Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Terms of use

Privacy Policy


Effective Date: Aug 13, 2021

Previous update on Aug 13, 2021

Cobalt’s Commitment To Your Privacy

This Privacy Policy (this "Policy") describes the privacy practices of Cobalt Labs, Inc. (a Delaware corporation registered to do business in California and doing business at 575 Market St, 4th Floor, San Francisco, CA 94105-USA, and its affiliate, Cobalt Labs Germany GmbH, a legal entity registered to do business in Germany, and doing business at Friedrichstraße 68, 10117 Berlin, Germany (referred to collectively as "Cobalt.io", "Cobalt", "we", "our" or "us").

At Cobalt, we are committed to protecting and respecting the privacy of visitors to our website (this "website" or this "site") and customers of our products and services (collectively, "Services"). Visitors to our website and customers of our Services are each referred to herein individually, and all referred to herein collectively, as "you". We take responsibility for complying with all applicable data protection and/or privacy laws.

This Policy details what personal information, which is information that identifies you or which could reasonably be used to identify you ("Personal Information"), we collect , how we use and disclose that Personal Information and how we protect it. This Policy also describes our collection, use and disclosure of information which does not, directly or indirectly, identify you ("Non-Personal Information").

Please also read further down this page for information about cookies and other tracking technologies and refer to our Terms of Use (https://cobalt.io/terms/general), for additional information regarding our Services.

For any questions that may not be answered in this Policy, you can contact us at any time by emailing privacy@cobalt.io or writing to the Cobalt privacy team at 575 Market St, 4th Floor, San Francisco, CA 94105-4210 USA.

In this Policy we cover:

  • What Personal Information and Non-Personal Information we collect
  • How we collect Personal Information and Non-Personal Information
  • How we use and disclose Personal Information and Non-Personal Information
  • Transferring your Personal Information Internationally
  • Security of your Personal Information
  • How long we keep your Personal Information
  • Third party service providers
  • Direct marketing
  • Deletion and modification of your Personal Information
  • Children under 13
  • Links to third party websites
  • Cookies and other tracking technologies
  • GDPR and UK GDPR notice
  • California Privacy
  • Changes to this Policy
  • Contact Us

What Personal Information and Non-Personal Information We Collect

We may collect the following Personal Information:

  • identity and contact data, including your name, address, telephone number, job title and function, and other Personal Information concerning your preferences relevant to our Services;

  • financial and payment data, including your bank account and other data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;

  • business information, including information provided in the course of the contractual or customer relationship between you or your organization and Cobalt, or otherwise voluntarily provided by you or your organization;

  • profile and usage data, including passwords to Cobalt websites or password protected Services, your preferences in receiving marketing information, newsletters, and/or promotional materials from us, your communication preferences and information about how you use our website(s), including the Services you searched, viewed, and/or used, page response times, download errors, length of visits and page interaction information (such as scrolling, clicks, and mouse-overs); and

  • physical access data, relating to details of your visits to our premises.

* Please note that if you provide Personal Information to us about any individual other than yourself, you represent and warrant that you are legally authorized to provide such Personal Information to us for our use and disclosure as described in this Policy.

We may collect the following Non-Personal Information:

  • Technical Data, including information collected during your visits to our website(s), the Internet Protocol (IP) address, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform, general location data.

How we collect Personal Information and Non-Personal Information

The circumstances in which we may collect Personal Information about you include:

  • when you or your organization seeks information from us or use any of our Services;
  • when you or your organization offer to provide, or provides, services to us;
  • when you correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us, including in conversation with our employees and/or service providers;
  • when you or your organization provide Personal Information to us in connection with completing a form or making an inquiry or otherwise interacting on our website or other online platforms;
  • when you provide Personal Information to us in connection with attending our seminars or other events or signing up to receive informational material or Services from us, including training; and
  • by making inquiries from your organization, other organizations with whom you have dealings, or from third party sources such as government agencies, a credit reporting agency, information service providers or from publicly available records.

The circumstances in which we may collect Non-Personal Information include:

  • When you visit and/or navigate on our site

How we use and disclose Personal Information and Non-Personal Information

We may use your Personal Information for the following purposes:

  • to register you as a customer or user of Cobalt;
  • to provide and administer Services through the site as instructed by you or your organization;
  • to administer and manage our relationship with you, including processing payments, accounting, auditing, billing and collection and taking other steps linked to the performance of our business relationship;
  • for compliance with our legal obligations;
  • to analyze and improve our Services and communications and to monitor or enforce compliance with our policies and standards;
  • to manage access to our premises and for security purposes;
  • to protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
  • for insurance purposes;
  • to exercise or defend our legal rights, or to comply with court orders;
  • for any other purposes related and/or ancillary to any of the above or any other purposes for which your Personal Information was provided to us;
  • to respond to your requests or inquiries to us and otherwise communicate with you as needed to provide our Services;
  • to communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our Services (including briefings, newsletters and other information), events and initiatives; to send you details of customer surveys, marketing campaigns, market analysis, or other promotional activities; and
  • to collect information about your preferences to personalize and improve the quality of our communications with you.

We may disclose Personal Information as follows:

  • to our affiliates, if any. We will provide you with information regarding such affiliates (if any) upon request. We disclose Personal Information to our affiliates for our business operational purposes and as needed to enable our affiliates to use Personal Information for purposes described above;
  • to third parties including certain service providers we have retained in connection with the Services we provide. We disclose Personal Information to such service providers so that they may assist us in management of our site or with our provision of Services;
  • on a confidential basis to third parties for the purposes of collecting your feedback on the Services, to help us measure our performance and to improve and promote our Services;
  • to companies providing services for fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such Personal Information is shared;
  • to courts, law enforcement authorities, regulators, government officials or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defense of a claim, or for the purposes of a confidential alternative dispute resolution process; and
  • if we sell or buy any business or assets, in which case we may disclose your Personal Information to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations.

We may use Non-Personal Information as follows:

  • For web analytics purposes, such as analyzing website traffic and other metrics for purposes of evaluating the performance of our site

We may disclose Non-Personal Information as follows:

  • To our third party service providers for purposes of allowing such third party service providers to assist us with web analytics functions

Transferring Your Personal Information Internationally

In some cases, providing our Services may require us to transfer your Personal Information internationally. Please be aware that such international transfers may be to countries which do not have the same privacy or data protection laws as the country in which you are located. Accordingly, once your Personal Information is transferred to another country, it may be subject to different legal protections. Regardless of the laws in the country where your Personal Information is transferred, however, we will in all cases safeguard that Personal Information as described in this Policy.

Security of your Personal Information

We have put in place appropriate security measures designed to prevent your Personal Information from being accidentally lost, used or accessed, altered or disclosed in an unauthorized way.

We have also put in place procedures to deal with any suspected Personal Information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long we keep your Personal Information

We will retain your Personal Information only for as long as necessary to fulfill the purposes for which we collected it, including, as applicable, for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for Cobalt to assert or defend against claims, until the end of the relevant retention period or until the claims in question have been settled.

To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.

If you want to learn more about our specific retention periods for your Personal Information established in our retention policy, you may contact us at privacy@cobalt.io.

Following the applicable retention period, we will securely destroy your Personal Information in accordance with applicable laws and regulations.

Third Party Service Providers

As noted above in this Policy, in some situations we disclose Personal Information to our third party service providers so that they may use such Personal Information in the course of assisting us with various functions, such as providing our Services. Although we do not control these third party service providers, we make commercially reasonable efforts to engage only with third parties that comply with applicable laws and implement information privacy and security measures to protect Personal Information.

