Last Updated: January 17, 2025
This Privacy Policy governs the manner in which M²ORE Platform, LLC, a Texas limited liability company (hereafter collectively referred to as "M²ORE Platform," "we," and "us") collects, uses, maintains and discloses information collected from users (each, a "User" or "you") for M²ORE Vector™, our software platform, websites, products, and services (together, collectively the "Service"). By accessing the Service, you acknowledge and agree to this Privacy Policy.
We reserve the right to make any changes to our privacy policy at any time. Users must refer back to our privacy policy to read any changes in our privacy policy.
When establishing an account with our Service, you may provide us with personally identifiable information. This refers to information about you that can be used to contact or identify you ("Personal Information"). Personal Information that we collect may include, but is not limited to, the following: (I) information that directly or indirectly identifies you (including name, job title, department, employer organization name, business addresses, telephone numbers, email addresses, and other unique identifiers); (II) information that can be used to authenticate you (including employee identification numbers, answers to security questions, and other personal identifiers); and (III) your login details, organization details, and role information.
When you use the Service to assess your organization's security program maturity or manage operational risks, you may provide information about your security programs, policies, procedures, organizational structure, security domain maturity levels, risk assessments, and related security program information ("Security Program Data"). This may include information about security controls, program objectives, key performance indicators, risk factors, and assessment responses. Security Program Data is used to provide the core functionality of the Service, including generating program maturity scores, creating Objectives and Key Results (OKRs), providing benchmarking analytics, and managing operational risks.
Besides the Personal Information and Security Program Data, we may also collect other information regarding your activity during your use of the Service including, but not limited to, cookie data, device data, browser type, session duration, time between sessions, features accessed during a session, actions taken, log in time, log out time, assessment completion progress, and other behavioral data (collectively, "Usage Information").
We may collect your IP address and location data and infer location information such as city, state, or country from your IP address, as needed, to provide the Services or send you communications.
When you use the Service, our servers may automatically record information that your browser sends whenever you visit our Service. This information may include, but is not limited to, your computer's Internet Protocol address (IP address) or other identifier, your general location, browser type, the web page you were visiting before you came to the Service, and in-bound tracking, namely, the source (ad, social media channel or blog, search engine) which made you aware of the Service.
We may collect your personal information regarding feedback, questions, or information you provide when interacting with our support team. Your conversations with our support team may be recorded and monitored to improve our service, troubleshoot, and protect against errors, and process and resolve your complaints or questions. We may also collect and use any files that you send to us for troubleshooting to improve our Service.
The Personal Information, Security Program Data, and Usage Information we collect from the Service will be used mainly as follows: (i) to provide, maintain, protect and improve the Service, including calculating security program maturity scores, generating OKRs, providing benchmarking analytics, and managing operational risks; (ii) to respond to your submissions, questions, comments, requests and complaints and provide customer service; (iii) as part of our efforts to keep the Service and integrations safe and secure; (iv) to protect M²ORE Platform's rights or property; (v) for internal operations, including troubleshooting, data analysis, testing, research, customization, and improvements to service and experience on the Service; (vi) to send you confirmations, updates, security alerts, and support and administrative messages; and (vii) for any other legitimate business purpose for which the information was collected. We may use information to provide online advertising and to send you information we think may be useful or relevant to you. You may opt out of email marketing by using the unsubscribe link in a marketing email or you may opt out by altering your account settings.
We may anonymize and aggregate Security Program Data and other data collected through the Service and use it for benchmarking analytics, industry research, and to provide comparative insights to our customers. This aggregated and anonymized data does not identify any individual or specific organization and may be shared with customers as part of the benchmarking features of the Service.
For personal data that is subject to General Data Protection Regulation 2016/679 ("GDPR"), we rely on several legal bases to process your data, which include (i) when you have given consent, which you may withdraw at any time by contacting legal@m2orevector.com; (ii) when data processing is necessary to perform a contract with you; and (iii) our legitimate business interests, such as improving and personalizing the Services, marketing new features or products that may be of interest to you, and promoting safety and security of the Services and our customers.
M²ORE Platform may on occasion combine information collected with additional records (such as information from affiliated companies, partners, distributors, or outside vendors, and publicly available information, including on social media sites). The combined information may be used for purposes such as to market products, features, or services that may be of interest to you, or for research and analytics.
M²ORE Platform may share your information: (i) where your consent is obtained, such as when you choose to opt-in to the sharing of data; (ii) with vendors and service providers retained in connection with provision of the Service, including for data analytics purposes and cloud infrastructure providers; (iii) to comply with law enforcement requests and legal process (such as a court order or subpoena), legal action or law enforcement ("Legal Reasons"); (iv) to enforce or apply this Privacy Policy, our other policies, or agreements; (v) respond to your requests; (vi) protect M²ORE Platform's, your, or others' legal rights and/or property ("Prevent Harm"); or (vii) if M²ORE Platform is involved in a merger, acquisition or asset sale, in which case the use of your information will be governed by the provisions of the Privacy Policy in effect at the time M²ORE Platform collected such information.
We do not sell your Personal Information or Security Program Data to third parties.
We know members of our community value having control over their own information, and therefore M²ORE Platform gives you the choice of providing, editing, or removing certain information, as well as choice over how we contact you. We give you account settings and tools to access and control your personal data regardless of where you live. If you live in the European Economic Area, United Kingdom, and Switzerland ("Designated Region"), you have several legal rights regarding your information as discussed below.
You may send an email to legal@m2orevector.com to request access to, correct, or delete your Personal Information. We may not accommodate a request to change or delete information if we believe the change or deletion would violate any law or legal requirement or cause the information to be incorrect.
For various reasons, M²ORE Platform may contact you about our services or your activity. Some of these messages are required, service-related messages. If you live in a Designated Region, you have the right to object to our processing of your information based on our legitimate interests and the right to object to the use of your information for direct marketing purposes. You should review our COOKIES AND TRACKING TECHNOLOGIES section for your options to control how we and our partners use cookies and other technologies for advertising. If you no longer wish to use M²ORE Platform's services or receive service-related messages, then you may close your account.
If you have any questions about how to exercise these choices, please e-mail us at legal@m2orevector.com.
M²ORE Platform does not control the privacy policies of third parties and you are subject to the privacy policies of those third parties where applicable. M²ORE Platform is not responsible for the privacy or security practices of other websites on the Internet, even those linked to or from the M²ORE Platform site. We encourage you to ask questions before you disclose your personal information to others.
We may employ third party service providers to facilitate our service, to provide service on our behalf, to perform payment processing, website related services (including but not limited to cloud infrastructure, maintenance services, database management, web analytics and improvement of M²ORE Vector™ features) or to assist us in analyzing how our website and service are used and can be improved. These third parties may have access to your Personal Information only for purposes of performing these tasks on our behalf and are obligated to protect your information.
M²ORE Platform must cooperate with government and law enforcement officials and private parties to enforce and comply with the law. In the event of a claim and/or legal process (including but not limited to subpoenas), to protect the property and rights of M²ORE Platform or a third party, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to pose a risk of being illegal, unethical, inappropriate or legally actionable, we reserve the right to disclose any information about you to government or law enforcement officials or private parties as we in our sole discretion find necessary or appropriate.
In the event of a bankruptcy, merger, acquisition, reorganization or sale of assets, M²ORE Platform may sell, transfer or otherwise share some or all of its assets, and your Personal Information may be transferred as part of that transaction. To the maximum extent allowable by law, the Privacy Policy will apply to the User information as transferred to the successor entity. However, User information submitted after a transfer to a successor entity may be subject to a new privacy policy adopted by the successor entity.
The security of your personal information is important to us. Your M²ORE Vector™ account information is protected by a password or a Single Sign On (SSO) platform. It is important that you protect against unauthorized access of your account and information by choosing your password carefully, and keeping your password and computer secure by signing out after using our services. Each password owner is responsible for keeping the password confidential and safe, as M²ORE Platform has no control or responsibility for this type of user information. You agree not to disclose or share your user information and/or password with any third party. You are responsible for any activity using your account, whether or not you authorize that activity. Please immediately notify M²ORE Platform of any unauthorized use of your account.
M²ORE Platform encrypts sensitive information using secure socket layer technology (SSL) and industry-standard encryption protocols. M²ORE Platform follows generally accepted industry standards to protect the personal information submitted to us, both during transmission and once M²ORE Platform receives it. Our platform infrastructure is hosted on secure cloud services with regular security audits and monitoring. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. Your data may be lost during transmission or may be accessed by unauthorized parties. We do not accept any liability for direct or indirect losses as regards the security of your Personal Information or data during its transfer over the Internet.
M²ORE Platform uses a variety of technologies to help us better understand how people use the Service. A cookie is a small data file sent from a web site to your browser that is stored on your computer's hard drive. M²ORE Platform uses our own cookies for a number of purposes, including to access your information when you sign in; keep track of preferences you specify; display the most appropriate content based on your interests and activity on M²ORE Vector™; estimate and report M²ORE Vector™'s total audience size and traffic; conduct research to improve our content and services. You can configure your browser's settings to reflect your preference to accept or reject cookies. If you reject all cookies, you will not be able to take full advantage of services offered by the Service.
We may use Flash cookies (a.k.a. local shared objects or LSOs) to store some of your viewing preferences on our site. Flash cookies are used to collect and store information, but differ from browser cookies in the amount, type and manner in which data is stored. M²ORE Platform does not tie the information gathered by Flash cookies to your personally identifiable information.
M²ORE Platform may partner with third-party services who may use various tracking technologies, such as browser cookies or Flash cookies, to provide certain services or features. These technologies allow a partner to recognize your computer each time you visit M²ORE Vector™, but do not allow access to personally identifiable information from M²ORE Platform. M²ORE Platform does not have access or control over these third-party technologies, and they are not covered by our privacy statement. You may be able to change browser settings to refuse and/or disable cookies when you access the Service through a web browser. The steps to do this vary depending on the browser used, but generally can be found by using the "Help" feature available on your browser. However, if you do that, the Service may not work properly and/or personalized features of the Service will be disabled.
The Service is not presently configured to support Do Not Track ("DNT") signals from web browsers.
M²ORE Platform will retain your Personal Information for as long as your account is active or as needed to provide you services. In some instances, we will delete or anonymize the information you provide to us after it is no longer needed. We also keep information about you and your use of the Service for as long as it is necessary for our legitimate business interests, legal reasons (e.g., legal requirements to keep data), and to prevent harm to M²ORE Platform and/or its users, but we shall not keep your Personal Information for more than 7 years after your account becomes inactive. Security Program Data may be retained in anonymized and aggregated form for benchmarking purposes beyond this period.
M²ORE Vector™ is not directed to nor is it intended for children under 18 years of age. We do not knowingly collect personally identifiable information (or any information at all) from any persons under 18. If we become aware that a child has provided us with Personal Information, we will delete such information from our files. Users of M²ORE Vector™ accept responsibility of ensuring that children are not accessing or using our Service.
The Service is hosted on servers located in the United States. If you are a user accessing the Service from the European Union, Australia, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure, that differ from United States laws, you are transferring your personal data to the United States which may not have the same data protection laws as such other regions. By providing user information through the Service you are consenting to the transfer of your information to the United States for processing and maintenance in accordance with this Privacy Policy and any agreement with us. You are also consenting to the application of United States law in all matters concerning the Service and any services offered or provided therefrom.
The California Consumer Privacy Act (the "CCPA" or "Act") provides California residents with specific rights regarding their personal information. It should be noted that personal information under the Act does not include publicly available information from governmental records and de-identified or aggregated consumer information. This section describes your rights under the Act and explains how to exercise those rights.
As required by the Act, we will provide you the following information upon a verifiable consumer request: (1) categories of Personal Information that we collect; (2) categories of sources from which the Personal Information is collected; (3) the purpose of collecting such Personal Information; (4) the categories of third parties with whom we share Personal Information; and (5) specific pieces of Personal Information collected. If we sold or disclosed your Personal Information for a business purpose in the preceding 12 months, we will provide (a) a list of the categories of personal information that was sold, and (b) a list of the categories of personal information that was disclosed for a business purpose.
According to the Act, you may request that your Personal Information be deleted. We will comply with this request once we are able to confirm that we received a verified consumer request. Please be advised that we may deny your request to delete your Personal Information if we need to maintain your Personal Information in order to (1) complete a transaction, provide service or goods, or perform a contract for which the Personal Information is collected; (2) detect any security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for these activities; (3) debug products and to identify and repair errors that impair functionality of the service or website; (4) exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided by law; (5) comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.); (6) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent; (7) enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (8) comply with a legal obligation; or (9) otherwise use your Personal Information, for internal use only, that is compatible with the context in which you provide the Personal Information.
To request (a) information about your Personal Information collected or (b) deletion of your Personal Information, please send an email with your request to legal@m2orevector.com (Subject line: CCPA Request).
We can only respond to verifiable consumer requests. A verifiable consumer request means a request that is made by a consumer, by a consumer on behalf of a consumer's minor child, or a person registered with the California Secretary of State that is authorized to act on your behalf. Your verifiable consumer request must include (1) sufficient information that allows us to verify your identity or provides sufficient authority to make the request; and (2) describes your request with enough detail to evaluate and respond to your request. We will not respond to any requests if we cannot verify your identity or authority to make the request and confirm that the personal information belongs to you. You are not required to create an account in order to make a verifiable consumer request. We are not required to comply with more than two verifiable requests from the same consumer in a 12-month period of time.
Please allow 45 days to complete your request. We will inform you if more time is required to complete, but it should take no longer than 90 days. If you have an account, we may provide our response to your account. If you do not have an account, we will provide our response according to your requested format, namely, electronically or by mail. Please note that there is no charge for making a request, but we reserve the right to charge a fee if the request is deemed excessive, repetitive, or manifestly unfounded. We will notify you of any fee and reasons for such fee before completing your request.
According to the Act, you have the right to opt-out of the sale of your Personal Information. We do not sell, share, or disseminate any Personal Information to any third party.
We will not discriminate against you because you exercised your rights under the CCPA including: (1) denying goods or services; (2) charging different prices or rates for goods or services through discounts, benefits, or imposing penalties; (3) providing different level of quality of goods or services; or (4) suggesting that you will receive a different price, rate, quality, or level of goods or services.
If you are a California resident, you are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of Personal Information to third parties for their direct marketing purposes in the preceding calendar year.
This website operates "AS-IS" and "AS-AVAILABLE," without warranties of any other kind. We are not responsible for events beyond our direct control. This Privacy Policy is governed by the laws of the State of Texas, excluding conflicts of law principles. Any legal actions against us arising out of or related to the Service must be commenced in Harris County in the state of Texas in the United States of America.
If we make any material changes to this Privacy Policy, we will post a notice on the website or application notifying users of the changes. In some cases, we also may send an email notifying users of the changes. You should check this website periodically to see if any recent changes to this Privacy Policy have occurred.
If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at legal@m2orevector.com.