Just announced: HUMAN’s Satori Threat Intelligence and Research team has disrupted a cunning mobile advertising fraud campaign dubbed Konfety.


Human-Privacy Policy-Abbreviated logo@2x
Updated: April 8, 2024

This Privacy Policy (“Policy”) explains how Human Security, Inc. (“Human,” “we,” “us,” “our”) collects, uses, and discloses information through our website, online communications, other online platforms, and our products, services and reporting platforms (collectively, the “Services”). The Policy is divided into two sections:

  • Section 1 addresses information that we collect as a data controller, which includes information collected through our website, humansecurity.com, and all of its subdomains (the “Website”); threat intelligence and security information received from partners or clients outside of our capacity as a service provider; information submitted to us on other platforms such as email; and information we collect from our business contacts, including representatives of our vendors and prospective customers. We refer to this information collectively as Controller Data.
  • Section 2 addresses information that we process as a service provider to our customers through our products, services, and reporting platforms (the “Product”). We refer to this information collectively as Processor Data.

HUMAN complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Human has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Human has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

HUMAN is an approved vendor on the Global Vendor List (GVL) and meets criteria for both TCF V2.0 Operational status and V2.2 Operational status, which signifies that we adhere to the principles and guidelines outlined by the Transparency and Consent Framework (TCF).

Please read this Policy carefully so that you understand our information practices. If you do not agree with the terms of this Policy, please do not use the Services. If you have any questions about this Privacy Notice, please contact us at privacy@humansecurity.com.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

We reserve the right to change this Policy at any time to reflect changes in the law, our data collection, use and disclosure practices, the features of our Services, or advances in technology.  Please check this page periodically for changes.  Your continued use of the Services following the posting of changes to this Policy will be deemed to mean you understand the applicability of those changes.

For your convenience, links to each section of the Policy is as follows: 






We collect information in multiple ways, including when you provide information directly to us, and when we passively collect information from you, such as information collected from your browser or device that you use to access the Site.

A.    Information You Provide Directly to Us 

When you browse our Site or otherwise interact with us, you may provide us information directly, including:

  • Contact information, such as your name, email address, phone number, fax number, company name, and physical address.
  • Registration information, if you are a client or perspective client who has registered to use our Product;
  • Correspondence between you and us and records of such correspondence, such as the contents of emails you send us, Product or client support inquiries, or other feedback you provide directly to us.
  • Information you provide in reviews and surveys; and
  • Marketing preferences, such as records of your requests to opt out of marketing communications.

    B.    Information That is Passively and/or Automatically Collected
    (i)    Device/Usage Information and Transactional Data

We may automatically collect certain information about the computer or devices (including mobile devices) you use to access the Services, such as (a) IP addresses, unique device identifiers and other information about your computer or mobile phone or other mobile device(s), browser types, browser language, operating system, the state or country from which you accessed the Services; and (b) information related to the ways in which you interact with the Services, such as: referring and exit pages and URLs, platform type, the number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services, the frequency of your use of the Services, error logs, and other similar information.  As described further below, we may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information.

We also automatically collect data when you engage in a transaction with us, such as a transaction ID, purchase date and time, and transaction amount.
        (ii)    Location Information

We may automatically collect location information, including general location information (e.g., city, state and zip code) derived from your IP address or other information associated with your device. 

        (iii)    Cookies and Other Electronic Technologies

Some parts of the Services may use cookies and similar technologies, such as web server logs, beacons, and tracking pixels. A cookie is a small text file that is placed on your computer when you visit a website, that enables us to: (i) recognize your computer; (ii) store your preferences and settings; (iii) understand what pages on the Website you have visited; (iv) enhance your user experience by delivering content specific to your interests; (v) perform searches and analytics; and (vi) assist with security administrative functions. Cookies are placed in your browser cache, while tracking pixels (sometimes referred to as “web beacons” or “clear GIFs”) are electronic tags with a unique identifier embedded in websites, online ads and/or email, and are designed to provide usage information like ad impressions or clicks, measure popularity of the Services and associated advertising, and access user cookies. We may also use these automated technologies to collect and analyze other information related to the devices you use to access the Services, such as IP addresses, browser types, browser language, operating system used, the domain name of your Internet service provider, unique device identifiers, and other information about your devices used to access the Website. These automated technologies may also collect information on the websites you have visited before and after you visit the Website, and the advertisements you have accessed, seen, forwarded, and/or clicked on when using the Website or other sites.  We or third-party technologies we use may place or recognize a unique cookie on your browser to enable you to receive customized content, offers, services or advertisements on our websites or other sites. We use cookies in the Product to maintain authenticated access and user sessions. We also use cookies to ensure authorized access to client-specific secure content and reports. As we adopt additional technologies, we may also gather additional information through other methods.

Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the "Help" section of your browser for more information (e.g., Microsoft Edge, Google Chrome, Mozilla Firefox, or Apple Safari). Please note that by blocking any or all cookies, you may not have access to certain features or offerings of the Website.

We use third parties to assist us in serving advertisements, tracking site usage statistics, and providing content-sharing services to support the Services.  These third parties may also use cookies and similar technologies to collect similar information about your use of the Website.  We do not control these third-party technologies, and their use of your information is governed by those parties' privacy policies. For more information about how to opt out of these third parties’ use of your information, please see Section 6 below.

C.    Information Collected from Other Sources

We may receive information from third-party partners or clients in our capacity as a Controller to enhance our Product (“Partner Information”). We use such information within the scope of our authorization to do so and in accordance with our commitments under applicable law.


We may use the information we collect for the following purposes:

  • To provide, operate, administer, and troubleshoot the Services;
  • To provide clients with access to the Product and provide associated client and technical support;
  • To send you information about the Services and your relationship with us;
  • For Partner Information, to enhance our Product;
  • To respond to your inquiries and send information that we believe is of interest to you;
  • To market the Services to you, including, but not limited to, by contacting you about discounts, promotions, updates, special offers, and joint marketing efforts;
  • To personalize your experience when using the Services;
  • For internal research, reporting and data analytics;
  • To improve the Services and/or develop new Services;
  • To allow us and our advertising partners to personalize the content and advertising that you see on the Services and on third-party platforms;
  • To comply with applicable laws and regulations;
  • For internal auditing and recordkeeping purposes;
  • To protect the safety of ourselves, our clients, and the public; and
  • To enforce the legal or contractual terms that govern your use of the Services or defend our legal rights.

We may also combine information that we collect from you with information we obtain about you from third parties. We may aggregate and/or de-identify any information collected through the Services. We may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes, and may also disclose such data to any third parties.


We may disclose your information to parties outside of Human under the following circumstances:

  • Affiliates. We may disclose your information to our affiliates and subsidiaries under common ownership and/or control.
  • Service Providers. We may provide access to your information to vendors and others who perform services on our behalf. These parties provide a variety of services to us, including, without limitation, order processing, billing, sales, marketing, advertising, market research, fulfillment, data storage, analysis and processing, and legal services.
  • Within our Product. We may integrate Partner Information into the Product, which is available to our clients.
  • Other Third Parties. Except as provided herein, we may disclose your information to third parties that assist in tailoring and serving advertisements that are relevant to you. We may also allow third-party advertising technologies (e.g., ad networks and ad servers) to use cookies and similar technologies on the Services to deliver relevant and targeted content and advertising to you on the Services and other websites you visit and applications you use, as explained further in “Personalized Content and Advertising” below.
  • Consent.  If you consent, we may disclose your information publicly or to third parties, such as if you agree to provide a Product review and have that content attributed to you.
  • Protection of Human and Others. We may access, preserve and disclose your information if required to do so by law or in a good faith belief that such access, preservation or disclosure is reasonably necessary to: (a) comply with applicable laws and regulations or legal process; (b) enforce our Terms of Service, this Policy, or other contracts with you; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect the rights, property or personal safety of Human, its agents and affiliates, its users and/or the public. We may also disclose information to law enforcement agencies in emergency circumstances where the disclosure of such information is consistent with the types of emergency disclosures permitted or required by law.
  • Business Transfers. We may disclose and/or transfer your information, including your contact information, in connection with a proposed or actual merger, acquisition, transfer of control, distribution or sale of all, or components, of our business.

The laws in some jurisdictions require companies to tell you about the legal grounds they rely on to use or disclose your “personal data” as such term is defined under applicable law. To the extent that those laws apply, our legal grounds are as follows: 

  • To honor our contractual commitments to you: We process personal data to meet our contractual obligations to our clients, or to take steps at clients’ requests in anticipation of entering into a contract with them. For example, we handle personal data on this basis to process your subscription and provide you access to the Product.
  • Legitimate interests:  In many cases, we handle personal data on the ground that it furthers our legitimate interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals, such as to fulfill client support requests, market our services to you, protect our users, personnel and property, enhance the Product, and analyze and improve the Services.
  • Consent: Where required by law, and in some other cases, we handle personal data on the basis of your implied or express consent.
  • Legal compliance: We use and disclose personal data in certain ways to comply with our legal obligations.

The Services are operated in the United States and are governed by United States law. If you are a resident of the European Economic Area or other location outside the United States, please be advised that any information you provide through the Services will be transferred to the United States or other designated locations outside of the United States for certain processing/hosting operations. When we transfer your information internationally, we take legally-required steps to protect your information in accordance with this Privacy Policy and applicable laws. These measures may include implementing Standard Contractual Clauses to govern the transfer of your information, or other means recognized by applicable laws. By providing us with your information, you acknowledge any such transfer, storage, or processing.


We do not serve third-party advertisements to you while using our Services. However, we do work with online analytics and advertising partners to: (1) better understand the use of our Services so that we can improve our Services; and (2) deliver advertisements for the Services that are more tailored to you both on our Services and on third-party Services.

Our partners may also place cookies, pixel tags and similar technologies on many online services, including ours. They use these technologies to collect information about your activities on these services in order to deliver you more relevant advertising. For example, they may use the information they collect from their cookies on our Services to identify products and services you might be interested in and to recognize your device so they can show you relevant advertisements on other services. 

We neither have access to, nor does this Policy govern, the use of cookies or other tracking technologies that may be placed on your computer, mobile phone, or other device you use to access the Services by non-affiliated, third-party ad technology, ad servers, ad networks or any other non-affiliated third parties. Those parties that use these technologies may offer you a way to opt out of ad targeting as described below.  If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link or the Digital Advertising Alliance’s Consumer Opt-Out link to opt-out of receiving tailored advertising from companies that participate in those programs. You may also use the links available in advertisements that appear in the Services and learn more about our advertising practices through the “About Our Ads” link available through the Services.

Please note that you may still receive advertisements even if you opt out of tailored advertising. In that case, the ads will just not be tailored. Also, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.


A. Marketing Communications

You can unsubscribe from marketing emails we send to you by clicking the “unsubscribe” link they contain. Please note that even though you may opt-out of receiving marketing-related communications from us, we may still send you important administrative and transactional messages.

          B. Rights Regarding Your Information

Depending on your jurisdiction, you may have the right, in accordance with applicable data protection laws, to make requests related to your “personal information” or “personal data” (as such terms are defined under applicable law, and collectively referred to herein as “personal information”). Specifically, you may have the right to ask us to: 

  • Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we disclose personal information.
  • Provide you access to and/or a copy of certain personal information we hold about you.
  • Correct or update personal information we hold about you.
  • Delete certain personal information we have about you.
  • Provide you with information about the financial incentives that we offer to you, if any.
  • Restrict or object to certain uses of your information.
  • Opt you out of the processing of your personal information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects, if applicable. 

Please note that certain information may be exempt from such requests under applicable law.  For example, we need certain information in order to provide the Services to you.  
You may also have the right to opt out of “sales” of your information and “sharing/processing of your information for targeted advertising” as described below. If you are a California resident, please see the “Notice to California Residents” section below for more information about our privacy practices and your rights.

As provided in applicable law, you also have the right to not be discriminated against for exercising your rights. Please note that certain information may be exempt from such requests under applicable law. For example, we need to retain certain information in order to provide our services to you. We also need to take reasonable steps to verify your identity before responding to a request, which may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying your name and email address.  If we are unable to verify you, we may be unable to respond to your requests. 

To exercise any of these rights, you may email us at Privacy@humansecurity.com with your name and type of request you are making.

You may be able to designate an authorized agent to make requests on your behalf. In order for an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorized agent’s request.  

Depending on applicable law, you may have the right to appeal our decision to deny your request, if applicable. We will provide information about how to exercise that right in our response denying the request. You also have the right to lodge a complaint with a supervisory authority.

C. Notice of Right to Opt Out of Sales of Personal Information and Processing/Sharing of Personal Information for Targeted Advertising Purposes

Depending on your jurisdiction, you may also have the right to opt out of “sales” of your information and “sharing/processing of your information for targeted advertising.”

As explained in the “When We Disclose Your Information” and “Online Analytics and Advertising” sections above, we sometimes disclose information to unaffiliated third parties we collaborate with or that provide offers that we think may be of value to you. We also provide information to third-party advertising providers for targeted advertising purposes or use advertising analytics partners to assist us in analyzing use of our services and our user/customer base. Under applicable law, the disclosure of your personal information to these third parties to assist us in providing these services may be considered a “sale” of personal information or the processing/sharing of personal information for targeted advertising purposes.

If you would like to opt out of the disclosure of your personal information for purposes that could be considered “sales” for those third parties' own commercial purposes, or “sharing” or processing for purposes of targeted advertising, please visit the following link, which is also available in the footer of our Site: "Do Not Sell or Share My Personal Information." Note that you will need to opt out on each device you use to access the Services. [link to be provided]

Depending on your jurisdiction, you may be permitted to designate an authorized agent to submit such requests on your behalf. Please note that we do not knowingly sell the personal information of minors under 16 years of age.


If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and disclose your “personal information” as defined in the California Consumer Privacy Act (“CCPA”).

We describe the categories of information we collect, our business purposes for collecting such information, the sources and uses of such information and the entities with which we disclose such information in the “Information We Collect”, “How We Use Your Information,” and “When We Disclose Your Information” sections of this Privacy Policy.  We provide additional information required by the CCPA below.

A. Categories of Personal Information we collect, use and disclose

Throughout this Policy, we discuss in detail the types of Information we collect from and about users and discuss how we use and disclose such information.  The following are the “categories” of personal information under the CCPA that we collect from California consumers and that we may, as discussed throughout this Policy, use and disclose for our business purposes:  

Identifiers (such as name, address, email address, and username and password); commercial information (such as transaction data); financial data (such as credit card information processed by our payment processor); device identifiers (such as IP address and unique device identifiers); internet or other network or device activity (such as browsing history); general geolocation data derived from IP addresses; any user-generated content or feedback that you provide; professional or employment related data.

B. How we use these categories of personal information

We and our service providers may use the categories of personal information we collect from and about you for the following business and commercial purposes (as those terms are defined in applicable law).  

  • Our or our service providers’ operational purposes;
  • Auditing consumer interactions on our site (e.g., measuring ad impressions);
  • Detecting, protecting against, and prosecuting security incidents and fraudulent or illegal activity;
  • Bug detection and error reporting;
  • Customizing content that we or our service providers display on the Services (e.g., contextual ads);
  • Providing the Services (e.g., account servicing and maintenance, client service, advertising and marketing, analytics, and communication about the Services);
  • Improving our existing Services and developing new services (e.g., by conducting research to develop new products or features);
  • Other uses that advance our commercial or economic interests, such as third-party advertising and communicating with you about relevant offers from third party partners;
  • Other uses about which we notify you.

Examples of these types of uses are discussed in our main privacy policy in the “How We Use Your Information” section.  We may also use the categories of personal information for compliance with applicable laws and regulations, and we may combine the information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent identification of any user or device. We may also disclose this information to third parties for legal, compliance or security purposes, or in connection with a business transfer, as described further in “When We Disclose Your Information” above.

C. Sale/Sharing of Personal Information

The CCPA sets forth certain obligations for businesses that “sell” personal information or “share” personal information for cross-context behavioral advertising purposes. Under the CCPA, “sale” and “sharing” are defined such that they may include allowing third parties to receive certain information for advertising purposes.  We “sell” or “share” the following categories of information to third-party advertising partners and vendors that support our advertising efforts (such as advertising analytics services):

Identifiers (such as name, address, email address); commercial information (such as transaction data); internet or other network or device activity (such as browsing history and usage information).

If you would like to opt out of our use of your information for such purposes that are considered a “sale” or “sharing” for cross-context behavioral advertising purposes under California law, please see the instructions provided in Section 7(C) (Notice of Right to Opt Out of Sales of Personal Information and Processing/Sharing of Personal Information for Targeted Advertising Purposes) of the Privacy Policy above.

Please note, in the limited circumstances that we process sensitive personal information (such as usernames in combination with passwords) as defined in the CCPA, we do not use or disclose it other than for disclosed and permitted business purposes for which there is not a right to limit under the CCPA.

D. Additional Privacy Rights

California residents may make certain requests about their personal information under the CCPA as set forth in Section 7(B) (Rights Regarding Your Information) above.

E. Shine the Light

California Law permits California residents to request certain information once per year regarding our disclosure of “personal information” (as that term is defined under applicable California law) to third parties for such third parties’ direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes.

F. Do Not Track

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers.  DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Except as otherwise described herein with respect to legally required browser based opt outs, we do not recognize or respond to browser-initiated DNT signals, as there is no industry-wide framework for DNT signals. To learn more about Do Not Track, you can do so here.


We have implemented administrative, technical, and physical security measures to protect against the loss, misuse and/or alteration of your information.  These safeguards vary based on the sensitivity of the information that we collect and store.  However, we cannot and do not guarantee that these measures will prevent every unauthorized attempt to access, use, or disclose your information since despite our efforts, no Internet and/or other electronic transmissions can be completely secure.

We generally retain personal data for so long as it may be relevant to the purposes above.  In determining how long to retain information, we consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we process the information, applicable legal requirements, and our legitimate interests. The purposes for which we process information (as well as the other factors listed above) may dictate different retention periods for the same types of information. For example, we retain a record of your purchase of a Product subscription for the duration of your subscription and for an additional period of time after that for our legitimate interests and for our fraud and legal compliance purposes.  If you opt out of email marketing, we maintain your email on our suppression list for an extended time to comply with your request. To dispose of your information, we may anonymize it, delete it or take other appropriate steps. Data may persist in copies made for backup and business continuity purposes for additional time.  


The Services are not directed to children under the age of 16. If we discover we have received any “personal information” (as defined under the Children’s Online Privacy Protection Act) from a child under the age of 13 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible.  If you believe we have any information from or about anyone under the age of 16, please contact us at the address listed below.

For residents of the European Economic Area, where processing of personal information is based on consent, we will not knowingly engage in that processing for users under the age of consent established by applicable data protection law.  If we learn that we are engaged in that processing with such users, we will halt such processing and will take reasonable measures to promptly remove applicable information from our records.


Human provides cutting-edge anti-fraud solutions across a spectrum of industries from advertising to eCommerce to Big Data and Enterprise Business. Our Product includes a Detection Tag that determines whether activity is human or non-human on a per-session level by examining and analyzing certain characteristics upon each page load. We process data we collect from customers (Processor Data) to provide the Product in our capacity as a “processor” or “service provider,” as those terms are defined in applicable data protection law. As such, our collection, use, and disclosure of such information is governed by our contracts with our customers, but for transparency, we summarize these practices below.


Human uses various technologies, described below, to collect session-specific data in order to deliver the Product to our customers. The Product uses JavaScript and/or pixels that place a small piece of HTML code either on a webpage, across a domain, or at the server level, to collect information about web or mobile app visits. This information is used to provide the Product. The types of data we collect using this technology include:

  • Various parts of the HTTP Header (including IP Address, HREF, Referrer, and User Agent)
  • Various technical aspects of the browser
  • Generalized user interaction data

Our customers can pass parameters and information from integrated third-party web services to Human for reporting, such as campaign ID, placement ID, and ad ID. Some web services offer macros that allow these types of identifiers to be passed to other companies. Customers may elect to have these identifiers passed to Human for reporting on non-human activity and other fraud behaviors.

In general, our technology does not utilize cookie data or mobile Device ID in the detection and prevention of fraudulent online activity; and therefore, HUMAN does not send nor collect cookie data through the browser’s http header elements, nor directly collect the Device ID through mobile applications.


We use and disclose Processor Data in order to provide the Product, consistent with our customer agreements. Processor Data may be integrated into the Product and shared with other clients to enhance the Product’s anti-fraud functionality. The primary means by which we provide information to our customers is in aggregated reports provided as part of the Product, including but not limited to our customer dashboard, which is password protected. However, certain identifiers contained in Processor Data may be provided to government entities without attribution to any specific customer for the agencies’ anti-fraud and intelligence purposes.

We may also use Processor Data to ensure the security of the Product and for analytics (e.g., to detect behavior patterns in order to enhance the Product). We may also aggregate Processor Data for general corporate marketing and industry benchmarking purposes. Processor Data may be disclosed to our service providers, as required by law or legal process, and to a third party in the event of a business reorganization, merger, sale, joint venture, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings.