Privacy Policy

Privacy at Enigma

Date of Last Update: July 1, 2024

We at Enigma (“we,” “us,” or “our”) understand that you care about protecting your information. This privacy policy (“Privacy Policy”) explains how Enigma collects, shares, and protects information about companies and individuals that may include your information. This includes the information we collect when you visit our website, www.enigma.com, or purchase and/or use our services (“Services”), as well as the information we collect to enable our Services. When you visit our website and use our Services, you agree to this Privacy Policy.

Use of our website or Services is governed by our Terms of Service. Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in our Terms of Service.

Applicability – Legal Entities

For purposes of this Privacy Policy, “Enigma” includes Enigma Technologies, Inc., a Delaware corporation, and its affiliates.

Our Purpose for Collecting Information
Enigma collects information to provide business intelligence products to our customers. Our Services primarily enable our customers to better understand who their existing and prospective customers are, verify the identity, health, and risk profile of third party companies, improve their sales and marketing outreach to existing and prospective customers, meet their compliance and regulatory obligations, and manage their financial and operational risks.

Enigma also collects information to provide customer support, maintain and improve our website and Services, solicit your feedback, and inform you about new Services or changes to existing Services.

Some of the information collected and provided may be considered personal information under applicable privacy laws, and the information is described in greater detail below.

The Information We Collect:  What We Collect and How We Collect It
In general, Enigma collects information regarding U.S. businesses and users of our website and Services. The information we collect is (a) provided directly by you through visits to our website, use of our Services, or engagement with our marketing or sales activities, (b) acquired or licensed from third-party data providers, and/or (c) government record, public domain, and other publicly available information.

The specific categories of information Enigma collects, and their sources, are described below.

  • Information About U.S. Businesses:  Through publicly available information, such as government records, and licensed data from third-party data providers, Enigma collects information about U.S. companies, such as their business name, business aliases, business addresses, business phone numbers, corporate registrations, registered agents and other associated persons,  business email addresses, and other business contact information, revenue and transaction information, and other business-related information. More information about our business data can be found in product documentation.
  • Information You Provide Through Our Website:  When you visit our website, we automatically collect certain information that, on its own, cannot be used to identify you. Examples of such information include IP address, browser type and language, referring and exit pages and URLs, the particular pages of our website that you visit and the time spent on each, and similar information concerning your use of the website. We also collect “cookies” - small data files that a website stores on the hard drive of your computer or mobile device to “remember” information about your visit. If you do not want us to place a cookie on your hard drive, you may be able to turn that feature off on your computer or mobile device. Please consult your Internet browser’s documentation for information on how to do this and how to delete persistent cookies. Please note, however, that if you decide not to accept cookies from us, our website and/or Services may not function properly.
  • Personal Information You Provide Through Our Website:  When you engage with our website by, for example, choosing to contact us, you may be asked to provide additional information, such as your name and email address. When you provide this information, Enigma may link it to the information we collect automatically through our website (described above).
  • Personal Information You Provide Through Your User Account:  To purchase and/or use our Services, including both free and paid Services, you may be required to create a User Account. Upon creation of a User Account, Enigma collects certain account-level information, including your name, email address, your organization name, and a password. As with the rest of our website, Enigma will automatically collect information associated with any subsequent use of your User Account, such as features used, billable events, IP address, and other account-related and logging information.
  • Payment Information:  To purchase our Services, you may be required to submit credit card and other payment information (e.g., billing zip code). This information is collected and processed by our third-party payment processor operating as our agent (See, Onward Transfers to Third-Party Service Providers). Enigma does not obtain or store your full payment information.
  • Information You Provide Through Using Our Services: If you use Enigma Services, we may also obtain information directly from you in connection with your use of the Services (e.g., through searches, queries, or requests for matching business information). Our use of such data in general includes use of the data as needed to provide services to the customer providing it, providing customer service, maintaining required audit records for legal, financial, and operational controls, and improving our products and services. Notwithstanding our use of such data in general, our use of data obtained in this way from you is subject to applicable service agreement(s) between you and us, including personal information data processing agreements as applicable.
  • Personal Information You Provide Through Marketing or Sales Activities:  Enigma may collect your personal information, including name, company, and email address, when you engage with marketing activities, such as subscribing to company updates or alerts or downloading a white paper. Enigma may collect similar information through sales activities, such as phone conferences or meetings.
  • Personal Information Accessible Through Third-Party Providers: If you register for the Services and grant Enigma access to accounts you have with third-party providers (e.g., data brokers, third party partners, co-branding/marketing partners, service providers), including providers of social networking services (“Third-Party Providers”), we may receive personal information that you provided to such Third-Party Providers, or information that is posted on your accounts with them which is viewable on or through the Services, subject to the privacy policies of such Third-Party Providers and privacy settings you have chosen in your accounts with them. If applicable, by granting us access to your Third-Party Provider accounts, you are authorizing Enigma to collect, store, and use, in accordance with this Privacy Policy, any and all information that you have authorized the Third-Party Provider to provide to Enigma.

