Privacy Policy

Checksum Labs, Inc., a Delaware corporation doing business as Fallible ("Company," "we," "us," or "our"), is the owner and operator of https://fallible.co (the "Website"), which provides security audit services (the "Services").

This Privacy Policy constitutes an integral part of our Terms of Service and is subject to the provisions thereof, including with respect to limitation of liability and governing law. We encourage you to read our Privacy Policy as part of your evaluation process and to review it when we notify you of changes.

What This Privacy Policy Covers

This Privacy Policy describes:

• What personally identifying information we collect
• How we use the information
• With whom we may share the information
• What choices are available to you regarding collection, use and distribution of the information
• What security procedures are in place to protect your information
• How you can correct any inaccuracies in the information
• Your rights regarding your personal information

What Information We Collect and How We Use It

Registration Information

To use our Services, you must complete our registration form. During registration, you may be required to provide:

• Name and contact information (first and last name, company name, address, email address, phone number)
• Job function and company details
• Website URLs and/or IP addresses for security testing
• Username and password

We use this information to:

• Verify ownership of servers, URLs, and IP addresses
• Perform security testing of your systems
• Contact you about Services you have requested
• Provide customer support

Payment Information

When you order Services, you must provide payment information (such as credit card details). This information is:

• Used solely for billing purposes according to your service agreement
• Stored in encrypted format
• Transmitted only over secure, encrypted connections
• Shared only with our payment processor for transaction processing
• Never viewed in full by our internal staff once submitted

Service Delivery Data

Our Services collect information about servers connected to the IPs or URLs you provide during registration. We:

• Verify your authority to request security testing
• Collect security vulnerability data only after you request it
• Allow you to start and stop data collection through your Account Settings
• Collect only information accessible from the internet or provided by you directly
• Do not install software on your systems

User Profile

We create user profiles from collected information and log files to customize your experience on our Website.

Cookies

We use cookies to:

• Store user preferences
• Improve our services
• Track usage trends and analytics

You can configure your browser to refuse cookies, but some features may not function properly. This policy covers only our use of cookies, not third-party cookies that may be placed by our service providers.

Log Files

We collect standard web server log information including:

• IP addresses
• Browser type and version
• Internet service provider
• Referring/exit pages
• Date/time stamps
• Click patterns

This information is used to analyze trends, administer the site, and gather demographic information. Log data is not linked to personally identifying information except for IPs and URLs you provide during registration for service delivery purposes.

Communications

We may retain communications you send to us to:

• Process inquiries and requests
• Respond to customer service issues
• Improve our services
• Send service-related announcements

How We Share Your Information

Aggregate Information

We may share aggregated, non-personally identifying demographic and security information with partners. This information cannot be used to identify individual users.

Limited Sharing of Personal Information

We do not sell or commercialize your personally identifying information. We may share your information only in these limited circumstances:

• With your consent - When you specifically request or permit such sharing
• Service providers - With contractors who help us provide Services, under strict confidentiality agreements
• Business transactions - With affiliated companies or potential acquirers in connection with mergers, acquisitions, or asset sales, under confidentiality agreements
• Legal compliance - To comply with applicable laws, court orders, or legal processes
• Protection of rights - To prevent illegal activities, fraud, or threats to safety, or to defend our legal rights
• Enforcement - To prevent violations of our Terms of Service or this Privacy Policy

Business Transitions

If we undergo a merger, acquisition, or sale of assets, your personally identifying information may be transferred as part of that transaction.

Your Rights and Choices

Access and Correction

You can access, correct, update, or request deletion of your personal information by contacting us at [email protected].

Account Deactivation

You may deactivate your account at any time. Upon deactivation, we will make reasonable efforts to remove your data from our active systems, though some information may remain in backups or archives for a limited time.

Service Communications

You cannot opt out of service-related announcements (such as maintenance notifications) as these are necessary for service delivery. You can deactivate your account to stop all communications.

Data Retention

We retain your personal information for as long as necessary to provide Services and fulfill the purposes outlined in this Privacy Policy, typically:

• Account information: Until account deletion plus 30 days for processing
• Payment information: As required by financial regulations (typically 7 years)
• Service data: Until account deletion plus 30 days for processing
• Log files: 12 months

International Data Processing

We process personal information on servers located in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction.

Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• SSL encryption for data transmission
• Encrypted storage of payment information
• Limited access to personal information on a need-to-know basis
• Regular security assessments of our systems

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

If you have questions about security, please contact [email protected].

Third-Party Links and Services

Our Website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party websites you visit.

We may use third-party service providers (such as analytics providers) who may collect information about your use of our Website. These third parties operate under their own privacy policies.

Children's Privacy

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and share
• Right to delete personal information we have collected from you
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at [email protected].

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our Website
• Sending notice to your registered email address
• Providing 30 days advance notice of material changes

Your continued use of our Services after changes become effective constitutes acceptance of the revised Privacy Policy.

Contact Information

If you have questions or concerns about this Privacy Policy, please contact us at: