Vercara Privacy Policy

Our website address is: https://vercara.com

Updated: April 5, 2023

This policy applies to information processed on by Vercara in connection with its online properties and in the course of providing the Vercara Services described below. This policy describes how Vercara collects, uses, shares and secures personal information about you, as well as your choices regarding use, access, correction, and deletion of your information. We know privacy policies can be confusing and technical. To make this as easy as possible to read and understand, we have used defined terms throughout this policy that are capitalized. These terms are defined the first time they are used in the text or are defined in the Definitions section below.

Our Commitment to Your Privacy

Vercara is committed to the respectful and responsible use of information to help businesses make better decisions and secure their operations.

Personal Information: Types & Sources

Vercara may collect, use, and disclose limited information that can be used to identify or be linked with a specific individual, either directly or when combined with other personal or identifying data (“Personal Information” or “Personal Data”) in the course of providing our products, services, and the content made available on our online properties.

Definitions

Cookies

Cookies are text files placed on a computer’s browser that can be used to recognize you as a website user or to provide personalized content.

Device-Identified Information or “DII“

Formerly referred to as “Non-PII,” DII is any data that is linked to a particular browser or device if that data is not used, or intended to be used, to identify a particular individual. DII may include, but is not limited to, unique identifiers associated with browsers or devices, such as Cookies, Mobile Advertising IDs (MAIDs), Statistical IDs, and IP Addresses, where such data is not linked or intended to be linked to PII. DII includes data that is linked to a series of browsers or devices linked through Cross-Device Linking, if that data is not used, or intended to be used, to identify a particular individual. We segregate DII from PII, and we use technical and organization measure to maintain that separation and prevent unauthorized identification of individuals. Vercara considers DII to be a form of Pseudonymous IDs.

Domain Name System or “DNS”

The Domain Name System or “DNS” is the system that manages database tables that associate IP Addresses with domain names such as vercara.com.

Flash Cookies or Locally Shared Objects (Flash LSOs)

Flash Cookies or Locally Shared Objects (Flash LSOs) are messages used in Adobe Flash that are sent from a Web server to a Web browser and is then stored as a data file in the browser. Flash cookies behave like conventional cookies by personalizing the user’s experience, but they can hold much more data than conventional cookies. Flash LSOs may stay installed on a drive after ordinary cookies are deleted.

IP Address

Every device connected to the Internet is assigned a unique number known as an Internet protocol (IP) address. IP Addresses are assigned and reassigned by Internet Service Providers and companies regularly.

Mobile Advertising IDs (MAID)

Apple assigns an “ID for Advertising” (IDFA) to each iOS device, and Google assigns an “Advertising ID” to all Android devices. These Pseudonymous IDs can be used to deliver ads and for advertising analytics in mobile applications.

Pixel Tags

Pixel Tags are placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and are often used in combination with Cookies.

Statistical IDs

We use information about your computer or device to generate the Statistical ID, including your operating system, user-agent string, IP Address, installed fonts, and similar information. This information makes your computer or device distinct enough for our systems to determine within a reasonable probability that they are encountering the same computer or device over time, including in environments where Vercara Cookies are not supported.

Uniform Resource Locators (URLs)

Uniform Resource Locators or “URLs” are web addresses, a specific character string that constitutes a reference to a resource. Most web browsers display the URL of a web page above the page in an address bar. A typical URL might look like: https://vercara.com/privacy-policy.

Web Beacons

Web beacons or “clear Gifs” are small pieces of code placed on web pages that can be used for such purposes as counting visitors and delivering Cookies or to otherwise customize the user experience. They contain a unique identifier that is used to track on-site activities of unique but unidentified website users. In contrast to Cookies, which are stored on your computer hard drive, web beacons are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.

Categories of Data Types

The chart below summarizes the categories of data that we collect from different kinds of data sources:

Data Category	Explanation	Categories of Sources
PII	Personally Identified Information or PII is information that directly identifies or is used to identify a specific individual, including name, address, telephone number, email address, and in specific, limited cases, government identifiers.	Information provided by individuals on Vercara’s online properties Customers who provide information about their employees and contractors for business purposes Reputable providers of licensed data derived from public and non-public source
Pseudonymous IDs	Pseudonymous IDs includes information linked to DIIs (Device Identifiable Information) such as Statistical/Probabilistic IDs, IP Addresses, and other third-party identifiers. Pseudonymous IDs do not, by themselves, identify a specific individual, but can be combined with other information for that purpose.	Individuals who visit Vercara’s online properties Reputable providers of licensed data derived from public and non-public sources Log Data and other information created in the course of providing our products and services
Geolocation Data	Geolocation Data is information about the location of an individual or device derived through IP address and/or location-based services such as GPS level latitude-longitude coordinates or Wi-Fi triangulation. Geolocation Data may be precise or imprecise.	Publicly available data sources Reputable providers of licensed data derived from public and non-public sources Information collected online via Pseudonymous IDs, including DIIs, Cookies, Mobile Advertising IDs (also called MAIDs), Statistical IDs, and other persistent third-party identifiers Log Data and other information created in the course of providing our products and services
Log Data	Log Data is information that is collected and logged in the ordinary course of operating our business, and may include standard Internet Log Data, Event Data, and/or Service Data: Internet Log Data. Standard Internet Log Data includes the Internet page request that is automatically collected when you visit a website, the URL of the page requested, IP Address, browser type, browser language, configuration settings, operating system information, mobile service provider, search terms, date and time stamps, Pseudonymous IDs, and Service Data. Service Data. Vercara collects certain data, not described above, in the course of providing products and services to our business customers and to the public. For example, when you browse the World Wide Web, you rely on the Domain Name System or DNS to translate the website name you type to an Internet Protocol or IP Address. Vercara provides both public and private DNS services, and when you use our Internet address resolution services, we may collect the IP Address of the computer you are using, the domain name requested and the associated IP Address, the request type (IPv4, IPv6, NS, MX, TXT, etc.), ISP information, geolocation information, and other technical information.	Reputable providers of licensed data derived from public and non-public sources Information collected online via Pseudonymous IDs including DIIs, Cookies, Mobile Advertising IDs (also called MAIDs), Statistical IDs, and other persistent third-party identifiers Log Data and other information created in the course of providing our products and services

This information may or may not constitute “Personal Information” or “Personal Data” under applicable law, depending on the context in which the data is collected and any other data to which is linked or linkable.

To opt out of collection, use and/or disclosure of any data listed above, please see the “Transparency and Choice” section below.

PERSONAL INFORMATION USE

The chart below summarizes how we use different categories of data.

Data Category	Explanation	Categories of Purposes
PII	Personally Identified Information or PII is information that directly identifies or is used to identify a specific individual, including name, address, telephone number, email address, and in specific, limited cases, government identifiers.	Vercara may use each category of data for the following purposes:To provide our products and services as further described in this Privacy StatementAs a data processor, at the direction of our business customers, and in accordance with their own privacy policiesTo fulfill your requestsFor internal use, research, fraud prevention and detection, and product developmentTo identify and respond to security threats or other criminal behavior and to protect our rights and the rights of third partiesIn response to and support of law enforcement investigationsTo (i) comply with US or foreign laws or to respond to lawful requests and legal process in US or foreign civil, criminal or investigative matters, (ii) enforce agreements, our terms and conditions, and policies, and protect our rights and property as the site owner, and (iii) in an emergency to protect the personal safety of Vercara, its customers, or any personWith third party vendors, consultants and other service providers who are working on our behalf, but we limit their access and use of PII to that which is needed to carry out their work for usIn connection with any merger/sale of company assets, etc.
Pseudonymous IDs	Pseudonymous IDs includes information linked to DIIs (Device Identifiable Information) such as Statistical/Probabilistic IDs, IP Addresses, and other third-party identifiers. Pseudonymous IDs do not, by themselves, identify a specific individual, but can be combined with other information for that purpose.
Geolocation Data	Geolocation Data is information about the location of an individual or device derived through IP address and/or location-based services such as GPS level latitude-longitude coordinates or Wi-Fi triangulation.
Log Data	Log Data is information that is collected and logged in the ordinary course of operating our business, and may include standard Internet Log Data and/or Service Data:Internet Log Data. Standard Internet Log Data includes the Internet page request that is automatically collected when you visit a website, the URL of the page requested, IP Address, browser type, browser language, configuration settings, operating system information, mobile service provider, search terms, date and time stamps, and Pseudonymous IDs such as Cookies and service specific information such as Event Data and Service Data.Service Data. Vercara collects certain data, not described above, in the course of providing products and services to our business customers and to the public. For example, when you browse the World Wide Web, you rely on the Domain Name System or DNS to translate the website name you type to an Internet Protocol or IP Address. Vercara provides both public and private DNS services, and when you use our Internet address resolution services, we may collect the IP Address of the computer you are using, the domain name requested and the associated IP Address, the request type (IPv4, IPv6, NS, MX, TXT, etc.), ISP information, geolocation information, and other technical information.

To opt out of collection, use and/or disclosure of any data listed above, please see the “Transparency and Choice” section below.

Personal Information Use

The chart below summarizes the categories of third parties with whom Personal Information may be shared:

Data Category	Explanation	Categories of Purposes
PII	Personally Identified Information or PII is information that directly identifies or is used to identify a specific individual, including name, address, telephone number, email address, and in specific, limited cases, government identifiers.	Vercara may use each category of data for the following purposes: To provide our products and services as further described in this Privacy Statement As a data processor, at the direction of our business customers, and in accordance with their own privacy policies To fulfill your requests For internal use, research, fraud prevention and detection, and product development To identify and respond to security threats or other criminal behavior and to protect our rights and the rights of third parties In response to and support of law enforcement investigations To (i) comply with US or foreign laws or to respond to lawful requests and legal process in US or foreign civil, criminal or investigative matters, (ii) enforce agreements, our terms and conditions, and policies, and protect our rights and property as the site owner, and (iii) in an emergency to protect the personal safety of Vercara, its customers, or any person With third party vendors, consultants and other service providers who are working on our behalf, but we limit their access and use of PII to that which is needed to carry out their work for us In connection with any merger/sale of company assets, etc.
Pseudonymous IDs	Pseudonymous IDs includes information linked to DIIs (Device Identifiable Information) such as Statistical/Probabilistic IDs, IP Addresses, and other third-party identifiers. Pseudonymous IDs do not, by themselves, identify a specific individual, but can be combined with other information for that purpose.
Geolocation Data	Geolocation Data is information about the location of an individual or device derived through IP address and/or location-based services such as GPS level latitude-longitude coordinates or Wi-Fi triangulation.
Log Data	Log Data is information that is collected and logged in the ordinary course of operating our business, and may include standard Internet Log Data and/or Service Data: Internet Log Data. Standard Internet Log Data includes the Internet page request that is automatically collected when you visit a website, the URL of the page requested, IP Address, browser type, browser language, configuration settings, operating system information, mobile service provider, search terms, date and time stamps, and Pseudonymous IDs such as Cookies and service specific information such as Event Data and Service Data. Service Data. Vercara collects certain data, not described above, in the course of providing products and services to our business customers and to the public. For example, when you browse the World Wide Web, you rely on the Domain Name System or DNS to translate the website name you type to an Internet Protocol or IP Address. Vercara provides both public and private DNS services, and when you use our Internet address resolution services, we may collect the IP Address of the computer you are using, the domain name requested and the associated IP Address, the request type (IPv4, IPv6, NS, MX, TXT, etc.), ISP information, geolocation information, and other technical information.

To opt out of collection, use and/or disclosure of any data listed above, please see the “Transparency and Choice” section below.

Website Visitors

If you choose to give PII to Vercara, for example by inquiring about or registering for our services, subscribing to RSS feeds or blog posts, or electing to “follow” Vercara on social media sites, Vercara may share such PII with us. Please keep in mind that any comments or other information you post on our blogs may be read, collected, and used by other blog readers.

Vercara uses first-party and third-party Cookies to enhance your experience on this website. When you first visit this website with a new device or browser, Vercara advises you about the use of Cookies on that site. You may choose to continue with the website Cookies or turn them off. If you choose to continue with Cookies, you won’t be reminded for one year. Certain website features may not work properly if you elect to turn Cookies off. For example shopping cart functionality requires Cookies to work properly.

This website may include social media features such as the Facebook “Like” button. These features, which are either hosted by a third party or directly on this site, may collect Internet Log Data and, in order to function properly, may set Cookies. Your interactions with these features are governed by the privacy policy of the company that provides them, and not this policy.

When you visit this website, PII that you provide, Pseudonymous IDs (e.g., from Cookies) and Log Data is used to respond to your requests, process transactions you initiate, improve the website, and deliver personalized content to you. We may disclose this information to third parties to help us in these activities, for example, to a service provider that sends email communications to you on our behalf.

Data Processed to Provide Vercara Services

UltraProtect

The Vercara UltraProtect and UltraDDR services collect and process network traffic information containing both source and destination IP Addresses, Referrer URL, Internet Log Data, and Service Data to help our customers identify and respond to cyber-attacks and other malicious online traffic, including distributed denial of service (DDoS) attacks. Vercara analyzes attack vector information containing the source and destination IP Addresses, attack duration, and traffic volume to enhance our ability to detect and mitigate malicious activity on the Internet more broadly. Based on this analysis, Vercara may share information about malicious activities, blocked hostnames or IP Addresses, source and target Geolocation Data, and target industry or vertical information with third parties such as internet security research groups and service providers to prevent, detect, and mitigate against malicious online behavior.

