Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Terms of use

Privacy Policy

Last update on 9th of January, 2019

Cobalt’s Commitment To Your Privacy

At Cobalt, we are committed to protecting and respecting the privacy of visitors to our website (this “website” or this “site”) and customers of our products and services (collectively, “Services”). We take responsibility for complying with the Data Protection Act 1998 (DPA), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), and the more recent General Data Protection Regulation (GDPR), which applies from 25 May 2018.

The Privacy Policy (this “Policy”) details what personal information, which is sometimes referred to as personal data, that we collect (such personal information and/or personal data will be referred to in this Policy as “Personal Information”), how we will use that Personal Information and how we will protect it. Please also read our Cookie Policy further down this page and refer to our Terms of Use (, for additional information regarding our Services.

For any questions that may not be answered in this Policy, you can contact us at any time by emailing or writing to the Cobalt privacy team at 575 Market St, 4th Floor, San Francisco, CA 94105-4210 USA.

In this Privacy Policy we will cover:

  • Who is responsible for your Personal Information
  • What Personal Information we collect
  • How Personal Information is collected
  • How we process and/or disclose your Personal Information, and the legal basis for such activities
  • Transferring your Personal Information
  • Security of your Personal Information
  • How long do we keep your Personal Information
  • Your right to access, update, object to our processing of, retrieve, erase, and/or withdraw consent to our processing of your Personal Information
  • Changes to this Policy
  • Cookies Policy

This Policy, together with our Terms of Use ( and any other documents referred to in either document (or both), sets out the types of Personal Information we collect, how we collect and process that information, with whom we may share it with in relation to the Services we provide, and certain rights and options that you have in this respect.

Who is responsible for your Personal Information?

Cobalt is responsible for your Personal Information. Cobalt comprises Cobalt Labs, Inc. (a Delaware corporation registered to do business in California and doing business at 575 Market St, 4th Floor, San Francisco, CA 94105-USA, and its affiliate, Cobalt Labs Germany GmbH a legal entity registered to do business in Germany, and doing business at Friedrichstraße 68, 10117 Berlin, Germany (referred to collectively as "", “Cobalt”, or "we" or "our" or “us”). For the purposes of applicable data protection law (in particular, the General Data Protection Regulation (EU) 2016/679 (the "GDPR")), your data will be controlled by the Cobalt affiliate or subsidiary undertaking that you have instructed or that is providing Services to you or communicating to you, and each such entity is regarded as an independent data controller of your Personal Information. This Policy applies to all such entities.

We may also retain the services of external suppliers to help meet our business needs and may share your data with these suppliers. These suppliers have been selected after a rigorous evaluation process and chosen for their security, reliability and competence. They will process your data only under our instructions. Some of these suppliers may be based in non-EU countries. Where this is the case, the transfer of your Personal Information to these countries is carried out in compliance with the guarantees provided by law. Please contact us at if you wish to receive information about these suppliers.

What Personal Information We Collect

We may collect and process the following Personal Information from you:

  • Identity and Contact Data, including your name, address, telephone number, job title and function, and other Personal Information concerning your preferences relevant to our Services;
  • Financial and Payment Data, including your bank account and other data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
  • Business Information, including information provided in the course of the contractual or customer relationship between you or your organization and Cobalt, or otherwise voluntarily provided by you or your organization;
  • Profile and Usage Data, including passwords to Cobalt websites or password protected platforms or services, your preferences in receiving marketing information, newsletters, and/or promotional materials from us, your communication preferences and information about how you use our website(s), including the Services you searched, viewed, and/or used, page response times, download errors, length of visits and page interaction information (such as scrolling, clicks, and mouse-overs). To learn more about our use of cookies or similar technology please see the section below, entitled “Cookies Policy”;
  • Technical Data, including information collected during your visits to our website(s), the Internet Protocol (IP) address, login data, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform. To learn more about our use of cookies or similar technology please see the section below, entitled “Cookies Policy”; and
  • Physical Access Data, relating to details of your visits to our premises.

Information about other people

If you provide information to us about any people other than yourself, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.

How do we collect your Personal Information?

The circumstances in which we may collect Personal Information about you include:

  • when you or your organization seeks information from us or use any of our Services;
  • when you or your organization offer to provide, or provides, services to us;
  • when you correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us, including in conversation with our employees and/or service providers;
  • when you or your organization browse, complete a form or make an inquiry or otherwise interact on our website or other online platforms;
  • when you attend our seminars or other events or sign up to receive Personal Information from us, including training; and
  • by making inquiries from your organization, other organizations with whom you have dealings, or from third party sources such as government agencies, a credit reporting agency, information service providers or from publicly available records.

