulnerabilities.
- Account Information: When you create an account within Checkbox, we may collect your password, and other account-related details for authentication and account management purposes.
- Network Configuration: We may collect information about your network configuration, including router settings and firewall rules, to provide accurate vulnerability assessments.
- Usage Data: We may collect information about how you use Checkbox, including feature usage, interactions, and settings. This data helps us improve the Application's functionality and user experience.
- Log Data: Our servers may automatically log certain information when you use the Application, including browser type, referring/exit pages, and operating system.
- Scan Results: Our application may collect and store the results of penetration tests conducted on your IoT devices. These results may include vulnerabilities discovered, potential risks, and recommended actions.
How We Use Your Information
- Providing Services: We use the collected information to perform vulnerability assessments and penetration tests on your IoT devices and network, identifying potential vulnerabilities and risks and providing recommendations to improve security.
- Improving the Application: We analyze usage data to identify opportunities for improvement and develop new features that enhance the user experience.
- Communication: We may use your email address or mobile phone number to send you important updates, notifications, and information related to the Application's functionality or your account.
- Security and Research: We may analyze aggregated and anonymized data to improve cybersecurity research and security practices.
Information Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:
- Service Providers: We may use third-party service providers to help us deliver the Application's services. These providers are bound by confidentiality agreements and may only use your information to provide services to us.
- Pseudonymized Data: We may share aggregated and anonymized data with third parties for research, analysis, and security purposes.
- Legal Requirements: We may disclose your information if required by law or if we believe such an action is necessary to comply with legal obligations, protect our rights, or respond to a court order or legal process.
Your Choices
- Account Settings: You can review and modify your account information and settings within the Application.
- Permissions: You can manage permissions granted to the Application through your device's settings.
Data Retention
We retain your personal information only for as long as necessary to provide the services to you and as required by applicable laws.
Data Security
We employ industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. However, please be aware that no method of transmission over the Internet or electronic storage is 100% secure.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us at the Checkbox website.
By using the Application, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.