Privacy Policy

This page informs you of our policies regarding the collection, use, and disclosure of personal information (as defined below) that we receive from users of the site.

Last updated: January 2, 2024

Security and Privacy

The security of your Personal Information is important to us but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

About NetSPI

NetSPI, LLC (“Company” or “us”, “we”, or “our”) operates (the “Site”). This page informs you of our policies regarding the collection, use, and disclosure of Personal Information we receive from users of the site.

Please note that use of this Site is also governed by the Terms of Use posted on the Site. As noted in Terms of Use, although we operate nationwide and internationally, Company is a limited liability company organized under the laws of the State of Delaware, and Company has its headquarters in Minnesota. The servers that host this site are located in the United States, and any personal details you provide us will be processed by Company in the United States. Company expressly excludes any representation or warranty, express or implied, with respect to the information available on this site. Company makes no representation about any third-party websites that may be accessed via links from this Site. By using this Site, you agree that the laws of the State of Minnesota, without regard to its conflict of laws principles, will govern all matters between you and Company with respect to your use of this Site.

We use your Personal Information only for providing and improving the Site. By using the Site, you agree to the collection and use of information in accordance with this policy.

This Site may from time to time include links to third-party sites whose information practices may be different than ours. Visitors should consult the other sites’ privacy policies, as we have no control over information that is submitted to, or collected by, these third parties.

Information Collection, Use, and Security

While using our Site, we may ask you to provide us with certain personally identifiable information (PII) that can be used to contact or identify you. Personally, identifiable information may include but is not limited to your name (“Personal Information”). For purposes of the sections of this policy related to GDPR, UK GDPR or the Swiss Federal Data Protection Act, “Personal Information” shall also include “personal data” about an identified or identifiable individual within the scope of these laws, received by NetSPI in the United States from the European Union, UK or Switzerland (as applicable), and recorded in any form.

We may share the Personal Information you provide to us with other companies we have hired to provide services for us. These companies are contractually bound to use Personal Information that we share to perform the services we have hired them to provide.

We may also collect and group demographic and preferences information, responses to surveys, and other Personal Information that we collect from you into an aggregate, non-personally identifiable (form i.e., that does not contain sufficient Personal Information to identify you) for disclosure to our existing or potential business partners, affiliates, sponsors, or other third parties. However, be assured that this aggregate data will in no way personally identify you or any other visitors to the site.

Blog Sites; User Content Submitted to Other Public Facing Portions of Site

If you leave a comment on  either of NetSPI’s blogs, or on any other public facing portion of the NetSPI web site, you should be aware that any personally identifiable information you submit on our blog site can be read, collected, or otherwise used by anyone who reads the blog or who visits the URL of the blog post you comment on. We are not responsible for use of this information by non-NetSPI personnel. The name you leave will be published and is used as an identifier of the comment or other content. The personally identifiable information provided will not be sold, rented, or shared unless ordered by a court of law, but by commenting on a blog post on our site (or otherwise submitting content to a public facing portion of the site) you grant NetSPI the perpetual exclusive right to use, copy, publish, modify, perform and make derivative works in any format or media of all or any portion of any comments, statements, posts or other items you submit, including any personally identifiable information you submit with the foregoing, subject to any additional provisions of the Site’s Terms of Use. All such content including posts, articles, and comments, may be reviewed and edited before being published.

Social Media

Our Site includes interfaces that allow you to connect with social networking sites (each a “SNS”). If you connect to a SNS through our Site, you authorize us to access, use, and store the information that you agreed the SNS could provide to us based on your settings on that SNS. We will access, use, and store that information in accordance with this Policy. You can revoke our access to the information you provide in this way at any time by amending the appropriate settings from within your account settings on the applicable SNS.

Third-Party Websites

Our Site may contain links to third party websites and features. This Policy does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their websites, features or policies. Please read their privacy policies before you submit any Personal Information to them. For example, we may link to social media pages through widgets on our Site or we may provide links to industry reports.

Customer Testimonials

We post customer testimonials on our website. These testimonials may contain personally identifiable information, such as the customer’s name. We obtain the customer’s explicit consent prior to posting any testimonials.


Cookies are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive. Like many sites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.

Children’s Privacy

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

NetSPI does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

Sharing Your Information

We do not share your Personal Information with third parties except with your consent or unless ordered by law enforcement agency or for other legal purposes. Other situations in which we may share Personal Information include the following:

  • if we sell or buy any of our business or assets – we may disclose your Personal Information to the prospective buyer or seller;
  • if we are acquired by a third party, in which case Personal Information held by it about its customers will be one of the transferred assets; or
  • if we are under a duty to disclose or share your Personal Information in order to comply with any legal obligation; or to protect the rights, property, or safety of NetSPI, our customers, or others.

With respect to our use of Google and LinkedIn for analytics and advertising purposes, a list of LinkedIn’s third parties can be found here, and Google’s here.

Your Rights

You may have rights available under applicable global privacy laws, including GDPR, UK GDPR, CCPA and the Swiss Federal Data Protection Act, which may include one or more of the following: access to your Personal Information we hold, its source, the purposes of processing your Personal Information on where this is shared or sold; correction of your Personal Information where it is inaccurate; the right to be forgotten/to request that Personal Information  is deleted; the right to restrict the processing of Personal Information; portability of Personal Information; the right to object to our use of Personal Information; the right to opt-out of the sale of your Personal Information; rights relating to automated decision-making, and the right to non-discrimination.

1. Access to Your Personal Information

You have the right to ask us to confirm that we process your Personal Information, as well as to have access to and receive copies of the Personal Information we hold about you. This right also include being provided information on the categories of Personal Information held, the sources of any Personal Information we process and information on who this is shared with or sold to – for ease we have included the majority of this information within this privacy policy.

We will provide the information you request as soon as possible and in any event: within one month of receiving your request if made under the right of access under GDPR, UK GDPR or the Swiss Federal Data Protection Act; or within 45 days of receiving your request if made under the CCPA. If we need more information to comply with your request, we will let you know.

2. Rectification (Correction) of Your Personal Information

If you believe Personal Information, we hold about you is inaccurate or incomplete, you can ask us to rectify it. We will make the correction within one month, unless we don’t feel the change is appropriate for us to make, in that case, we will let you know why. We will also let you know if we need more time to comply with your request.

3. Right to be Forgotten

In some circumstances, you have the right to ask us to delete the Personal Information we hold about you when: we no longer need your Personal Information for the purpose for which we collected it; we have collected your Personal Information on the grounds of consent and you withdraw that consent; you object to the processing and we don’t have any overriding legitimate interests to continue processing the Personal Information about you; we have unlawfully processed your Personal Information (i.e. we have failed to comply with GDPR, UK GDPR, the Swiss Federal Data Protection Act or CCPA); and  the Personal Information has to be deleted to comply with a legal obligation.

There are certain situations in which we are entitled to refuse to comply with a request. If any of those apply, we will let you know.

4. Right to Restrict Processing

In some circumstances, you are entitled to ask us to stop processing your Personal Information. But, while this means we must stop actively processing your Personal Information, we don’t have to delete it. This right is available if: you believe the Personal Information we hold isn’t accurate – we will cease processing it until we can verify its accuracy; you have objected to us processing the Personal Information – we will stop processing it until we have determined whether our legitimate interests override your objection; if the processing is unlawful; or if we no longer need the Personal Information but you would like us to keep it because you need it to establish, exercise, or defend a legal claim.

5. Data Portability

Where NetSPI acts as a Data Controller, you have the right to ask us to provide your Personal Information in a structured, commonly-used and machine-readable format so that you are able to transfer the Personal Information to another data controller. This right only applies to Personal Information you provide to us; when processing is based on your consent or for performance of a contract (i.e., the right does not apply if we process your Personal Information on the grounds of legitimate interests); and if the processing is automated.

We will respond to your request as soon as possible and in any event within one month. If we need more time, we will let you know.

6. Right to Object

You are entitled to officially object to us processing your Personal Information: if the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority; for direct marketing purposes (including profiling); and/or for the purposes of scientific or historical research and statistics.

We will stop processing your Personal Information if you have ground for objecting unless we can show that there are legitimate compelling grounds that override your interests, rights, and freedoms or the processing is for the establishment, exercise or defense of legal claims.

7. Right to Opt-Out of the Sale of Your Personal Information

We do not sell Personal Information unless we sell, or a third party buys, all or a segment of our business or assets (but only to the prospective buyer or seller), or if we are acquired by a third party.

You have the right, at any time, to direct a business that sells Personal Information about you to third parties not to sell your Personal Information. NetSPI does not sell your Personal Information to anyone including third parties.

A business that has received direction not to sell a consumer’s Personal Information shall be prohibited from selling the consumer’s Personal Information after its receipt of the consumer’s direction, unless the consumer subsequently provides express authorization for the sale of the consumer’s Personal Information.

Any objections relating to the sale or use of Personal Information for marketing purposes shall be implemented promptly without question or undue delay.

8. Right to Disclosure of Information Sold

You may have the right to request that a business that sells the consumer’s Personal Information, or that discloses it for a business purpose, disclose to you: the categories of Personal Information that the business collected about you; the categories of Personal Information that a business sold about you and the categories of third parties to whom the Personal Information was sold; the categories of Personal Information that the business disclosed about you for a business purpose.

9. Right to Non-Discrimination

NetSPI shall not discriminate against any person who exercises their rights under the GDPR, UK GDPR, Swiss Federal Data Protection Act, or any other applicable data privacy legislation. This includes, but is not limited to: denying services; charging different rates for services; providing different levels or quality of services. Please be aware, however, that if you exercise such rights in a manner that prohibits or restricts our use of Personal Information, we may be unable to provide you with goods or services that require the use of your Personal Information.

If NetSPI offers any financial incentives for the collection or use of Personal Information, including but not limited to the sale of Personal Information or the deletion of Personal Information, it shall notify consumers and provide the option for consumers to opt-in. Such an opt-in may be revoked at any time by the consumer.

10. Complaints

If you would like to exercise any of your rights in respect of your Personal Information, please contact us at or write to us at 241 N 5th Ave, Suite 1200, Minneapolis, MN 55401.

In compliance with GDPR, UK GDPR, and Swiss Federal Data Protection Act principles, NetSPI commits to resolve complaints about our collection or use of your personal information. European Union, UK, and/or Swiss (as applicable) individuals with inquiries or complaints regarding GDPR should first contact NetSPI at or write to us at 241 N 5th Ave, Suite 1200, Minneapolis, MN 55401, attn: CTO.

GDPR Compliance

NetSPI complies with GDPR, UK GDPR, and the Swiss Federal Data Protection Act, when applicable, by entering into Standard Contractual Clauses with data controllers who supply Personal Information from EU, UK, or Swiss residents to NetSPI, when necessary.

Log Data

Like many site operators, we collect information that your browser sends whenever you visit our Site (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages, and other statistics. In addition, we may use third-party services such as Google Analytics that collect, monitor, and analyze this information.


In the event that you submit a form, we may use your Personal Information to contact you with newsletters, marketing, or promotional materials and other information that we think will be beneficial.

Opting Out

When you submit Personal Information to us through this Site, you will be opted into our mailing list at the time of submitting your Personal Information to us. If you do, you may be added to our list of users who will receive promotional and marketing communications from us. We never provide this information to partners or third parties.

If you initially elect not to opt out and later decide that you would like to opt out, you may opt out by contacting us at Please keep in mind that although Company strives to update our mailing list database as frequently as possible, it may take up to ten days to process e-mail requests and four to six weeks to process postal mail requests, during which time your information might be communicated to another party in connection with a mailing list. Additionally, you should be aware that any mailing lists that have been provided to third parties prior to your election to opt out cannot be retrieved by Company, and you cannot retroactively opt out with respect to such third parties. As noted above, however, when we do provide mailing lists to third parties, we enter into agreements with such parties limiting the use of the lists to a limited number of mailings or communications, after which the lists may not be further used for such purposes.

Changes to this Privacy Policy

This Privacy Policy is effective as of October 7, 2020, and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page. We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Site after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us or by placing a prominent notice on our website.

Contact Us

If you have any questions about this Privacy Policy, please contact us at

Discover how the NetSPI BAS solution helps organizations validate the efficacy of existing security controls and understand their Security Posture and Readiness.