How will we use your Personal Information?

We may use your Personal Information only for the following purposes:

  • to register you as a customer or user of Cobalt;
  • to provide and administer services or solutions, or enable you to provide services through the Site as instructed by you or your organization;
  • to administer and manage our relationship with you, including processing payments, accounting, auditing, billing and collection and taking other steps linked to the performance of our business relationship;
  • compliance with our legal obligations.
  • to analyze and improve our services and communications and to monitor compliance with our policies and standards;
  • to manage access to our premises and for security purposes;
  • to protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
  • for insurance purposes;
  • to exercise or defend our legal rights, or to comply with court orders;
  • for any other purposes related and/or ancillary to any of the above or any other purposes for which your Personal Information was provided to us;
  • to communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our services and solutions (including briefings, newsletters and other information), events and initiatives; to send you details of customer surveys, marketing campaigns, market analysis, or other promotional activities; and
  • to collect information about your preferences to personalize and improve the quality of our communications with you.

We may process your Personal Information in connection with any of the purposes set out above on one or more of the following legal grounds:

  • because it is necessary for us to do so to perform your instructions or another contract with you or your organization;
  • to comply with our legal obligations as well as to keep records of our compliance processes or tax records;
  • because our legitimate interests, or those of a third party recipient of your Personal Information, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms;
  • because you have expressly given us your consent to process your Personal Information in that manner.

We will provide you with marketing-related information (including newsletters and/or promotional materials) only after you have, where legally required to do so, opted in to receive those communications and having provided the opportunity for you to opt out at any time.

We will not use your Personal Information for taking any automated decisions affecting or creating profiles other than as described above.

Disclosure of your Personal Information

We may share your Personal Information:

  • with our affiliates, if any. We will provide you with information regarding such affiliates (if any) upon request.
  • with third parties including certain service providers we have retained in connection with the services we provide;
  • on a confidential basis with third parties for the purposes of collecting your feedback on the Services, to help us measure our performance and to improve and promote our Services;
  • with companies providing services for fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such Personal Information is shared;
  • with courts, law enforcement authorities, regulators, government officials or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defense of a claim, or for the purposes of a confidential alternative dispute resolution process;
  • with service providers who we engage within or outside of Cobalt, domestically or abroad, e.g. shared service centers, to process Personal Information for any of the purposes listed above on our behalf and in accordance with our instructions only; and
  • if we sell or buy any business or assets, in which case we may disclose your Personal Information to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations

Legal Basis or Bases For Processing and/or Transferring Your Personal Information

Purchases: In some cases, the provision of your Personal Information for the above activities is a contractual obligation. In such cases, you are free to communicate your data or not, but in the absence of the requested data, it may not be possible to finalize or execute a particular contract and your requests. This means that while you will continue to be able to browse this site, you will not be able to purchase Services, and you will not be able to use certain features of the site. When you purchase Services, we are required to process your Personal Information to meet our legal obligations in accordance with the tax provisions and other statutory rules that apply. You are free to decide whether or not to purchase Services from us, but if you do make a purchase, this use of your data will be necessary to meet our legal obligations. When you make a purchase at the site, we will use some of your Personal Information to carry out anti-fraud activities: we have a legitimate interest in carrying out this activity to prevent and prosecute any fraudulent activity.

Site Management: Whether or not you make a purchase on the site, our use of your personal information is necessary for our legitimate interest in ensuring that the Site is managed correctly, and that your experience visiting the site is a good one.

Marketing Communications: When you request that we send you marketing communications, newsletters, and/or promotional materials, our use of your personal information is necessary for our legitimate interest in fulfilling your request to receive such marketing communications, including information about products and/or services that may be of interest to you.

Transferring Your Personal Information

When we transfer your information to other countries, we will use, share and safeguard that information as described in this Policy. To provide the Services, we may transfer the personal information we collect to countries outside of the United States or Europe which do not provide the same level of data protection as the country in which you reside and are not recognized as providing an adequate level of data protection. We transfer personal information to these countries only when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defense of legal claims or subject to safeguards that assure the protection of your personal information, such as European Commission approved standard contractual clauses.

All Cobalt offices throughout the world ensure a level of data protection at least as protective as that required in the United States.

For further information, including obtaining a copy of the documents used to protect your information, please contact us using our contact form.

For EU and UK Individuals: Data Transfers under Privacy Shield

Cobalt Labs Inc. complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and the United Kingdom transferred to the United States pursuant to Privacy Shield. (For purposes of this Privacy Shield section, “Cobalt,” “we,” “us” and “our” refer only to our U.S. entity, Cobalt Labs, Inc.) Cobalt has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Cobalt is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

Pursuant to the Privacy Shield Frameworks, EU and UK individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Cobalt’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Cobalt remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Cobalt proves that it is not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, Cobalt commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union or United Kingdom individuals with Privacy Shield inquiries or complaints should first contact Cobalt by email at

Cobalt has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at

Security of your Personal Information

We have put in place appropriate security measures designed to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.

We have also put in place procedures to deal with any suspected Personal Information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long we keep your Personal Information

We will retain your Personal Information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for Cobalt to assert or defend against claims, until the end of the relevant retention period or until the claims in question have been settled.

To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.

If you want to learn more about our specific retention periods for your Personal Information established in our retention policy, you may contact us at

Following the applicable retention period, we will securely destroy your Personal Information in accordance with applicable laws and regulations.

Updating Personal Information about you

If any of the Personal Information that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate Personal Information about you, please let us know by contacting us at We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Information that you provide to us.

You have various rights with respect to our use of your Personal Information:

  • Access: You have the right to request a copy of the Personal Information that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal Personal Information about another person, or if we are legally prevented from disclosing such information. You are entitled to see the Personal Information held about you. If you wish to do this, please contact us at
  • Accuracy: We aim to keep your Personal Information accurate, current, and complete. We encourage you to contact us at to let us know if any of your Personal Information is not accurate or changes, so that we can keep your Personal Information up-to-date.
  • Objecting: In certain circumstances, you also have the right to object to processing of your Personal Information and to ask us to block, erase and restrict your Personal Information. If you would like us to stop using your Personal Information, please contact us at
  • Porting: You have the right to request that some of your Personal Information is provided to you, or to another data controller, in a commonly used, machine-readable format.
  • Erasure: You have the right to erase your Personal Information when the Personal Information is no longer necessary for the purposes for which it was collected, or when, among other things, your Personal Information have been unlawfully processed.
  • Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority, or to seek a remedy through the courts.

You may, at any time, exercise any of the above rights, by contacting us at together with a proof of your identity, i.e. a copy of your ID card, or passport, or any other valid identifying document.

Right to withdraw consent

If you have provided your consent to the collection, processing and transfer of your Personal Information, you have the right to fully or partly withdraw your consent. To withdraw your consent please follow the opt-out links on any marketing message sent to you or contact us at

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise, or defense of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of Personal Information for the provision of our services.

Changes to our Privacy Policy

We reserve the right to update and change this Policy from time to time in order to reflect any changes to the way in which we process your Personal Information or changing legal requirements. Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Policy.

Cookies Policy

Cookies: Like many websites, we use cookies on a user’s hard drive to collect information. A cookie is a small piece of information that is placed on your device when you visit the site and other websites. We use cookies to identify your authenticated interaction with the site, to enable certain features of the site, to better understand how you interact with the site, and to monitor aggregate usage by site users and web traffic routing on the site. You can instruct your browser to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. However, if you do not accept cookies, that may limit your use of certain features of the site.

Web Beacons: Our site may contain electronic images known as Web beacons (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how our site is used and may be used in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our customer communications and marketing campaigns.

The information below explains more about the cookies we use on our site, and why we use them:

  • Authentication: we use these cookies to verify your account and determine when you’re logged in.
  • Security: we use these cookies to help keep your account safe and secure. We also use these cookies to combat activity that violates our policies or otherwise degrades our ability to operate our website.
  • Site features and services: we use cookies to enable functionality that helps us provide support and answer questions made through the website.
  • Google Analytics cookies: we use these cookies to collect information about how visitors use our website, including details of the site where the visitor has come from and the total number of times a visitor has been to our website. We use the information to improve our website and enhance the experience of its visitors.
  • Analytics and research: we use these cookies to better understand how people use the website so that we can improve our service.

You can enable or disable cookies by modifying the settings in your browser. You can find out how to do this, and find more information on cookies, at: