Privacy

Frontegg privacy policy

Terms of services

Last Revised: September 10, 2025

1. Introduction and scope of this privacy policy

Frontegg Ltd. (Registration No. 516093548) (“Frontegg”, “we”, “us”, “our” or “Company”) provides a cloud-based user management platform for B2B SaaS (“Platform”). The Platform provides companies with services which include fundamental authentication flows, complex organizational structures (multi-tenancy), fine-grained authorization, API-token management, self-service admin portal for end-users, subscription enforcement, single-sign-on (SSO), and more (“Services”).

This privacy policy and notice (“Privacy Policy”) describes how Frontegg collect, use and process Personal Data (as such term defined below), including the needed disclosure and information about the types of Personal Data collected, why we collect your Personal Data and the purposes for which we will use it, how long we will retain it, with whom we share it, what are your applicable right regarding your Personal Data, and how you can exercise them.

This Privacy Policy applies to our data collection and privacy practice in connection with:

Any individuals, including representatives of prospects and potential business partners, who access and use our website, available at: https://frontegg.com/ or other digital assets under our domain, including your interest in or use of our Services, business transactions, conferences or when you visit our website or any marketing landing pages (respectively “Website” and “Prospects”);
Customers that access and use the Services through the Customer account (“Customer”), however, specifically excludes any data processed by Frontegg in its role as a data processor (or a comparable role such as a “service provider” or “holder” in certain jurisdictions), on behalf of our Customers and are subject to executing a Data Processing Agreement between Frontegg and the Customer;
Authorized users, employees or contractors, using and accessing the Services or on behalf of a Customer (“Authorized User”).

Customer, Authorized User and Prospect shall be, collectively and separately, referred herein as “you”.

ANY PERSONAL DATA YOU PROVIDE IS MADE AT YOUR FREE WILL AND CONSENT (WHERE REQUIRED UNDER APPLICABLE DATA PROTECTION LAWS), AND YOU ACKNOWLEDGE THAT YOU ARE NOT UNDER ANY STATUTORY OBLIGATION TO PROVIDE PERSONAL DATA TO FRONTEGG. However, we must collect or receive some Personal Data to provide the Service, and if you will not provide us with such Personal Data, we will not be able to fulfill certain purposes, for example, provide certain Services or enable use of certain features – all as described under Section 3 below – “Personal Data Processed and the Purpose of Processing” which details the purposes for which each Personal Data set is collected. This Privacy Policy further includes or incorporates specific information required under applicable data protection laws for residents of certain jurisdictions, among others:

If you are a located in the EEA or UK – this Privacy Policy further details our lawful basis for processing Personal Data, information regarding cross border data transfer and your rights, as well as additional information we are required to disclose to you under the EU and the UK General Data Protection Regulations (collectively “GDPR”).

If you are a California resident – please also review our CCPA Privacy Notice which serves as a Notice at Collection as required under the California Privacy Rights Act (“CCPA”) and further details the categories of information collected and additional information regarding our privacy practices, including your rights.

Additional Information to certain United States Residents (including, for example and without limitations, Colorado, Connecticut, Virginia and Utah) – please also review Section 13 of this Privacy Policy “Jurisdiction Specific Notices” to learn more about our privacy practices and your rights under these territories.

2. Contact information and data controller information

For the purposes of GDPR and other applicable privacy laws, Frontegg is a data controller (as defined under the GDPR) and the database owner as defined under Israeli privacy protection law (both an owner and controller shall be defined herein as a “Controller”) in relation to the Personal Data, described in this Privacy Policy. This excludes data related to employees or job applicants, for which separate privacy policies are maintained. If you are a candidate, please review our Candidates Privacy Policy available at: https://frontegg.com/candidates

As a Controller, we are responsible for determining the purposes and means of processing your Personal Data, implementing appropriate measures to secure the Personal Data we store, and, where applicable, enabling you to exercise your rights. For any question, inquiry or concern related to this Privacy Policy or the processing of your Personal Data, you may contact as follows:

By email: privacy@frontegg.com
By mail: Jabotinsky St. 7, Ramat Gan, Israel

3. Personal data processed and the purpose of processing

We may collect two types of information from you, depending on your interaction with us:

The first type of information is non-identifiable and anonymous information (“Non- Personal Data”). We are not aware of the identity of the individual from who we have collected the Non-Personal Data and cannot link between the data and the individual with reasonable means. Non-Personal Data which is being gathered consists of technical information, and may contain, among other things, the type of operating system and type of browser, type of device, your action in the website or Services (such as session duration) – all is considered as Non-Personal Data when collected on an aggregate basis, or otherwise not combined with any identifiers. We may further process and anonymize data in a manner that the data will be Non-Personal Data.

The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Data”).

For the avoidance of doubt, any Non-Personal Data connected or linked to Personal Data shall be deemed as Personal Data as long as such connection or linkage exists. We may collect different categories of Personal Data, depending on the nature of your interaction with us, our Website and Services. Below we detail the Personal Data we collect and how and for which purposes we process and use your Personal Data, as well as our lawful basis for processing (subject to the GDPR, if applicable).

Type of Personal Data	Purposes of Processing	Legal Basis under the GDPR
Prospect Data
Online Identifiers and Website Engagement Data: When you interact with the Website, we may collect your online identifiers, such as Internet Protocol (IP) address, Cookie ID, user agent, and other unique identifiers (“Online Identifiers”). Online Identifiers, such as IP address, are further used to generate certain information, for example, extract your approximate location (e.g., country and Zip). Further, when you access the Website or interact with it, we may further collect information related to your interactions, including session durations time and date stamp, the content viewed on the Website, user- interface click, crash data, language preferences, etc. We may further use tools on the Website which provides us with information and insights regarding your Website interactions such as business intelligence tools that may identify your business organization’s IP referring URL (that is, the webpage or advertising campaign directing you to the Website, and other similar business’ websites you visited in the session (“Website Engagement Data”). If the Website Engagement Data is associated with an Online Identifier it is processed by us as Personal Data.	Online Identifiers and Website Engagement Data are used for the following purposes: For analytic purposes and to enhance and improve our Services, and the way we offer them, etc. For example, we process this data to understand how Prospects use our website or the most viewed content, to improve the way we present such content. To promote, advertise, and market the Website and Services, including through targeted advertisements (which are influenced by your cookie settings and preferences) on the Website or third-party platforms across the internet. This also involves measuring the effectiveness of certain ads we use, tracking conversions, building targeted audiences, and remarketing our Services to individuals who have interacted with the Website. To ensure the operation and proper functionality of the Website, as well as for security and fraud prevention, debugging, and resolving technical issues.	Online Identifiers and Website Engagement Data used for analytics and marketing purposes, through targeting and marketing cookies, will be processed based on your consent, which we will obtain through our cookie preference management tool available on the Website. Online Identifiers collected through cookies that are essential for the basic and proper operation of the Website, including for strict security purposes, will be processed based on our legitimate interest. You may withdraw consent at any time by using the cookie preference tool, or by managing opt-out through your browser or device. See Section 4 of this Privacy Policy “Cookies and Tracking Technologies” for additional information.
Contact Information and Contact Communications Data: If you contact us with inquiries through an online form available on the website (such as the contact us and support pages), by email, by chat, any online form, or by any other means, or if you sign up to receive marketing communications, book a demo, or register for a webinar, you will be asked to provide your contact information. This may include your name, telephone number, email address or business email address, organization, and position, depending on your interaction with us (“Contact Information”). Additionally, we may collect your Contact Information from third-party aggregators that provide contact and business information and intelligence for marketing and sales promotions, as well as similar sources. Furthermore, when we communicate with you via email, phone, or other means, we will process and store these communications, including email correspondence and, where applicable, call and meeting recordings (with your consent, as required by applicable laws). We may also process data related to these communications, such as interactions with email communications (e.g., access time and date) (“Communications Data”).	Contact Information and Communications Data are used for the following purposes (as applicable to our interactions): To respond to your inquiries or request, including, as applicable, to arrange meetings, provide instructions or access to a demo or webinar you have registered for, and to facilitate your access. To send you the marketing materials, informational content, or newsletters that you have subscribed to receive. To contact you or send you marketing material related to our Services in which you have expressed interest, including promotions such as free trials, new features, additional offerings, and special opportunities (“Direct Marketing”). Additionally, subject to applicable laws, to reach out to you to explore potential business opportunities and offer information about our Services that we believe may interest you based on your organizational role. To promote, improve and enhance our sales and marketing efforts. To maintain internal records of our communications, if deemed necessary, for example, in the event of any actual, potential, or threatened claim or dispute, to comply with our obligations under applicable laws, or to have internal records of such compliance, and to provide you with further assistance as needed.	Processing Contact Information and Communications Data to reponed to your inquiries or requests, or to send information you have voluntarily subscribed to receive, is based on your consent. Processing Contact Information and Communications Data for our unsolicited marketing campaigns, including Direct Marketing, is based on our legitimate interests. Processing Contact Information and Communications Data to improve our marketing efforts and for internal records keeping, is based on our legitimate interests. You have the right to withdraw your consent at any time. You may further opt-out from our marketing communications by using the “unsubscribe” or other option we provide within the body of the message.
AI Tools – Chatbot: As part of the Services, Frontegg offers an AI-powered chat within the Website (“Chat AI”) which generates automated responses to Prospects’ inquiries. The responses generated by the Chat AI are not under Frontegg’s control and Frontegg is not responsible for any content generated by the Chat AI (“Output”) or uploaded to the Chat AI (“Prompts”). The Outputs are provided based on the Prompts and are meant to be used solely for convenience, operations, and informational purposes only and do not constitute advice or recommendations.	We process the information provided through Chat AI for the following purposes: To provide you with the requested service and support needed, including to provide additional assistance where requested. To communicate with you and to enhance the function of the Website and our Services.	Processing the information provided through the Chat AI in order to provide responses to your inquiries is based on our legitimate interest.
Customers
Customer Account – Admin Account Information: In order to use our Services, our Customers will need to initially create an account for their admin (“Admin”) by providing such Admin information to us (through registration or otherwise directly to us to create the account). For such purpose, Customer will provide with the Admin’s information such as name, company name, email address, login credentials. Additional account data the Customer may provide at its discretion include phone number, job title, profile picture, and other similar contact information (“Admin Account Data”).	Admin Account Data is used for the following purposes: To create and designate the account, authenticate and validate access, and enable login, access, and use of the Services. To provide Customers with necessary service, operational, or transactional information related to our engagement (e.g., billing and invoicing, technical updates, etc.). For Direct Marketing purposes (as defined above), meaning that as our Customer or their representative, we may send you marketing-related communications (via email or other contact details you have provided), materials, and content about the Services you are currently using or any future services we may offer, to keep you informed and promote our Services. Processing Admin	Processing Admin Account Data for the purpose of account creation and validation, enable log- in and for transactional or operational messages is based on contract necessity. Processing Admin Account Data for Direct Marketing purposes is based on our legitimate interest. You can opt-out at any time using the “unsubscribe” option within the body of the message. Please note that if you choose to unsubscribe from our Direct Marketing, we will still retain your contact details and send you service-related emails, such as invoices.
Contact Information and Communications with Our Customer Support: When our Customer or any of its representatives contacts us for customer support, we will collect and retain records of the representative’s contact information, which may include their name, email address, phone number, organization name, and position. We will also keep records of our communications, which may include email correspondence, chat interactions, and call recordings (with consent obtained where required by applicable laws).	We process the information provided through communications with our customer support for the following purposes: To provide you with the requested service and support needed, including to provide additional assistance where requested. To have internal records to evidence the support was provided or in the event we find needed subject to any potential, actual or threatened claim or dispute with us. To improve our Services, analyze our customer support efforts, for quality monitoring, training and compliance purposes.	Processing the information provided through communications with our customer support to provide the required support services is based on contract necessity. Processing the information provided through communications with our customer support for our internal records and service improvement, is based on our legitimate interest. Call recordings will be processed based on your consent. You have the right to withdraw consent at any time.
Service Usage Data: When you use our Services, information regarding such use is automatically generated and collected, which may include the click stream within the Services, the use of the Services (i.e., accessed or used by Customer) and the time spent on those pages or features, crash data and analytics, login data, etc. These session recordings record how you interact with the Services. We log crashes, interaction with the Services, how often you use the Services, how long you are on the Services, etc. (Collectively “Usage Data”)	We process Usage Data for the following purposes: To secure our Services, detect potential threats or fraudulent activities, and for operational and debugging purposes, such as resolving technical errors. To analyze how our Services are used in order to enhance and improve them. To enforce our policies and agreements related to the use of our Services, maintain internal records as evidence of the Services provided or used, if necessary, in the event of any potential, actual, or threatened claim or dispute with us, and to comply with applicable laws or security standards.	Processing Usage Data is based on our legitimate interest.

Type of
Personal Data

Purposes of
Processing

Legal Basis under
the GDPR

Prospect Data

Online Identifiers and Website Engagement Data: When you interact with the Website, we may collect your online identifiers, such as Internet Protocol (IP) address, Cookie ID, user agent, and other unique identifiers (“Online Identifiers”).

Online Identifiers, such as IP address, are further used to generate certain information, for example, extract your approximate location (e.g., country and Zip).

Further, when you access the Website or interact with it, we may further collect information related to your interactions, including session durations time and date stamp, the content viewed on the Website, user- interface click, crash data, language preferences, etc. We may further use tools on the Website which provides us with information and insights regarding your Website interactions such as business intelligence tools that may identify your business organization’s IP referring URL (that is, the webpage or advertising campaign directing you to the Website, and other similar business’ websites you visited in the session (“Website Engagement Data”). If the Website Engagement Data is associated with an Online Identifier it is processed by us as Personal Data.

Online Identifiers and Website Engagement Data are used for the following purposes:

For analytic purposes and to enhance and improve our Services, and the way we offer them, etc. For example, we process this data to understand how Prospects use our website or the most viewed content, to improve the way we present such content.
To promote, advertise, and market the Website and Services, including through targeted advertisements (which are influenced by your cookie settings and preferences) on the Website or third-party platforms across the internet. This also involves measuring the effectiveness of certain ads we use, tracking conversions, building targeted audiences, and remarketing our Services to individuals who have interacted with the Website.
To ensure the operation and proper functionality of the Website, as well as for security and fraud prevention, debugging, and resolving technical issues.

Online Identifiers and Website Engagement Data used for analytics and marketing purposes, through targeting and marketing cookies, will be processed based on your consent, which we will obtain through our cookie preference management tool available on the Website.

Online Identifiers collected through cookies that are essential for the basic and proper operation of the Website, including for strict security purposes, will be processed based on our legitimate interest.

You may withdraw consent at any time by using the cookie preference tool, or by managing opt-out through your browser or device. See Section 4 of this Privacy Policy “Cookies and Tracking Technologies” for additional information.

Contact Information and Contact Communications Data:

If you contact us with inquiries through an online form available on the website (such as the contact us and support pages), by email, by chat, any online form, or by any other means, or if you sign up to receive marketing communications, book a demo, or register for a webinar, you will be asked to provide your contact information. This may include your name, telephone number, email address or business email address, organization, and position, depending on your interaction with us (“Contact Information”).

Additionally, we may collect your Contact Information from third-party aggregators that provide contact and business information and intelligence for marketing and sales promotions, as well as similar sources.

Furthermore, when we communicate with you via email, phone, or other means, we will process and store these communications, including email correspondence and, where applicable, call and meeting recordings (with your consent, as required by applicable laws). We may also process data related to these communications, such as interactions with email communications (e.g., access time and date) (“Communications Data”).

Contact Information and Communications Data are used for the following purposes (as applicable to our interactions):

To respond to your inquiries or request, including, as applicable, to arrange meetings, provide instructions or access to a demo or webinar you have registered for, and to facilitate your access.
To send you the marketing materials, informational content, or newsletters that you have subscribed to receive.
To contact you or send you marketing material related to our Services in which you have expressed interest, including promotions such as free trials, new features, additional offerings, and special opportunities (“Direct Marketing”). Additionally, subject to applicable laws, to reach out to you to explore potential business opportunities and offer information about our Services that we believe may interest you based on your organizational role.
To promote, improve and enhance our sales and marketing efforts.
To maintain internal records of our communications, if deemed necessary, for example, in the event of any actual, potential, or threatened claim or dispute, to comply with our obligations under applicable laws, or to have internal records of such compliance, and to provide you with further assistance as needed.

Processing Contact Information and Communications Data to reponed to your inquiries or requests, or to send information you have voluntarily subscribed to receive, is based on your consent.

Processing Contact Information and Communications Data for our unsolicited marketing campaigns, including Direct Marketing, is based on our legitimate interests.

Processing Contact Information and Communications Data to improve our marketing efforts and for internal records keeping, is based on our legitimate interests.

You have the right to withdraw your consent at any time. You may further opt-out from our marketing communications by using the “unsubscribe” or other option we provide within the body of the message.

AI Tools – Chatbot:

As part of the Services, Frontegg offers an AI-powered chat within the Website (“Chat AI”) which generates automated responses to Prospects’ inquiries. The responses generated by the Chat AI are not under Frontegg’s control and Frontegg is not responsible for any content generated by the Chat AI (“Output”) or uploaded to the Chat AI (“Prompts”). The Outputs are provided based on the Prompts and are meant to be used solely for convenience, operations, and informational purposes only and do not constitute advice or recommendations.

We process the information provided through Chat AI for the following purposes:

To provide you with the requested service and support needed, including to provide additional assistance where requested.
To communicate with you and to enhance the function of the Website and our Services.

Processing the information provided through the Chat AI in order to provide responses to your inquiries is based on our legitimate interest.

Customers

Customer Account – Admin Account Information:

In order to use our Services, our Customers will need to initially create an account for their admin (“Admin”) by providing such Admin information to us (through registration or otherwise directly to us to create the account).

For such purpose, Customer will provide with the Admin’s information such as name, company name, email address, login credentials. Additional account data the Customer may provide at its discretion include phone number, job title, profile picture, and other similar contact information (“Admin Account Data”).

Admin Account Data is used for the following purposes:

To create and designate the account, authenticate and validate access, and enable login, access, and use of the Services.
To provide Customers with necessary service, operational, or transactional information related to our engagement (e.g., billing and invoicing, technical updates, etc.).
For Direct Marketing purposes (as defined above), meaning that as our Customer or their representative, we may send you marketing-related communications (via email or other contact details you have provided), materials, and content about the Services you are currently using or any future services we may offer, to keep you informed and promote our Services. Processing Admin

Processing Admin Account Data for the purpose of account creation and validation, enable log- in and for transactional or operational messages is based on contract necessity.

Processing Admin Account Data for Direct Marketing purposes is based on our legitimate interest. You can opt-out at any time using the “unsubscribe” option within the body of the message.

Please note that if you choose to unsubscribe from our Direct Marketing, we will still retain your contact details and send you service-related emails, such as invoices.

Contact Information and Communications with Our Customer Support:

When our Customer or any of its representatives contacts us for customer support, we will collect and retain records of the representative’s contact information, which may include their name, email address, phone number, organization name, and position. We will also keep records of our communications, which may include email correspondence, chat interactions, and call recordings (with consent obtained where required by applicable laws).

We process the information provided through communications with our customer support for the following purposes:

To provide you with the requested service and support needed, including to provide additional assistance where requested.
To have internal records to evidence the support was provided or in the event we find needed subject to any potential, actual or threatened claim or dispute with us.
To improve our Services, analyze our customer support efforts, for quality monitoring, training and compliance purposes.

Processing the information provided through communications with our customer support to provide the required support services is based on contract necessity. Processing the information provided through communications with our customer support for our internal records and service improvement, is based on our legitimate interest.

Call recordings will be processed based on your consent. You have the right to withdraw consent at any time.

Service Usage Data:

When you use our Services, information regarding such use is automatically generated and collected, which may include the click stream within the Services, the use of the Services (i.e., accessed or used by Customer) and the time spent on those pages or features, crash data and analytics, login data, etc. These session recordings record how you interact with the Services. We log crashes, interaction with the Services, how often you use the Services, how long you are on the Services, etc. (Collectively “Usage Data”)

We process Usage Data for the following purposes:

To secure our Services, detect potential threats or fraudulent activities, and for operational and debugging purposes, such as resolving technical errors.
To analyze how our Services are used in order to enhance and improve them.
To enforce our policies and agreements related to the use of our Services, maintain internal records as evidence of the Services provided or used, if necessary, in the event of any potential, actual, or threatened claim or dispute with us, and to comply with applicable laws or security standards.

Processing Usage Data is based on our legitimate interest.

Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of Personal Data to third-party countries, as further detailed in Section 11 of this Privacy Policy “International Data Transfers (EU and UK Data Subjects)”, is based on the same lawful basis as stipulated in the table above.

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of our Services, and to enforce our terms of use and other policies, as well as to protect the security or integrity of our databases all systems, and to take precautions against legal liability. Such processing is based on our legitimate interests.

4. How we collect personal data

Depending on the nature of your interaction with Frontegg, we may collect Personal Data as follows:

Automatically – we may use cookies (as elaborated below) or similar tracking technologies to gather some information automatically when you interact with our Website or Services.
Provided by you voluntarily – we will collect Personal Data if and when you provide us with the information, such as when you contact us, etc.
Provided by third parties – such as third parties data aggregators, referrals, etc.

5. Cookies and tracking technologies

We use “cookies” (or similar tracking technologies such as tags and pixels) when you interact with the Website. The use of cookies is a standard industry-wide practice. Cookies and similar technologies are a small piece of information, text or code that a website assigns and stores on your computer or browser while you access a website. Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, for statistical purposes, for operation and security purposes, as well as for advertising purposes.

The information generally collected and stored by cookies includes Online Identifiers, Usage Data, and Usage Data (as defined under Section 3 of this Privacy Policy “Personal Data Processed and the Purpose of Processing”).

Such cookies and tracking technologies can be either placed by us (known as “first party cookies”), or by third parties such as our marketing partners, social media, analytic providers, etc. (known as “third party cookies”). In addition, the duration of such cookies and tracking technologies – meaning the period until such are deleted – can be either when you close your browser (known as “session cookies”) or longer periods according to their purpose and settings (known as “persistent cookies”).

Where we use third-party advertising cookies, such third-party may independently collect, through the use of such tracking technologies, some or all types of Personal Data detailed above, as well as additional data sets, including to combine such information with other information they have independently collected relating to your online activities across their network of websites, for the purpose of enhanced targeting functionality and delivering personalized ads, as well as providing aggregated analytics related to the performance of our advertising campaign you interacted with. These third parties collect and use this information under their own privacy policies and are responsible for their practices.

You can find more information about cookies here: www.allaboutcookies.org. List of cookies can be accessed through the cookie management platform embedded in the Website. You may change your cookies preference at any time, including, as applicable, withdraw consent or opt-out for the processing of Personal Data through cookies for certain purposes, by using our cookie setting tool available in our Website. Note that, certain cookies used for strict operation and security purposes are considered as “strictly necessary” and cannot be disabled.

In addition, most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You may set your browser to block all cookies, including cookies associated with our website, or to indicate when a cookie is being used by us, by adjusting the privacy and security settings of your web browser. Please refer to the support page of your browser to learn more about how you can adjust your privacy and security settings. Please note that once you choose to opt out or disable cookies, some features of our website may not operate properly, and your online experience may be limited.

6. Disclosure of personal data

We may disclose your Personal Data to third parties, including our affiliated companies (if we will have in the future), partners or service providers that help us manage our business operations or provide our Services. Below we provide information about the categories of such third-party recipients:

Trusted Agents and Service Providers – we may share all types of Personal Data as needed for the service provided, on a case-by-case basis. We employ other companies and individuals to perform functions and services on our behalf. Such third parties may include consultants, communication service providers, storage providers, analytic service providers, marketing and sales assistance, IT service providers or tools used to identify errors and crashes, customer relationship management services, etc. These third party service providers have access to Personal Data needed to perform their functions, but they are prohibited, through contractual obligations, from using your Personal Data for any purposes other than providing us with requested services.
Marketing Partners – we may share Online Identifiers and Usage Data. We may share Personal Data with marketing partners we engage with or use their tools and services for our digital marketing campaigns, including for targeted online advertising campaigns. These marketing partners may include social media partners or other marketing services which their cookies we place on our Website. These marketing partners may combine your Personal Data with other data they collect independently from your visits and interactions on other websites.
Affiliated Companies and Corporate Transactions – we may share all types of Personal Data as needed for the service provided, on a case-by-case. In the future, if we have affiliates, which include companies wholly or partially owned by Frontegg, as well as co-owned companies, we may share Personal Data with them for purposes such as sales and marketing, providing customer relationship services, etc.. Additionally, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation, or asset sale), we may also share Personal data.
Enforcement of our Rights, Security and Fraud Prevention & Law Enforcement – we may share all types of Personal Data as needed for the service provided, on a case-by-case. We may disclose certain Personal Data to law enforcement, governmental agencies, or authorized third parties, in order to comply with applicable laws or in response to a verified request or order. We may further disclose Personal Data to enforce our policies and agreements, as well as defend our rights, including the investigation of potential violations thereof, alleged illegal activity or any other activity that may expose us to legal liability, and solely to the extent required. In addition, we may disclose Personal Data to detect, prevent, or otherwise address fraud, security, or technical issues, solely to the extent required.

For avoidance of doubt, Frontegg may transfer and disclose or otherwise use Non-Personal Data or information which is linked to anonymous random identifiers or information that is aggregated in a non-identifiable way, at its own discretion.

7. Data subject rights

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your Personal Data. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to your Personal Data, you have the right to control and request certain limitations or rights to be executed. The principal rights that may apply to your Personal Data (subject to your jurisdiction and additional conditions) may include:

Right to be informed, right to know, and right to a list of specific third parties: You have the right to be provided with information regarding our Personal Data collection and privacy practices. You also have the right, at our option, to receive a list of the specific third parties to which we have disclosed either your Personal Data or any Personal Data.
Access rights, right to inspect your Personal Data: you have the the right to confirm whether we collect Personal Data about you and to know which Personal Data we specifically hold about you, as well as receive a copy of such or access it.
Right to portability: you have the right to obtain the Personal Data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. We will select the format in which we provide your copy.
Right to correction / rectification: you have the right to correct inaccuracies in your Personal Data in the event you found it incorrect, outdated, etc. (or otherwise request its deletion), considering the nature and purposes of each processing activity.
Right to be forgotten, right to deletion: you have the right to request the deletion of certain Personal Data we process, if specific conditions are met. For example, if you believe we no longer need the Personal Data for the purpose it was collected, if the collection was based on your consent, if we have used it unlawfully, or if we are legally obligated to delete your Personal Data. Deletion requests will be subject to our rights and obligations under applicable law, such as our legitimate interests in maintaining records, completing transactions, providing requested services, taking actions reasonably anticipated within the context of our ongoing business relationship with you, detecting security incidents, protecting against illegal activity, debugging, and exercising rights provided by law.
Right to withdraw consent, right to opt out from: (i) targeted advertising; (ii) “sale” of Personal Data; and (iii) profiling and automated decision making:
- Marketing Communications : you have the right to opt-out from receiving any marketing communication from us or otherwise withdraw consent, by unsubscribing through the message received.
- Cookies : you have the right to opt-out or otherwise withdraw consent from processing of Personal Data through our use of cookies, by changing your preferences through the cookie setting tool available on our website.
- profiling, or Share or Sale of Personal Information for analytic or marketing : if and to the extent applicable, you have the right to opt out of the “sale” or “share” of your Personal Data which includes opting-out of our practice of using cookies for the purposes of targeted advertising, analytic, etc. by clicking on the “Do Not Sell or Share My Personal Information” link on the Website or communicating your opt out through opt-out preference signals, like Global Privacy Control (learn more here).
  In any event, please keep in mind that opt-out tools are limited to the browser or device you use because they work off your browser ID and device ID and, accordingly, you will need to opt-out on each browser and device you use. Your browser may save some information in its cookies and cache to maintain your privacy preferences. Clearing these may remove opt-out preferences, requiring you to opt-out again.
Right to restrict processing – You have the right to ask us to restrict or limit the purpose for which we process your Personal Data, where certain conditions are satisfied (for example, where you contest the accuracy of the Personal Data, for a period enabling us to verify its accuracy).
Right to object – you have the right to object to any use of your Personal Data which we have justified by our legitimate interest if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest our processing of your Personal Data.
Right to appeal or lodge a complaint – If we decline to take action on your request, we will inform you without undue delay as required under applicable laws. The notification will include a justification for declining to take action and instructions on how you may appeal, if applicable. Within the timeframe set under applicable law as of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the applicable authority. Where the GDPR applies, you have the right to lodge a complaint with the applicable Data Protection Authority in the EU or the Information Commissioner in the UK.

To exercise any of your rights, you can contact our data protection officer at privacy@frontegg.com. We will respond to requests to exercise these rights without undue delay as required by applicable laws. Note that Frontegg may have to undertake a process to identify a data subject exercising their rights. Frontegg may keep details of such rights exercised for its own compliance and audit requirements. Please note that Personal Data may be either deleted or retained in an aggregated manner without being linked to any identifiers or Personal Data, depending on technical commercial capability. Such information may continue to be used by Frontegg.

In the event you are a Customer – note that termination of the engagement or closing your account does not automatically resolve in deletion of data. If you wish to delete the data, please ensure to contact us with such request. For California residents – additional information regarding your rights is provided under our CCPA Privacy Notice.

For US residents – additional information regarding certain rights is provided under Section 13 of this Privacy Policy “Jurisdiction Specific Notices”.

8. Data retention

We retain Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until an individual expresses a preference to opt-out or delete its Personal Data.

Other circumstances in which we will retain your Personal Data for longer periods of time include:

Where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements;
For us to have an accurate record of your dealings with us in the event of any complaints or challenges; or
If we reasonably believe there is a prospect of litigation relating to your Personal Data.

Please note that except as required by applicable law, we may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes.

9. Security and storage of information

We design our systems with your security and privacy in mind. Frontegg implements, enforces and maintains security measures, technologies and policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of Personal Data. We likewise take steps to monitor compliance of such policies on an ongoing basis. Where we deem it necessary in light of the nature of the data in question and the risks to data subjects, we encrypt data in transit and at rest.

We use industry standard SSL (secure socket layer technology) encryption to transfer Personal Data. Likewise, we take industry standard steps to ensure the Website and Services are safe and to prevent unauthorized access to our data bases. Other security safeguards include, but are not limited to, firewalls, anti-virus, access logs, breach detection systems and physical access controls to buildings, systems and files.

Note however, that no data security measures are perfect or impenetrable, and we cannot guarantee that unauthorized access, leaks, viruses and other data security breaches will never occur.

Within Frontegg, we endeavor to limit access to Personal Data to those of our personnel who: (i) require access in order for Frontegg to fulfill its obligations, including also under its agreements, and as described in this Privacy Policy, and (ii) have been appropriately and periodically trained with respect to the requirements applicable to the processing, care and handling of the Personal Data, and (iii) are under confidentiality obligations as may be required under applicable law. Frontegg shall act in accordance with its policies and with applicable law to promptly notify the relevant authorities and data subjects in the event that any Personal Data processed by Frontegg is lost, stolen, or where there has been any unauthorized access to it, all in accordance with applicable law and on the instructions of qualified authority.

10. Where do we store your data?

We store your Personal Data on servers owned or controlled by Frontegg located in the united states, or processed by third parties on behalf of Frontegg, by reputable cloud-service providers (see the following section regarding international transfers).

11. International data transfers (EU and UK data subjects)

We may store or process your Personal Data by default within the EU, unless you actively choose to store your data in the US. Customer’s Personal Data may be accessed by our headquarters in Israel (a jurisdiction deemed adequate by the EU Commission and the UK), as well as by our teams in the EU or other adequate countries for support, development and DevOps purposes. Such Customer’s Personal Data may also be accessed, upon Customer request and on a case by case basis, by our staff in the US.

Other Personal Data is transferred to, and stored and processed at, destinations located outside the European Economic Area (EEA) and UK. This includes transfer to our headquarters in Israel, and to the USA. Where your Personal Data is transferred outside of the EEA or UK, we will take all steps reasonably necessary to ensure that your Personal Data is subject to appropriate safeguards, including entering into contracts that require the recipients to adhere to data protection standards that are considered satisfactory under EU or UK law and other applicable laws, and that it is treated securely and in accordance with this Privacy Policy. Transfers from the EEA to Israel are made based on an adequacy ruling by the EU Commission. Transfers from the EEA to the USA are made based on the Standard Contractual Clauses published by the EU Commission. Transfers from the UK to the EEA and to Israel and made based on the UK’s Adequacy Regulations. Transfers from the UK to the USA are made based on the UK’s International Data Transfer Addendum to the EU Commission Standard Contractual Clauses

12. Children

Our Website and Services are not intended for use by children and we do not we do not knowingly collect or maintain information about anyone under the age of 16 without parental consent, or knowingly allow children under the age of 16 to register for the Services. If you are under 16, do not register or attempt to register for any of the Services or send any information about yourself to us. If we learn that we have collected or have been sent Personal Data from a child under the age of 16 without appropriate permissions, we will delete that Personal Data as soon as reasonably practicable without any liability to Frontegg. If you believe that we might have collected or been sent information from a minor under the age of 16, please contact us at: privacy@frontegg.com as soon as possible.

13. Jurisdiction-specific notices

Information provided below supplements the information contained in this Privacy Policy and applies solely to residents of such states. These additional disclosures are intended to provide you with additional information with regard to our handling of your Personal Data and certain consumer rights.

A. Additional notice to California residents

This section applies to California residents only, pursuant to the CCPA. Please see the CCPA Privacy Notice which discloses the categories of Personal Information collected, purpose of processing, source, categories of recipients with whom the Personal Information is shared with for a business purpose, whether the Personal Information is sold or shared, the retention period, and how to exercise your rights as a California resident.

B. Additional notice to US residents

Residents of certain U.S. states (depending on the applicable state law, acting as an individual or in the household context only and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context or as representative of a business), may have additional rights under applicable privacy laws and be entitled to additional disclosures.

“Personal Data” under applicable US privacy laws, generally means any information that is linked or reasonably linkable to an identified or identifiable individual (and usually does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the states laws scope. “Sensitive Data” mainly includes data revealing racial or ethnic national origin, religious beliefs, information regarding an individual’s medical history, mental or physical health condition, diagnosis or medical treatment, neural data, status as transgender or non-binary, sex life, sexual orientation, status as a victim of a crime, citizenship or immigration status; genetic or biometric data; Personal Data collected from a known child; and precise geolocation data. We will obtain your consent before collecting Sensitive Data even if they are not used to identify you. We are required to provide you with a clear and accessible privacy notice that includes the categories of Personal Data processed, including any Sensitive Data, the purpose of processing, the categories of Personal Data shared with third parties, the categories of third parties with whom Personal Data is shared, the categories of Personal Data that is sold or used for targeted advertising, if any, the categories of third parties to whom the Personal Data is sold, if any, a list of your data rights and instructions for exercising those rights and appealing decisions, and our contact information. This information is detailed under this Privacy Policy and further below.

Categories of Personal Data & Categories of Third Parties with Whom Personal Data is Shared:

Under Section 3 of the Privacy Policy “Personal Data Processed and the Purpose of Processing”, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent, unless we are otherwise entitled, required or permitted under applicable laws. Additionally, under Section 6 of the Privacy Policy “Disclosure of Personal Data” we detail and disclose the categories of third parties we share Personal Data with for a business purposes

“Sale” of Personal Data:

Under US privacy laws, in principle, the term “sale” is referring to disclosing or making available Personal Data to a third-party in exchange for monetary or other valuable consideration, including for targeted advertising purposes. We do not “sell” information as this term is commonly understood, meaning – we do not, and will not, disclose your Personal Data in direct exchange for money or some other form of payment. However, subject to the definition of the term “sale” under applicable US privacy laws, our practice of using “cookies or other third-party advertising services and sharing Personal Data for such purpose to third party advertising and marketing providers (e.g., providers of marketing tools and analytic tools, advertising networks, social media networks, media buying, search platforms) is considered a “sale”.

Such practice includes the following Personal Data categories shared with these third parties:

Identifiers – online identifiers such as IP and Cookie ID;

Internet and electronic network activity information – such as your engagement with our website and ads

Geolocation data – derived from IP (country level).

Consumer Rights Related to Their Personal Data:

Residents of certain U.S. states may have additional rights under applicable privacy laws, subject to certain limitations, which may include

Access – the right to confirm whether we are processing their Personal Data and to obtain a copy of their Personal Data in a portable and, to the extent technically feasible, readily usable format.

List of Third Parties – the right to receive a list of the specific third parties to which we have disclosed either your Personal Data or any Personal Data.

Delete – the right to request us to delete their Personal Data provided to or obtained by us.

Correct – the right to request us to correct inaccuracies in their Personal Data, taking into account the nature and purposes of the processing of the Personal Data.

Opt-Out – the right to opt out of certain types of processing, including: (i) to opt out of the “sale” of their Personal Data; (ii) to opt out of targeted advertising by us; and (iii) to opt out of any processing of Personal Data for profiling in furtherance of making decisions that produce legal or similarly significant effects. However, as noted above, we do not engage in profiling in furtherance of legal or similarly significant effects.

Appeal – the right to appeal if we decline to take action in response to your exercise of a privacy right

Non-Discrimination – the right to not be discriminated against for exercising your privacy rights.

Section 7 under this Privacy Policy “Data Subject rights” provides additional information regarding your principal rights.

Exercising Consumer Privacy Rights:

To exercise any of your rights, you can contact our data protection officer at privacy@frontegg.com. We will respond to requests to exercise these rights without undue delay as required by applicable laws. Note that Frontegg may have to undertake a process to identify a data subject exercising their rights. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for denial and how to remedy any deficiencies, where applicable. Authorized agents may initiate a request on behalf of another individual, provided that such will be required to provide proof of their authorization, and we may also require that the individual directly verify his/her identity and the authority of the authorized agent.

We will respond to your request within the timeframe required under applicable law, and we reserve the right to extend the response time subject to applicable law requirements. If we refuse to take action on a request, we will notify you and our notification will include a justification for declining to take action.

Appeal Rights

Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request, by contacting us as instructed in our response. Please send your appeal request with a summary of the request and decision you want to appeal to privacy@frontegg.com.

Not more than 60 days after receipt of an appeal, and always in accordance with the timelines set by the applicable US Privacy Laws, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decision.

If you are not happy with our response, depending on your jurisdiction, you may have the right to lodge a complaint against us with the relevant State’s Attorney General:

Colorado Attorney General as follows: Colorado AG at https://coag.gov/file-complaint .
Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ .
Delaware Attorney General at https://attorneygeneral.delaware.gov/fraud/cmu/complaint/
Florida Attorney General at https://www.myfloridalegal.com/consumer-protection/consumer-complaint-form
Indiana Attorney General at https://www.in.gov/attorneygeneral/consumer-protection-division/file-a-complaint/ .
Iowa Attorney General at https://www.iowaattorneygeneral.gov/for-consumers/file-a-consumer-complaint .
Kentucky Attorney General at https://secure.kentucky.gov/formservices/AttorneyGeneral/ConsumerMediationForm
Maryland Attorney General at https://www.marylandattorneygeneral.gov/Pages/CPD/Complaint.aspx
Minnesota Attorney General at http://www.ag.state.mn.us/
Montana Attorney General at https://dojmt.gov/consumer/consumer-complaints/ .
Nebraska Attorney General at https://ago.nebraska.gov/constituent-complaint-form
Nevada Attorney General at https://ag.nv.gov/Complaints/CSU_Complaints___FAQ/
New Hampshire Attorney General at https://onlineforms.nh.gov/app/#/formversion/e0c5d644-c9d8-4056-a7cc-24d29c446fcb .
New Jersey Attorney General at https://www.njoag.gov/contact/file-a-complaint/
Oregon Attorney General at https://www.doj.state.or.us/consumer-protection/contact-us/ .
Rhode Island Attorney General at https://riag.ri.gov/forms/consumer-complaint
Texas Attorney General at https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint .
Tennessee Attorney General at https://www.tn.gov/attorneygeneral/working-for-tennessee/consumer/file-a-complaint.html
Utah Attorney General at https://www.attorneygeneral.utah.gov/contact/complaint-form/ .
Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform

14. Third-party links

We may include third-party links on our website, and allow registration and login to our Platform through third party accounts. Please note that this Privacy Policy only applies to the Personal Data that we (or third parties on our behalf) collect from or about you and we cannot be responsible for personal information collected and stored by third parties. Third parties have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to them. We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites or third-party terms and conditions or policies.

15. Policy amendments

We reserve the right to amend or update this Privacy Policy from time to time, at our sole discretion. The most current version of this Privacy Policy will always be posted on the Website and the update date will be reflected in the “Last Updated” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Privacy Policy will become effective immediately, unless we notify otherwise. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.

Cookie	Duration	Description
_vis_opt_s	3 months 8 days	Visual Website Optimizer sets this cookie to detect if there are new to or returning to a particular test.
_vis_opt_test_cookie	session	Visual Website Optimizer creates this cookie to determine whether or not cookies are enabled on the user's browser.
li_gc	6 months	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
messagesUtk	6 months	HubSpot sets this cookie to recognize visitors who chat via the chatflows tool.

Cookie	Duration	Description
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_hjSession_*	1 hour	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hjSessionUser_*	1 year	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hp2_ses_props.*	1 hour	Heap sets this cookie to store the timestamp and cookie domain or path.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.
_vwo_uuid_v2	1 year	This cookie is set by Visual Website Optimiser and calculates unique traffic on a website.
cb_anonymous_id	1 year	Clearbit sets this cookie to track page views and traits for Clearbit.
cb_group_id	1 year	Clearbit sets this cookie to track page views and traits for Clearbit.

Cookie	Duration	Description
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
cb_user_id	1 year	Clearbit sets this cookie to collect data on visitors. This information is used to assign visitors into segments, making website advertising more relevant.

Cookie	Duration	Description
__Host-session	14 days	No description available.
__tld__	session	Description is currently not available.
_cfuvid	session	Description is currently not available.
_crowdcontrol_session_key	session	Description is currently not available.
_g2_session_id	session	Description is currently not available.
_hp2_hld346349427843107.1065080579	5 minutes	Description is currently not available.
_hp2_hld6722177740337317.1065080579	5 minutes	Description is currently not available.
_hp2_hld8090462093010520.1065080579	5 minutes	Description is currently not available.
cbtest	1 year	Description is currently not available.
debug	never	No description available.
events_distinct_id	session	Description is currently not available.
h1_device_id	1 year	Description is currently not available.
pfjscookies	1 year	Description is currently not available.