Privacy Policy and Notice at Collection

Privacy Policy and Notice at Collection

Effective: October 13, 2025

Defiant, Inc. (“Defiant,” “the Company.” “we,” “us,” or “our”) is committed to privacy and data protection. This Privacy Policy applies to personal information Defiant collects from you, through our interactions with you, through www.defiant.com , www.wordfence.com, websites under the control of Defiant (collectively “Sites”), and the Wordfence services (such as the Wordfence Site Cleaning Service and the Wordfence Security Plugin), including all media, document, updates, and support services associated with the Site and the Wordfence services (collectively, the “Services”), as well as how we use and protect personal information.

This Privacy Policy does not apply to any third-party applications or software that integrate with our Sites and Services, or any other third-party products, services or businesses (collectively, “Third Party Services”). Third Party Services are governed by their own privacy policies. We recommend you review the privacy policy governing any Third Party Services before using them.

Defiant is the controller of the personal information collected through the Sites. Any questions or concerns regarding Defiant’s privacy and data protection practices can be directed to our Legal Department at privacy@defiant.com.

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, YOU SHOULD NOT ACCESS OR USE THE SITES OR SERVICE.

NOTICE AT COLLECTION

PERSONAL INFORMATION COLLECTION AND USE

We collect information that identifies, describes, or is reasonably capable of being associated with you (“personal information”). The following discusses the categories of personal information we collect and have collected in the preceding 12 months, the sources we collect information from, and the business or commercial purposes use of personal information.

Providing Sites and Services. We use data to carry out your transactions with us and to provide Sites and Services to you such as those listed below. Often, this includes personal information including:

Identifiers and Customer Records. Such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.

Internet or other similar network activity. Such as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

Examples of our Sites and Services include:

• Customer support. We use data to diagnose and address problems and provide other customer and support services.
• Service activation. We use data username, password, subscription license key to activate software that require activation.
• Software Updates. Unless you have disabled the functionality of our software update manager, our software products periodically communicate with our servers to perform functions such as checking for updates.
• Site Cleaning Service. If you purchase our Site Cleaning Service we may download portions of your site to secure servers in order to analyze and clean the site. As part of the Site Cleaning Service we also require: access to your database, access to your site control panel, and server credentials to log into your site. The server credentials are transmitted via an encrypted page and stored using PGP encryption. We may also retain a backup of portions of your site for a limited amount of time after the cleaning for quality assurance purposes.

Improving Sites and Services. We use data to continually improve the Services, including adding new features or capabilities. Data is collected throughout your interactions with the Services that enable us to understand customer usage and tailor future capabilities. Such data may include:

Internet or other similar network activity. Such as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

Geolocation data. Such as physical location.

Commercial information. Such as records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

We track general, non-personalized information (e.g., operating system, browser version and type of device being used) to know how many people visit specific pages of our Sites or utilize specific areas of the Services so that we may improve those Sites and Services. We may use your IP address to customize services to your location, such as the language displayed on our Sites.

Please note that we use IP addresses on a highly restrictive basis to analyze trends, to administer the site, and to collect general information for aggregate use.

Service Communications. We use data we collect to deliver and personalize our communications with you. For example, we may contact you by email or other means to notify you of changes in information and updates to the Services or to our Privacy Policy. Such data may include:

Identifiers. Such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.

Marketing and event communication: We use personal information to deliver marketing and event communications to you across various platforms, such as email, direct mail, social media, and online via our Sites. Third parties may also market to you on our behalf based on your use of their third-party services. Such data may include:

Identifiers. Such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.

Commercial information. Such as records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

If we send you a marketing email, it will include instructions on how to opt out of receiving these emails in the future. We also maintain email preference centers for you to manage your information and marketing preferences. For information about managing email subscriptions and promotional communications, please visit the Your Rights Regarding Personal Data section of this privacy statement. Please remember that even if you opt out of receiving marketing emails, we may still send you important Service information related to your accounts and subscriptions.

Processing Payments: If you make a payment to Defiant or receive payment from Defiant, we will ask for Payment Information and other information requested for processing your payment.

We use third party payment processors, currently Google Pay, Apple Pay, and PayPal-Braintree (“Payment Processors”) to assist in securely processing your payment information. If you pay with a credit card the payment information that you provide through the Services is encrypted and transmitted directly to the Payment Processor. We do not store your Payment Information and do not control and are not responsible for the Payment Processors or their collection or use of your information. You may find out more about how the Payment Processors store and use your Payment Information by accessing the Payment Processors privacy policy.