Direct Marketing

When you fill out a form on our site, you may be notified that by filling out the form you opt in to receive marketing communications from us. We will provide you with such marketing-related communications (including newsletters and/or promotional materials) only after you have, where legally required to do so, voluntarily filled in the relevant form and thereby opted in to receive those communications. All of our marketing communications include a link allowing you to unsubscribe from any future marketing communications. We review requests to unsubscribe on a regular basis and will stop sending marketing communications to those who have unsubscribed.

Deletion and Modification of Your Personal Information

If you wish to request that we delete or modify any of the Personal Information that you have provided to us (for example, if you want us to update your email address), please let us know by contacting us at privacy@cobalt.io or submit a request at https://preferences.cobalt.io/privacy. Although we will seek to keep your Personal Information accurate and updated by modifying it when you request us to do so, we will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Information that you provide to us. We will comply with your request as required by applicable laws and regulations; please be advised, however, that we may not be able to comply with your request in all cases (for example, we may not be able to comply with your deletion request in cases where we are required to retain your Personal Information to comply with a legal obligation).

Children Under 13

Our site and Services are not directed to or intended to be used by children under the age of 13 and we do not knowingly collect Personal Information from children under 13. If you become aware that we have collected Personal Information from any child under the age of 13, please contact us at privacy@cobalt.io and we will seek to delete such Personal Information as soon as possible.

Links to Third Party Websites

Our site may include links to third party websites. We do not endorse or recommend such third party websites or the content therein and we are not responsible for the privacy practices of the operators of such websites.  Please be aware that when you access links on our site to a third party website, you are bound by the privacy policies and practices of that third party. We encourage you to read the privacy policies governing your use of any third party website.

Cookies and Other Tracking Technologies

Cookies: Like many websites, we use cookies on a user's hard drive to collect information. A cookie is a small piece of information that is placed on your device when you visit the site and other websites. We use cookies to identify your authenticated interaction with the site, to enable certain features of the site, to better understand how you interact with the site, and to monitor aggregate usage by site users and web traffic routing on the site. You can instruct your browser to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. However, if you do not accept cookies, that may limit your use of certain features of the site.

Web Beacons: Our site may contain electronic images known as Web beacons (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how our site is used and may be used in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our customer communications and marketing campaigns. As with cookies, you may disable web beacons by changing your browser settings or the settings in your email service/program.

The information below explains more about the cookies we use on our site, and why we use them:

  • Authentication: we use these cookies to verify your account and determine when you're logged in.
  • Security: we use these cookies to help keep your account safe and secure. We also use these cookies to combat activity that violates our policies or otherwise degrades our ability to operate our website.
  • Site features and services: we use cookies to enable functionality that helps us provide support and answer questions made through the website.
  • Google Analytics cookies: we use these cookies to collect information about how visitors use our website, including details of the site where the visitor has come from and the total number of times a visitor has been to our website. We use the information to improve our website and enhance the experience of its visitors.
  • Analytics and research: we use these cookies to better understand how people use the website so that we can improve our service.

GDPR and UK GDPR Notice

Under the General Data Protection Regulation ("GPDR") and United Kingdom General Data Protection Regulation ("UK GDPR"), Cobalt is a "controller" (entity that determines the purposes and means of processing your Personal Information) with regard to the Personal Information we collect from you on our site or in connection with our Services.

When we collect your Personal Information on our site or in connection with our Services and otherwise process it for the purposes described above in this Policy, our processing has various legal bases, depending on the particular circumstances. Our processing of your Personal Information may be based on:

(a) Our legitimate interests in operating, managing and optimizing our site. For example, we may take measures to prevent fraudulent or illegal activity on our Site, as part of managing our site, and we have a legitimate interest in processing Personal Information in connection with this activity;

(b) Our legitimate interest related to our direct marketing activities. For example, we may have a legitimate interest in processing your Personal Information to send direct marketing communications to you or engage in other direct marketing activities;

(c) For compliance with a legal obligation to which we are subject. For example, if you have purchased our Services and we are required by applicable law to process Personal Information to meet certain tax obligations, we may process your Personal Information to comply with such legal obligations;

(d) Performance of a contract to which you are subject or to take certain pre-contractual measures at your request. For example, when you purchase our Services, you enter into a contract with us and in such circumstances, we process your Personal Information in order to perform this contact or to take required measures prior to entering into the contract; or

(d) Your consent. If you've provided us with your express consent for our processing of your Personal Information, we may process your Personal Information based on such consent.

