Privacy Shield Policy

At IronCore Labs, we believe that everyone has a right to their privacy online. We respect the privacy of our visitors, our customers, and others that we do business with. We are committed to collecting, using, and keeping only the bare minimum of personal data, and deleting personal data after it is no longer needed. We never sell personal data. If we are obligated to disclose personal data because of a court order or other legal instrument, we will comply with the law after exhausting legal options available to us.

IronCore Labs complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. IronCore Labs has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of this privacy policy and the Privacy Shield principles, the Privacy Shield principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

IronCore Labs is based in the US, and the Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield.

In compliance with Privacy Shield Principles, IronCore Labs commits to investigate and resolve complaints about our collection or use of personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact IronCore Labs at [email protected], or write us at:

IronCore Labs
Privacy Shield Inquiry
1750 30th Street #500
Boulder, CO 80301 USA

IronCore Labs has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.

In some circumstances, the Privacy Shield framework gives individuals the right to invoke binding arbitration if a complaint can’t be resolved in any other way. There is more information about how and when to invoke binding arbitration at the website https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

IronCore Labs as the Controller of Personal Data

Under Privacy Shield, residents of the EU and Switzerland have the right to access, correct, limit the disclosure of, or delete their personal data that IronCore Labs holds. Below are descriptions of the types of data for which IronCore Labs is classified as the “Controller”, along with choices and means for affecting personal data.

When potential customers request that we send them information, they provide their contact details (such as email address), for the express purpose of receiving our emails and other kinds of communications such as social media. We promptly stop sending emails when we receive an unsubscribe request. In order to make sure that we don’t accidentally send information to those who have unsubscribed, we store unsubscribed email addresses separately. Customers with questions or requests may contact us at [email protected].

Direct customers give us contact names, company address, billing information, and other relevant personal information that is required for us to provide services to our customers. Our direct customer information is maintained indefinitely, even after a customer is no longer doing business with IronCore Labs, unless we receive a request to correct or delete it at [email protected].

Our direct customers may also, at their discretion, contact us for customer or technical support. In order to provide our direct customers with excellent and ongoing support, we keep records of the queries and our responses indefinitely until we receive a request at [email protected] to delete those conversations. Some of this data may be stored on third party platforms.

Our website automatically logs activities, including IP addresses of visitors, for the past 30 days or less. All website logs older than 30 days are purged daily. We keep these logs for 30 days in order to detect, prevent, and investigate bugs, security incidents, or other problems with our products and services.

We collect analytics information on how people use our website in order to better understand our customers. To do that, we use a very few third party services with which we share some marketing data, including Google Analytics and Hubspot.

Google Analytics: to learn more about the Privacy Shield policy of Google Analytics, please refer to Google Analytics and the EU-US Privacy Shield https://support.google.com/analytics/answer/7105316?hl=en

If you wish to opt out of Google Analytics, Google has created the Google Analytics Opt-out Browser Add-On for many major browsers https://tools.google.com/dlpage/gaoptout?hl=en

Hubspot: to learn more about the Privacy Shield policy of Hubspot, please refer to Hubspot’s International Transfer of Information https://legal.hubspot.com/privacy-policy#_Toc513893751

If IronCore Labs receives any personal information under Privacy Shield and then transfers that personal information to a third party acting on our behalf, we are still liable under Privacy Shield Principles if the third party processes the personal information in a way that is inconsistent with the Principles, unless we can show that we are not responsible for the event that caused the damage.

IronCore Labs does not disclose personal data to third parties for any reason that is materially different than the purpose for which it was originally collected.

Queries about third parties which collect analytics information on behalf of IronCore Labs may be sent to: [email protected]

As IronCore Labs grows, we periodically place job postings for positions in the company. We receive resumés and job applications from people interested in joining us. Those
resumés and applications are kept for up to a year after a position is filled so that we can, at our option, contact qualified applicants for new positions. We will, if requested at [email protected], delete a resumé and application from an applicant who no longer wishes to be contacted.

Our Human Resources department maintains personal information on all IronCore Labs employees. Because of US tax laws, we must retain this information. At the time that this Policy was first published, all employees of IronCore Labs are residents of the United States. We do not use information collected for employment purposes for any non-employment-related reasons.

Audit trail logs of customer users and files are stored for a length of time under customer control, either 30 days, one year, or unlimited, depending on customer tier.