How We Use and Disclose Your Information
Enigma collects the categories of information described above to operate our website and Services, including delivering intelligence on U.S. businesses to customers, providing business-to-business contact information for sales and marketing purposes, responding to user inquiries, providing customer service, performing administrative functions, and personalizing your user experience.  Enigma also uses and discloses personal information as further described in this section.

Third-Party Analytics and Remarketing: We use one or more third–party analytics services to evaluate your use our website and the Services, compile reports on activity (based on their collection of IP addresses, Internet service provider, browser type, operating system and language, referring and exit pages and URLs, data and time, amount of time spent on particular pages, what sections of the website you visit, number of links clicked while on the website, search terms and other similar usage data), and analyze performance metrics. These third-party vendors may combine this data across multiple sites to improve analytics for their own purpose and others. For example, we use Google Analytics on our website to help us understand how users interact with our website; you can learn how Google collects and uses information at www.google.com/policies/privacy/partners. Additionally, these third parties use cookies and other technologies to help analyze and provide us with the data. By visiting our website, and accessing and using the Services, you consent to the processing of data about you by these analytics providers in the manner and for the purposes set out in this Privacy Policy.

We also use one or more third-party marketing services to advertise on third-party websites. These third-party marketing service providers may use cookies to serve ads. For example, we use Demandbase in connection with our advertising activity; you can learn more about Demandbase by reviewing their privacy notice and more about opting out from third party ad cookies here: https://optout.aboutads.info/. Any data collected by such third-party marketing service providers will, to the extent relating to our website and Services, be used in accordance with this Privacy Policy and, in general, the privacy policy of such third-party marketing services provider.

We disclose personal information with your consent, or as we determine necessary to provide Services or complete your transactions and requests. In addition, we may disclose each of the categories of personal information described in The Information We Collect: What We Collect and How We Collect It section above, to the types of third parties described below, for the following business purposes:

  • Disclosures to Customers: Because we license business data to our customers as part of our products and Services, this may include information that is considered personal information under applicable privacy laws. While our focus is on business information, certain types of information, including business-to-business contact information, may be considered personal information under applicable privacy laws. In such a case, fulfillment of such products and Services may necessitate or constitute a disclosure of personal information to our customers, and depending on applicable privacy laws, may also be considered a sale or sharing of personal information under such laws. More information about our business data that we license can be found in product documentation.
  • Sharing of Aggregate Data:  We may analyze the information you provide through our website and Services in aggregate form in order to operate, maintain, manage, and improve the site and Services. This aggregate information does not identify you personally. We may share this aggregate data with agents and business partners. We may also disclose aggregated user statistics in order to describe our Services to current and prospective business partners and other third parties for other lawful purposes. In addition, we may provide aggregated statistical collective user information to our partners so that they understand how often people use specific components of our Services.
  • Onward Transfer to Third-Party Service Providers:  Like many businesses, we contract with other companies to perform certain business-related services. We may disclose information, including personal information in some cases, to certain types of third-party companies, to the extent needed to enable them to provide such services, including, without limitation, monitoring and analyzing website activity, operations and marketing assistance, hosting provider, and payment processing. We may also disclose your information, including any personal information, to any of our parent companies, subsidiaries, joint ventures, or other companies under common control with us in order to support delivery of our products and Services.
  • Business Transfers: In the event of a merger, dissolution, or similar corporate event or the sale of all or substantially all of our assets, we expect that the information that we have collected and/or received, including personal information, would be transferred to the surviving entity in a merger or to the acquiring entity.  All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal information as set forth in this Privacy Policy.
  • Disclosures to Public Authorities: In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation, including, but not limited to, in response to court orders and subpoenas.

Your Rights, Choice, and Control of Personal Information
Access, portability, correction, and deletion. If you wish to access, correct, or delete personal information about you that we hold, you can make a request by e-mailing privacy@enigma.com or sending a request to Enigma Technologies, Inc. at 217 Centre Street, Suite 124, New York, NY 10013, ATTN: Legal.

Notice at Collection: At or before the time of collection, you have a right to receive notice of our practices, including the categories of personal information to be collected, the purposes for which such information is collected or used, including whether such information is sold or shared, and how long such information is retained. You can find those details in this Privacy Policy by clicking on the above links.

Opt-Out for Direct Marketing: You may opt out at any time from the use of your personal information for direct marketing purposes by e-mailing the instructions to this email address: privacy@enigma.com or by clicking on the “unsubscribe” link located on the bottom of any Enigma marketing email.  Please allow us a reasonable time to process your request. Please also note that we may continue to send you transactional or service-related e-mails despite your desire not to receive promotional or marketing related e-mails.

Right to Know: You may have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information. Note that we have provided much of this information in this Privacy Policy. You may make such a “request to know” by e-mailing privacy@enigma.com or sending a request to Enigma Technologies, Inc. at 217 Centre Street, Suite 124, New York, NY 10013, ATTN: Legal.

Rights to Request Correction or Deletion: You may have the right to request that we correct inaccurate personal information and that we delete personal information under certain circumstances, subject to a number of exceptions. Depending on the circumstances and nature of a correction request, we may offer to delete personal information rather than correct it. You may make a request to correct or delete by e-mailing privacy@enigma.com or sending a request to Enigma Technologies, Inc. at 217 Centre Street, Suite 124, New York, NY 10013, ATTN: Legal.

Right to Opt-Out / “Do Not Sell or Share My Personal Information”: You may have a right to opt-out from future “sales” or “sharing” of personal information as those terms are defined under applicable privacy laws. Some of these laws define “sell,” and “share” very broadly, and some of our data disclosures described in this Privacy Policy may be considered a “sale” or “sharing” under those definitions.

In particular, we may include personal information in certain of the products and services we license to our customers so they can obtain insights about businesses and individuals associated with the businesses. While our focus is on business information, certain types of information, including business-to-business contact information, may be considered personal information under applicable privacy laws. These categories of personal information are described in “The Information We Collect:  What We Collect and How We Collect It” section above, under the “Information about Businesses” category.  Disclosure information is further described in the “How We Use and Disclose Your Information” section above, under the “Disclosures to Customers” category.

If you do not want us to “sell” or “share” personal information about you to our customers and other third parties, please visit our Do Not Share or Sell My Personal Information webpage. If you opt-out using these choices, we will not share or make available such personal information in ways that are considered a “sale” or “sharing” under applicable law. However, we may continue to make available to our service providers some personal information to help us perform customer support, payment processing, analytics, and other business functions on our and our customers’ behalf. Further, using these choices may not opt you out of the use of previously “sold” or “shared” personal information or stop all solicitations, marketing communications or advertising.

You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf including for some of the rights described in this section. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.

Further, to provide, correct, or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. We will verify your request by asking you to send it from the email address associated with your information or requiring you to provide additional information necessary to verify your identity.

You will not be discriminated against for exercising the rights noted in this section.

Information Security
Enigma takes commercially reasonable security measures to protect personal information from unauthorized access and disclosure. These measures include the implementation of reasonable technical, physical, and administrative data security safeguards that are consistent with our business operations and industry standards.

While we take reasonable precautions, no method of internet transmission or electronic storage is 100% secure or error-free. We therefore cannot guarantee your information’s absolute security and encourage you to take special care in deciding what information you send to us via e-mail or other electronic means.

Retention of Personal Information
We will retain your personal information in a form that identifies you for as long as it serves the purposes for which it was initially collected as stated in this Privacy Policy or subsequently authorized. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Links to External Websites
Our website and the Services may contain links to third-party websites ("External Sites"). Enigma has no control over the privacy practices of these External Sites. As such, we are not responsible for the privacy policies of those External Sites. You should check the applicable third-party privacy policy and terms of use when visiting any External Sites, and before providing any personal information to such External Sites.

Children
We do not knowingly collect any personal information from children under the age of sixteen through our website and the Services. If you are under the age of sixteen, please do not give us any personal information. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce our Privacy Policy by instructing their children never to provide personal information to us without their permission. If you have reason to believe that a child under the age of sixteen has provided personal information to us, please contact us at privacy@enigma.com, and we will endeavor to delete that information from our databases.

Consent to Transfer
It is important to note that our website, the Services, and their servers are operated in the United States. If you are located outside of the United States, please be aware that any information provided to or collected by us, including personal information, will be transferred from your country of origin to the United States. Your decision to provide such data to us, or allow us to collect such data through our website and Services, constitutes your consent to this data transfer.