As a data subject, you have the right to request from Cobalt access to, rectification of, erasure of, portability of and/or restriction of processing of your Personal Information. You also have the right to object to further processing of your Personal Information. To exercise any of these rights, please contact us at privacy@cobalt.io or submit a request at https://preferences.cobalt.io/privacy. We will respond to your request in accordance with applicable law.

In the event we process your Personal Information based on your consent, you may withdraw your consent at any time (provided, however, such withdrawal will not affect the lawfulness of processing of your Personal Information that occurred before our receipt of your withdrawal). To withdraw consent for processing of your Personal Information, please privacy@cobalt.io or submit a request at https://preferences.cobalt.io/privacy.

We may transfer Personal Information from the EU and/or UK to other countries around the globe. Please be aware that the European Commission has determined that only certain countries provide an adequate legal framework for the protection of Personal Information. For information about countries which have been determined by the European Commission to provide an adequate legal framework for protection of Personal Information, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. In cases where we transfer your Personal Information from the EU or UK to a country outside the EU and UK which has not been determined to have an adequate legal framework, your Personal Information may be at greater risk once it is transferred to such country due to this absence of a determination of adequate legal protections. Nonetheless, Cobalt commits to apply reasonable safeguards to protect Personal Information as described in this Policy.

Please note that you are not required to provide Cobalt with your Personal Information; provided, however, if you choose not to provide your Personal Information, this means that you may not be able to use certain site features and/or you may not be able to receive our Services which depend on our processing of your Personal Information, as described in this Policy.

If you have a concern with the handling of your Personal Information, you may lodge a complaint with the applicable data protection authority (also known as "Supervisory Authority") in the country in which you reside. For a list of Supervisory Authorities in the EU and their contact information, please visit: https://edpb.europa.eu/about-edpb/board/members_en. If you are located in the UK, you may contact the Information Commissioner's Office (ICO) (ICO website: https://ico.org.uk/). If you have a concern or wish to contact Cobalt, you may contact us at privacy@cobalt.io.

California Privacy

The California Consumer Privacy Act ("CCPA") provides certain rights to individuals who reside in California ("Consumers").  Below is a description of Consumers' rights concerning their Personal Information and Cobalt's practices regarding the collection, use, disclosure and sale of Personal Information about Consumers.

CCPA Rights:

Consumers have the right to request that we disclose what Personal Information we collect, use, disclose and sell.  A Consumer may request details concerning any or all of the following:

  • specific pieces of Personal Information that we have about the Consumer;
  • categories of Personal Information we have collected about the Consumer;
  • categories of sources from which the Personal Information is collected;
  • categories of Personal Information about the Consumer that we have sold or disclosed for a business purpose;
  • categories of third parties to whom the Personal Information was sold or disclosed for a business purpose; and
  • the business or commercial purpose for collecting or selling Personal Information.

To make any of these requests, please email us at privacy@cobalt.io or submit a request at https://preferences.cobalt.io/privacy. Once we receive your request, we will need to verify your identity.  Our general process for verifying Consumer identities is to match data points that we maintain about a Consumer with data points that the Consumer provides to us. In some situations, we may require you to provide additional information about yourself as part of this verification process.  We will inform you of additional information we require (if any) to verify your identity after we have received your request.  If we are not able to verify your identity by reasonable methods, we may deny your request, but in any case in which we deny your request, we will explain the reason for the denial in a written response to you.

Consumers have the right to request the deletion of their Personal Information which is collected or maintained by us.  To make a deletion request, please email us at privacy@cobalt.io or submit a request at https://preferences.cobalt.io/privacy.  Once we receive your request, we will verify your identity as described above.  Please be aware that there are certain exceptions to the right of deletion of Personal Information.  In our written response to you, we will inform you if there is any such exception or if there is any other reason why we cannot comply with your request.

Please note that a Consumer may use an authorized agent (which may be a person or a business entity registered with the California Secretary of State) to submit, on the Consumer's behalf, any of the requests described above.  The authorized agent must follow processes specified above for submitting such requests.  When a Consumer uses an authorized agent to submit a request, we may require the Consumer to provide the authorized agent with signed permission to submit such request and we may also require the Consumer to verify the Consumer's own identity directly with us.  We may deny a request from an agent if the Consumer does not submit proof to us that the agent has been authorized by the Consumer to act on the Consumer's behalf.

Consumers have the right to not receive discriminatory treatment for the exercise of privacy rights under the CCPA.  Cobalt will not discriminate against any Consumer for the exercise of CCPA rights.

Our practices regarding the sale, collection & use of Personal Information about Consumers:

Please be advised that Cobalt engages in limited data transfers to third parties that may be considered a data sale under applicable law. Such transfers occur only in the context of presentations, panels, and other events put on by Cobalt or sponsored by Cobalt that may be presented or co-sponsored with other third parties. In such cases, event attendees will be prompted to provide certain identifying information to register for the event in question. Such information will be shared for marketing purposes with all parties presenting or sponsoring the event, including third parties with whom the attendee may not have a pre-existing relationship. Such third parties will be identified in materials accompanying any prompt to provide information. If you wish to decline to have your information disclosed in this fashion, you can opt-out by emailing privacy@cobalt.io, or by clicking the below button:

Please review the chart below describing the categories of Consumers' Personal Information we have collected in the last 12 months, categories of sources from which such Personal Information was collected and the business or commercial purpose for which the Personal Information was collected.

Category of Personal Information we Collected Category of Source from which Personal Information was Collected Business or Commercial Purpose for which Personal Information was Collected
Identifiers such as real name, alias, postal address, unique personal identifier, online identifier, etc.
  • the Consumer directly;
  • data analytics providers;
  • operating systems and platforms;
  • social networks; and
  • data brokers
Performing services for the Consumer, including maintaining or servicing accounts, providing customer service and verifying customer information and fulfilling orders and transactions
Commercial information, such as records of services purchased the Consumer directly Processing payments; fulfilling orders and transactions; providing financial documents
Internet or other electronic network activity information, including information regarding a Consumer’s interaction with our site
  • the Consumer directly;
  • data analytics providers;
  • operating systems and platforms;
  • social networks; and
  • data brokers
Providing advertising or marketing services; for analytics activities

Our practices regarding the disclosure of Personal Information about Consumers:

The chart below describes the categories of Personal Information about Consumers we have disclosed to third parties for a business purpose and the corresponding categories of third parties to whom such Personal Information was disclosed in the last 12 months.

Category of Personal Information we Disclosed for a Business Purpose Category of Third Party to whom Personal Information was Disclosed
Identifiers such as real name, alias, postal address, unique personal identifier, online identifier, etc. Cobalt's vendors who assist with customer service
Commercial information, such as records of services purchased Cobalt's vendors who assist with customer service
Internet or other electronic network activity information, including information regarding a Consumer's interaction with our site Cobalt's vendors who assist with customer service
Professional or employment-related information Cobalt's vendors who assist with customer service

You may contact us with any questions or concerns about our privacy policies or practices. Please email us at privacy@cobalt.io with any questions or concerns.

Changes to our Privacy Policy

We reserve the right to update and change this Policy from time to time in order to reflect any changes to the way in which we process your Personal Information or changing legal requirements. Any changes we may make to our Policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our Policy.

Contact Us

If you have any questions, concerns or feedback regarding this Policy, please feel free to contact us at privacy@cobalt.io.