If you choose to use any of the Payment Processors to make purchases through the Sites or PayPal to receive payment through our Bug Bounty or Affiliate programs, you will be directed to the Payment Processor’s website and provide your payment information directly to Payment Processor. The Payment Processor’s privacy policy applies to the information you provide on the Payment Processor’s website. PayPal is an independent controller for the purpose of processing your payments. You may access the PayPal privacy statement at https://www.paypal.com/us/legalhub/paypal/privacy-full.

Employment: When you apply for employment with Defiant, we may process information about you to determine your eligibility. Such information may include:

Identifiers. Such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.

Professional or employment-related information. Such as current or past job history or performance evaluations.

Characteristics of a protected class, such as your gender or relationship status if you have this information on your public profile.

Embedded Videos: We may provide embedded videos on our Services that are hosted by third party video providers, such as YouTube (Google). If you click “play” on a video embedded within the Services, the third-party video provider may place tracking technologies on our Service, for example to remember where you left off in the video. Depending on where you live, we may be required to obtain your consent before this type of tracking technology is used. If you are unsure whether you provided your consent to such tracking technology, you can always review and adjust your Cookie Settings or your individual browser’s settings.

Cookies and Tracking Technologies: Our Services may incorporate cookies and tracking technologies to provide you with certain functionalities available within our Services. These tracking technologies, including those described below, may collect or generate personal information about you when you interact with us, but only if you decide to allow them in your  Cookie Settings, or in your individual browser’s settings.

You may adjust these preferences at any time, and you may be prompted to make your selections again if you navigate to a new part of our Services where different tracking technologies are used. Please review the Cookies Notice that is displayed at the time you use our Services to learn more.

Our Services may incorporate the following tracking technologies:

• Cookies: Small files that are transferred to your device’s hard drive for a period of time to store user preferences and other types of information to help us provide you with certain features. Read more about cookies in our Cookies Notice.
• Web Beacons: Electronic images placed in the code of a webpage, application, or email that allow us to monitor things such as user activity and site traffic.
• Pixels and Tags: Pieces of code, or tags, which gather information about users. For example, tags are used on our websites to better understand online usage patterns and trends.  We may also use tags in our emails or newsletters to count how many of those messages are read.

We will only use personal information when the law allows us to. Most commonly, we will use personal information for the following lawful purposes:

• Where we need to perform the contract we are about to enter into or have entered into with you (“performance of a contract”).
• Where we receive your consent (“consent”).
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (“legitimate business interest”).
• Where we need to comply with a legal or regulatory obligation (“legal obligation”).

We will only use personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process personal information about you without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Defiant uses information that we collect from customers and visitors for the purposes of:

• providing the Services (performance of a contract);
• providing ongoing support (performance of a contract);
• evaluating you for a job (legitimate business interest);
• communicating with you, including promotional communications and customer relationship management (“CRM”) (legitimate business interest);
• providing information about other Sites and Services (legitimate business interest);
• helping us run our company, for example to improve the Services or our security, train staff or perform marketing activities, including CRM (legitimate business interest);
• complying with our legal obligations (legal obligation); and
• accounting and other administrative purposes (legitimate business interest).

PERSONAL DATA RETENTION

We will only store personal information as long as necessary to fulfil the purposes for which the information is collected and processed or, where the applicable law provides for longer storage and retention period, for the storage and retention period required by law. After that personal information will be deleted, blocked or anonymized, as provided by applicable law. In particular:

• If you terminate your account, personal information about you will be marked for deletion except to the degree legal requirements or other prevailing legitimate purposes dictate a longer storage.
• Please note that Defiant is required to retain certain transactional data under statutory commercial and tax law for a period of up to ten (10) years.
• If you withdraw your consent on which the processing of personal information about you is based, we will delete the personal information without undue delay to the extent that the collection and processing of the personal information was based on the withdrawn consent.
• If you exercise a right to object to the processing of personal information about you, we will review your objection and delete the personal information that we processed for the purpose to which you objected without undue delay, unless another legal basis for processing and retaining this data exists or unless applicable law requires us to retain the data.

HOW WE SHARE PERSONAL DATA

It is the policy of Defiant and its subsidiaries to protect users’ information both online and off-line. Access to our users’ information is restricted to only those employees or agents, contractors or subcontractors of Defiant who have valid reasons to access this information to perform any service you have requested or authorized, or for any other purpose described in this Privacy Policy.

We may provide personal information to:

• Defiant-controlled affiliates and subsidiaries, located in and outside your country, including outside the European Union or United Kingdom (in such case, we will use an appropriate legal framework to operate data transfers);
• outsourced service providers who perform functions on our behalf, located inside or outside of the EU or UK territory (in such case, we will use appropriate legal framework to operate data transfers). For example, when you provide payment data to make a purchase, we will share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction;
• our authorized agents and representatives, located inside or outside of the EU or UK territory (in such case, we will use appropriate legal framework to operate data transfers), who sell products or provide services on our behalf, such as training service providers or product resellers;
• anyone expressly authorized by you to receive personal information about you;
• anyone to whom we are required by law to disclose personal information, upon valid and enforceable request thereof.

Finally, we will access, disclose and preserve personal information when we have a good faith belief that doing so is necessary to:

• comply with applicable law or respond to valid legal processes, including from law enforcement or other government agencies, upon valid and enforceable request thereof; or
• operate and maintain the security of our Services, including to prevent or stop an attack on our computer systems or networks.

In the preceding twelve (12) months, we have disclosed the following categories of personal information to service providers for a business purpose:

• Identifiers, for Payment processing, marketing, delivery services, customer relationship management, web hosting, or data storage
• Customer Records personal information categories, for marketing, customer relationship management, or data storage
• Commercial information, for payment processing, marketing, delivery services, customer relationship management, web hosting, or data storage
• Internet or other similar network activity, for marketing, delivery services, customer relationship management, web hosting, or data storage
• Geolocation data, marketing, customer relationship management, web hosting, or data storage
• Professional or employment-related information, for managing our business.

Please note that some of our Services may direct you to services of third parties whose privacy practices differ from Defiant’s. If you provide personal information to any of those services, your data is governed by their privacy statements or policies. Defiant. Inc. is not responsible for the privacy practices of these other Sites. Please review the privacy policies for these websites to understand how they process your information.

We require service providers to only use personal information for the specific purpose for which it was given to us and to protect the privacy of personal information. We will only disclose personal information about you to service providers who agree to keep your information confidential.

DO WE SELL OR SHARE PERSONAL INFORMATION?

We may sell or share personal information about you to third parties, subject to your right to opt-out of those sales. Our personal information sales do not include information about individuals we know are under age 16. In the preceding twelve (12) months, Defiant has sold the following categories of personal information to the categories of third parties indicated in the chart below. To opt-out of personal information sales or sharing, visit Do Not Sell or Share My Personal Information.

CATEGORIES OF THIRD PARTIES

Personal Information Category	Commercial or Business Purpose	Category of Third Party to Which we Sold or Shared Personal Information
Identifiers	Payment processing, marketing, delivery services, customer relationship management, web hosting, or data storage	Remarketing, retargeting, and advertising providers
Communications	Customer relationship management, or data storage	Remarketing, retargeting, and advertising providers
Internet or Other Similar Network Activity	Marketing, delivery services, customer relationship management, web hosting, or data storage	Remarketing, retargeting, and advertising providers
Geolocation Information	Marketing, customer relationship management, web hosting, or data storage	Remarketing, retargeting, and advertising providers

 

HANDLING OF PERSONAL DATA

Security of Personal Data

Defiant is committed to protecting the security of personal information. Depending on the circumstances, we may hold your information in hard copy and/or electronic form. For each medium, we use technologies and procedures to protect personal information. We review our strategies and update as necessary to meet our business needs, changes in technology, and regulatory requirements.

These measures include, but are not limited to, technical and organizational security policies and procedures, security controls and employee training.

You are responsible for maintaining the security of your account credentials for the Services. Defiant will treat access to the Sites and Services through your account credentials as authorized by you. Unauthorized access to password-protected or secure areas is prohibited and may lead to criminal prosecution. We may suspend your use of all or part of the Services without notice if we suspect or detect any breach of security. If you believe that information you provided to us is no longer secure, please notify us immediately using the contact information provided below.

If we become aware of a breach that affects the security of personal information, we will provide you with notice as required by applicable law. To the extent permitted by applicable law, Defiant will provide any such notice that Defiant must provide to you at your account’s email address. By using the Services, you agree to accept notice electronically.

Storage and Transfer of Personal Data

Personal data collected by Defiant may be stored and processed in your region, in the United States or in any other country where Defiant, its affiliates or contractors maintain facilities, including outside the European Union or United Kingdom. We take steps to ensure that the data we collect under this Privacy Policy is processed pursuant to the terms thereof and the requirements of applicable law wherever the data is located.

Defiant also collaborates with service providers such as cloud hosting services and suppliers located around the world to serve the needs of our business, workforce, and customers. In some cases, we may need to disclose or transfer personal information within Defiant or to service providers in areas outside of your home country. When we do so, we take steps to ensure that personal information is processed, secured, and transferred according to applicable law.

If you would like to know more about our data transfer practices, please contact our Legal Department at privacy@defiant.com.

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

Defiant respects your right to access and control personal information about you. You have choices about the data we collect. When you are asked to provide personal information that is not necessary for the purposes of providing you with our Sites and Services, you may decline. However, if you choose not to provide data that is necessary to provide a Service, you may not have access to certain features Sites and Services.

We aim to keep all personal information that we hold accurate, complete and up-to-date. While we will use our best efforts to do so, we encourage you to tell us if you change your contact details and this can be easily accomplished using the Wordfence Dashboard section of the Site. However, if you believe that the information we hold about you is incorrect, incomplete or out-of-date, please contact privacy@defiant.com.

Access to personal information: In some jurisdictions, you have the right to request access to personal information about you. In these cases, we will comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. We may also charge you a fee for providing you with a copy of your data (except where this is not permissible under local law).

If you are a corporate user of the Services (which means your employer is a Defiant customer of such Sites and Services): please first request access to personal information about you with your employer. Your employer will then be in touch with us with respect to your request.

Correction and deletion: In some jurisdictions, you have the right to correct or amend personal information about you if it is inaccurate or requires updating. You may also have the right to request deletion of personal information about you. Please note that such a request could be refused because personal information about you is required to provide you with the products or services you requested, e.g. to deliver a product or send an invoice to your email address, or that it is required by the applicable law.

Portability: If you reside within the European Union or United Kingdom, you have the right to ask for a copy of the personal information about you we process and/or ask for it to be ported to another provider of your choice. Please note that such a request could be limited to only personal information you provided us with or that we hold at that given time and subject to any relevant legal requirements and exemptions, including identity verification procedures.

If you are a corporate user of the Services (which means your employer is a Defiant customer of such Sites and Services): please first request access to personal information about you with your employer. Your employer will then be in touch with us with respect to your request.

Marketing preferences: If you have provided us with your contact information, we may, subject to any applicable Spam Act or similar regulation, contact you via e-mail, postal mail or telephone about Defiant products, services and events that may be of interest to you, including our newsletter.

E-mail communications you receive from Defiant will generally provide an unsubscribe link allowing you to opt-out of receiving future e-mail or to change your contact preferences. E-mail communications may also include a link to directly update and manage your marketing preferences. Please remember that even if you opt out of receiving marketing emails, we may still send you important Service information related to your accounts and subscriptions.

You can also request changes to your account by contacting Defiant at the email, postal mail, or telephone number listed under the Questions and Complaints section of this Privacy Policy.

CHILDREN’S PRIVACY

THE SITES ARE NOT INTENDED FOR CHILDREN

You must be at least the age of majority in your place of residence to use the Sites or Services. The Sites or Services are not directed to or intended for use by minors. Consistent with the requirements of the U.S. Children’s Online Privacy Protection Act, if we learn that we received any information directly from a child under age 13 without his or her parent’s verified consent, we will use that information only to inform the child (or his or her parent or legal guardian) that he or she cannot use the Sites or Services.

California Minors: While the Service is not intended for anyone under the age of 18, if you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: privacy@defiant.com. When requesting removal, you must be specific about the information you want removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the Content or information. Removal of your content or information from the Service does not ensure complete or comprehensive removal of that content or information from our systems or the systems of our service providers. We are not required to delete the content or information posted by you; our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public.

YOUR STATE PRIVACY RIGHTS

State consumer privacy laws may provide their residents with additional rights regarding our use of personal information. The following Section applies to individuals who reside in specific jurisdictions that provide additional privacy rights.

Your Rights and Choices

Right to Access Specific Information and Data Portability Right. You have the right to request that we disclose certain information to you about our collection and use of personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• The specific pieces of personal information we collected about you (also called a data portability request).
• If we disclosed personal information for a business purpose, the business purpose for which personal information was disclosed, and the personal information categories that each category of recipient obtained.

Right to Correct Information. You have the right to request we update personal information about you that is incorrect in our systems.

Right to Delete. You have the right to request that we delete any personal information about you that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) the personal information from our records, unless an exception applies.

Right to Opt-out of the sale or sharing of Personal Information for Cross-Contextual Behavioral Advertising. To opt-out of personal information sales or sharing, visit Do Not Sell or Share My Personal Information.

Right to Limit Sensitive Personal Information Use. You have the right to limit the use of sensitive personal information regarding you.

Non-Discrimination. We will not discriminate against you for exercising any of your rights.

To submit a request to exercise these rights you may use one of these two methods:

E-mailing it to us at: privacy@defiant.com

Mailing it to us at: Defiant Inc. Attn: Privacy Policy Issues, 1700 Westlake Ave N Ste 200, Seattle, WA 98109

For submissions via email please use the downloadable Verifiable Consumer Request Form.

For all requests, please clearly state that the request is related to “Your Privacy Rights,” indicate which type of request you are making, and provide your name, street address, city, state, zip code and an e-mail address or phone number where we may contact you. We are not responsible for notices that are not labeled or sent properly or that do not include complete information.

To appeal a decision regarding a consumer rights request, please submit your appeal using one of the two methods above. Your appeal should include an explanation of the reason you disagree with our decision. Within 60 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

Only you, or a person registered with the an applicable Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to personal information about you. You may also make a verifiable consumer request on behalf of your minor child.

You may only make such a request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response electronically. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide the personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Opt-out Preference Signals. Our website honors General Privacy Control (“GPC”) opt-out preference signals when such signals are configured through your browser. You can get further help in configuring your browser by visiting: https://globalprivacycontrol.org/

Personal Information Sales Opt-Out. If you are age 16 or older, you have the right to direct us to not sell personal information about you at any time (the “right to opt-out”). We do not sell the personal information of consumers we know are less than 16 years old, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 15 years old, or the parent or guardian of a consumer less than 13 years old. Consumers who opt-in to personal information sales may opt out of future sales at any time.

To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by visiting the following Internet Web page link: Do Not Sell or Share My Personal Information.

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales.

California Shine the Light Law. California Civil Code Section 1798.83 permits users who are California residents to obtain from us once a year, free of charge, a list of service providers to whom we have disclosed personal information (if any) for direct marketing purposes in the preceding calendar year. If you are a California resident and you wish to make such a request, please send an e-mail with “California Privacy Rights” in the subject line to privacy@defiant.com or write us at: Defiant. Inc., 1700 Westlake Ave N Ste 200, Seattle, WA 98109.

THE GENERAL DATA PROTECTION REGULATION (“GDPR”)

If you reside within the European Union or the United Kingdom you may be entitled to other rights under the GDPR. These rights are summarized below. We may require you to verify your identity before we respond to your requests to exercise your rights. If you are entitled to these rights, you may exercise these rights with respect to personal information about you that we collect and store:

• the right to withdraw your consent to data processing at any time (please note that this might prevent you from using certain aspects of the Portal, the Services, or the Portal or Services altogether);
• the right to access personal information about you;
• the right to request a copy of personal information about you;
• the right to correct any inaccuracies in personal information about you;
• the right to erase personal information about you;
• the right to data portability, meaning to request a transfer of personal information about you from us to any other person or entity as chosen by you;
• the right to request restriction of the processing of personal information about you; and
• the right to object to processing of personal information about you.

You may exercise these rights free of charge. These rights will be exercisable subject to limitations as provided for by the GDPR. Any requests to exercise the above listed rights may be made to: privacy@defiant.com.

If you reside within the European Union or United Kingdom, you have the right to lodge a complaint with a Data Protection Authority about how we process personal information at the following websites: for EU residents, https://edpb.europa.eu/about-edpb/board/members_en ; for UK residents, https://ico.org.uk/make-a-complaint/.

International Transfers of Personal Data

Whenever we transfer personal information out of the EU or UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• European Commission Standard Contractual Clauses: We may use specific contracts approved by the European Commission which give personal data the same protection it has in the EU.
• UK Information Commissioner’s Office International Data Transfer Agreement or International Data Transfer Addendum (where applicable)

For additional information on the mechanisms used to protect your personal data, please contact us at privacy@defiant.com.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy based upon evolving Laws, regulations and industry standards, or as we may make changes to our business including our Sites and Services. We will post changes to our Privacy Policy on this page and encourage you to review our Privacy Policy when you use our Sites or Services to stay informed. If we make changes that materially alter your privacy rights, Defiant will provide additional notice, such as via email or through the Sites or Services. If you disagree with the changes to this Privacy Policy, you should discontinue your use of the Sites and/or Services. You may also request access and control of personal information about you as outlined in the Your Rights Regarding Personal Data section of this Privacy Policy.

QUESTIONS OR COMPLAINTS HANDLING

We understand that you may have questions or concerns about this Privacy Policy or our privacy practices or may wish to file a complaint. In such case, please contact us in one of the following ways:

Email: privacy@defiant.com

Mail: Defiant, Inc., Attn: Legal Department, 1700 Westlake Ave N Ste 200, Seattle, WA 98109