Additional Notices About Our Practices
California’s “Shine the Light” law permits residents who have provided personal information to certain businesses to request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes.  We do not disclose personal information to any third parties for their direct marketing purposes as defined by this law.   Some browsers include a "Do Not Track" (DNT) setting that can send a signal to the websites you visit indicating you do not wish to be tracked. There is not a common understanding of how to interpret the DNT signal; therefore, our website does not respond to browser DNT signals.

Changes to this Privacy Policy
This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time and will post any changes on our website and the Services as soon as they go into effect. By accessing our website and/or the Services after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please refer to this Privacy Policy on a regular basis.

Questions or Concerns
If you have any questions, complaints, or concerns regarding privacy at Enigma, please send us a detailed message to privacy@enigma.com or to Enigma Technologies, Inc. at 217 Centre Street, Suite 124, New York, NY 10013, ATTN: Legal. Your privacy is important to us, and we will make every effort to resolve your concerns.

SECURITY

Security Overview

Enigma utilizes Amazon's top-tier secure cloud services.

Enigma’s DaaS (Data as a Service) solution is utilizing top-tier secure cloud services provided by Amazon Web Services (AWS).

We take our customers’ trust seriously.

Enigma is trusted by multiple Fortune 500 companies across various industries and some of the country’s largest financial institutions. Our security program is built to exceed their highest security requirements.

Data Security

Data transport

At Enigma, sensitive information is transported over the internet or other public communications only if it is encrypted in transit. Communications between customer and Enigma are encrypted using transport layer security (TLS) encryption for web communication sessions. Enigma regularly updates TLS configuration to ensure only secure encryption ciphers are in use.

Enriching customer data with Enigma's attributes is secure and easy with the console's(link:https://console.enigma.com) secure file exchange feature. Users can upload data using a common file format and securely transmit it through their web browser directly to Enigma's servers. As with other communications, this system uses HTTPS (TLSv1.2+) to ensure the contents are encrypted in transit. Additionally, all files are subject to a scan for malware and viruses. Once on Enigma servers, the data is stored in our SOC 2-compliant production environment with a defense-in-depth strategy including strict access logs and regular audits of all relevant infrastructure.

Encryption-at-rest

All Enigma server storage is encrypted-at-rest, including any metadata, application data and virtual disks the Enigma servers at AWS use to operate.

People

All Enigma employees undergo background checks upon hiring and participate in our security training program.

Security training program

At Enigma, we incorporate security not just as a core feature of our technology, but also as a cornerstone of our company culture. All Engima employees receive security training upon hire and regularly thereafter. Employees have easy access to communication with security to handle any security questions or concerns as they arise.

Software Security

Pen-tests

Enigma’s SaaS applications undergo routine annual penetration tests by third-party security firms. Enigma’s underlying infrastructure is augmented by Amazon AWS’s own independent compliance and security testing, and 24/7 monitoring of security-related events by dedicated teams.

Monitoring & auditing

Enigma has an extensive ongoing security and monitoring in place for its hosted application, including ongoing vulnerability scanning and Intrusion Detection System monitoring of the hosted environment.

Enigma’s security team is alerted to the presence of any anomalies when accessing internal infrastructure, such as including identification of suspicious signs such as failed login attempts, logins from unknown and off-premise IP addresses or logins during off-hours.

Enigma's Responsibilities

  • Safeguard your data once you upload it to Enigma
  • Ensure up-to-date encryption ciphers are used to protect customer data
  • Scan and test our web application and infrastructure for vulnerabilities and resolve any issues
  • Make sure our service is operating properly
  • Keep up with industry best practices regarding security
  • Inform you of any security incidents that might affect your organization

Customer's Responsibilities

  • Keeping Enigma API keys and credentials safe and not sharing them
  • Making sure devices you use Enigma with are up-to-date, safe to use and free of malware, etc
  • Training your staff on cybersecurity awareness and best practices
  • Inform Enigma of any security incidents, issues or concerns related to using Enigma

Reporting security incidents

If you suspect a security issue or anyone in your organization's Enigma account may have been compromised, please contact Enigma support at security@enigma.com.

If you are a security researcher who has potentially discovered a security weakness or vulnerability in Enigma's systems, please send an email to security@enigma.com with information and we will provide information on secure responsible disclosure.

Also feel free to e-mail us if you have any questions.