U.S. Privacy Notice
Last Revised: January 1st, 2026
This U.S. Privacy Notice (the "Notice") is adopted by Coalfire Systems, Inc. (collectively with its subsidiaries,("Coalfire," "we," "us," or "our") to comply with applicable U.S. consumer privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, "CCPA") and other comprehensive state privacy laws where applicable (collectively, "State Privacy Laws").
This Notice supplements the information contained in the Privacy Notice published by Coalfire at www.coalfire.com (the "Website") and applies to residents of the U.S. with applicable comprehensive consumer privacy laws who browse our Website or voluntarily provide Coalfire with contact information to receive content or marketing communications (each a "consumer" or "you").
I. INFORMATION WE COLLECT
Coalfire collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (collectively, "Personal Information" or "Personal Data").
We collect the following categories of Personal Information:
| Category | Examples |
|---|---|
| A. Identifiers | Real name, alias, unique personal identifier, online identifier, IP address, email address, account name, or other similar identifiers. |
| B. Personal Information Categories (Cal. Civ. Code § 1798.80(e)) | Name, signature, address, telephone number. Some information in this category may overlap with other categories. |
| C. Commercial Information | Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
| D. Internet or Network Activity | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. |
| E. Geolocation Data | Physical location or movements (non-precise unless you consent). |
| F. Inferences | Inferences drawn from any of the above to create a profile reflecting preferences, characteristics, behavior, or attitudes. |
Sensitive Personal Information. We do not intentionally collect sensitive personal information (such as government identifiers, precise geolocation, racial or ethnic origin, religious beliefs, health information, sexual orientation, or genetic data) through our Website. In the event we collect sensitive personal information, we will obtain your consent prior to processing where required by applicable law and will provide you with the right to limit its use to purposes necessary to provide services you request. If you voluntarily provide sensitive personal information to us without our request, you consent to our processing of such information as permitted by applicable law, and we reserve the right to delete such information at our sole discretion.
Sources of Personal Information. We obtain Personal Information from:
- Directly from you (e.g., forms, surveys, account registration)
- Indirectly from you (e.g., observing your actions on our Website via cookies and similar technologies)
- Third-party service providers
Personal Information does not include:
- Publicly available information from government records
- Deidentified or aggregated consumer information
- Information covered by HIPAA, CMIA, GLBA, FCRA, DPPA, or other sector-specific laws
II. USE OF PERSONAL INFORMATION
We use Personal Information for the following business purposes:
- To fulfill or meet the reason you provided the information
- To respond to requests for information, including service quotes and content
- To register you for Coalfire promotional materials and events
- To contact you for marketing, advertising, and sales purposes
- To respond to questions and feedback
- To provide, support, personalize, and develop our Website and services
- To create, maintain, customize, and secure your account
- To help maintain the safety, security, and integrity of our Website, products, services, and technology assets
- For testing, research, analysis, and product development
- To respond to law enforcement requests and as required by applicable law
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of Coalfire's assets
- To comply with the law or protect the rights, property, or safety of Coalfire, our users, or others
We will not collect additional categories of Personal Information or use the Personal Information we collect for materially different, unrelated, or incompatible purposes without providing you notice.
Data Minimization. We limit our collection of Personal Information to what is reasonably necessary and proportionate to provide the services you request or for another disclosed purpose.
III. DISCLOSURES OF PERSONAL INFORMATION
We may disclose your Personal Information to the following categories of third parties for the business purposes described above:
- Service providers and processors
- Attorneys and other professional advisors
- Potential buyers of Coalfire and acquisition targets
- As required by law, regulation, or court order
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for business purposes:
- Identifiers
- California Customer Records personal information categories
- Internet or other similar network activity
IV. HOW LONG WE RETAIN PERSONAL INFORMATION
We retain Personal Information for as long as reasonably necessary to carry out the purposes described in this Notice. We may also retain Personal Information as we determine, in our sole discretion, to be necessary or advisable to: (i) exercise, establish, or defend our legal rights; (ii) comply with applicable legal, regulatory, or contractual obligations; (iii) resolve disputes; (iv) enforce our agreements; or (v) support any business or legal purpose. When Personal Information is no longer required for these purposes, we delete or anonymize it in accordance with our internal data retention policies.
V. SALES AND SHARING OF PERSONAL INFORMATION
We do not sell Personal Information. We have not sold Personal Information in the preceding twelve (12) months, as "sale" is defined under applicable law.
Sharing for Cross-Context Behavioral Advertising. We may share Personal Information with third-party advertising partners for purposes of cross-context behavioral advertising, as "share" is defined under applicable law. In the preceding twelve (12) months, we have shared the following categories of Personal Information for cross-context behavioral advertising purposes:
Identifiers (e.g., IP address, online identifiers, cookie IDs)
Internet or other similar network activity (e.g., browsing history, interactions with our Website)
You have the right to opt out of this sharing.
Without limiting the foregoing, we do not sell or share the Personal Information, including the sensitive Personal Information, of minors under age 16.
VI. YOUR PRIVACY RIGHTS
Depending on your state of residence, you may have some or all of the following rights:
- Right to Know/Access: Request disclosure of the categories and specific pieces of Personal Information we have collected about you, the sources, purposes, and third parties with whom we share it.
- Right to Delete: Request deletion of Personal Information we have collected from you, subject to certain exceptions.
- Right to Correct: Request correction of inaccurate Personal Information.
- Right to Data Portability: Obtain a copy of your Personal Information in a portable, readily usable format.
- Right to Opt-Out of Sale: Opt out of the sale of your Personal Information. (We do not sell Personal Information.)
- Right to Opt-Out of Sharing/Targeted Advertising: Opt out of sharing for cross-context behavioral advertising or targeted advertising.
- Right to Opt-Out of Profiling: Opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. Coalfire does not engage in profiling that produces legal or similarly significant effects concerning consumers.
- Right to Limit Use of Sensitive Personal Information: Limit our use of sensitive Personal Information to what is necessary to provide services.
- Right to Non-Discrimination: Exercise your rights without discriminatory treatment.
- Right to Appeal: Appeal our decision if we decline your request.
VII. HOW TO EXERCISE YOUR RIGHTS
To submit a request, contact us by:
- Email: privacy@coalfire.com
- Toll-Free Telephone: (877) 224-8077
- Postal Mail: Coalfire Systems, Inc., Attn: Privacy c/o Legal, 330 N Wabash Ave, Suite 1430, Chicago, IL 60611
Verification. We will verify your identity before processing your request. You must provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Information (or an authorized representative). We may request your email address, state of residency, or other information to verify your identity.
Authorized Agents. You may designate an authorized agent to submit requests on your behalf. We may require:
- Written, signed permission from you
- A power of attorney (where applicable)
- Direct verification of your identity
Response Timing. We will respond to verifiable requests within 45 days (extendable by an additional 45 days if reasonably necessary, with notice).
We do not charge a fee for processing requests unless they are excessive, repetitive, or manifestly unfounded.
VIII. RIGHT TO APPEAL
If we decline your privacy request in whole or in part, you have the right to appeal our decision. To appeal, contact us at privacy@coalfire.com with the subject line "Privacy Request Appeal" within 60 days of receiving our response.
We will respond to your appeal within 45 to 60 days, depending on your state of residence. If we deny your appeal, we will provide information on how to contact your state's Attorney General or other applicable regulatory authority.
IX. OPT-OUT PREFERENCE SIGNALS
We honor opt-out preference signals, including the Global Privacy Control (GPC). When we detect a GPC signal from your browser, we will treat it as a valid request to opt out of the sale or sharing of your Personal Information and targeted advertising for that browser and device.
For more information about GPC, visit: https://globalprivacycontrol.org
X. CHILDREN'S PRIVACY
Our Website is not directed to individuals under 16 years of age. We do not knowingly collect Personal Information from children under 16. If we learn we have collected Personal Information from a child under 16, we will delete that information.
XI. CALIFORNIA-SPECIFIC DISCLOSURES
Shine the Light. California Civil Code § 1798.83 permits California residents to request information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. We do not disclose Personal Information to third parties for their direct marketing purposes.
Financial Incentives. We do not offer financial incentives or price differences in exchange for the retention or sale of Personal Information.
XII. CHANGES TO THIS NOTICE
We may update this Notice from time to time. When we make material changes, we will post the updated Notice on our Website and update the "Effective Date" above. Your continued use of our Website after posting constitutes your acceptance of such changes.
XIII. CONTACT INFORMATION
If you have questions about this Notice or wish to exercise your privacy rights, contact us at:
Email: privacy@coalfire.com
Toll-Free Telephone: (877) 224-8077
Website: www.coalfire.com
Postal Address:
Coalfire Systems, Inc.
Attn: Privacy c/o Legal
330 N Wabash Ave, Suite 1430
Chicago, IL 60611