DNS Services

Vercara provides a variety of Domain Name Service (DNS) services, including both authoritative and recursive DNS servers, and a suite of related services to facilitate the global flow of Internet traffic. In providing these services, Vercara collects and processes DNS queries, which includes both source and destination IP Addresses, time and date stamps, and other technical information. We use this information to provide connectivity and routing services to our customers, to investigate, identify and mitigate malicious and fraudulent activity, and to enhance our products and services.

Website Performance Management

Vercara collects Internet Log Data and Geolocation Data along with website performance metrics such as, total load time, page rendering time, and any JavaScript errors to provide a variety of Web Performance Tools that enable our customers to monitor their site’s performance and load time, to identify and address technical problems quickly, and to understand and improve their users’ online experience.

Other Use and Disclosure of Personal Information

Vercara does not use or disclose Personal Information other than as described above, except:

As a data processor or service provider at the direction of our business customers, and in accordance with their own privacy policies;
With your express permission;
Where permitted by our customer agreements, for internal use, research, fraud prevention and detection, and product development;
Where necessary for the performance of a contract, or where necessary for preliminary procedures related to a contract to which you are a party;
To investigate, identify, respond to, and assist others to investigate and respond to cyber security threats to other criminal behavior;
To protect our rights and the rights of third parties and consistent with this Privacy Statement;
For internal research purposes;
In response to and support of law enforcement investigations;
To (i) comply with US or foreign laws and/or regulations or to respond to lawful requests and legal process in US or foreign civil, criminal or investigative matters, (ii) enforce agreements, our terms and conditions, and policies, and protect our rights and property as the site owner, and (iii) in an emergency to protect the life or personal safety of Vercara, its customers, or any person;
In an aggregated or de-identified form that does not directly identify you;
With third party vendors, consultants and other service providers who are working on our behalf, but we limit their access and use of PII to that which is needed to carry out their work for us, including cloud service providers, software development and support contractors, contractors providing data base management and other administrative support services, security services partners, and legal and accounting professionals, and where required by applicable law, Vercara takes additional steps designed to ensure that data processors and other third party vendors are carrying out data processing according to instructions provided by Vercara; and
In connection with any merger, sale of company assets, financing or acquisition of all or a portion of our business to another company.

Vercara may send our own advertisements (Vercara marketing campaign emails, for example) to businesses. If you would like to discontinue receiving this content, you may update your marketing preferences by selecting the “Unsubscribe” link found in emails we send to you. Alternatively, you may send an email to unsubscribe@vercara.com with subject line “unsubscribe from Vercara’ marketing campaign emails”. The email address from which you sent us the request will be unsubscribed.

Cookies, Advertising IDs and Other Technologies

Website Cookies

We may use Cookies, Mobile Advertising IDs (MAIDs), Statistical IDs, Web Beacons, Pixel Tags, JavaScript, HTML5 Local Storage, or similar technologies, along with other information described in this policy to enhance and personalize your experience on our sites and to manage and enable preferences, transactions and related uses of Vercara Services and information. To learn more about these technologies and how to control them, please see the Vercara Cookie Policy.

Sensitive Data

Sensitive Personal Information includes: Social Security Numbers or other Government-issued identifiers; insurance plan numbers; financial account numbers (including credit card data); information that describes the precise real-time geographic-location of an individual derived through location-based services such as through GPS-enabled devices; precise information about past, present, or potential future health or medical conditions or treatments, including genetic, genomic, and family medical history including genetic and biometric data; data concerning a person’s sex life or sexual orientation, and religious beliefs. In the European Economic Area and Brazil, Sensitive Personal Information also includes information regarding political philosophy/opinion and trade-union participation, religion, citizenship, racial and ethnic information

Vercara does not generally use Sensitive Personal Information to provide its products and services. Vercara may, however, use geo-location data licensed from reputable third parties as described above.

Credit Card Information

Vercara may collect credit card information when provided by our customers in payment for some of our services. This information is securely collected and transmitted by our vendor in accordance with Payment Card Industry standards and used and disclosed only for the purposes of receiving payment for our services.

Data Retention

Website Cookies

We retain information collected through our websites for as long as your account is active or as needed to provide you services. We also retain and use this information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Service Data

We retain other data, including PII, Pseudonymous IDs, Geolocation Data, and Log Data only for as long as necessary to provide our products and services or for other business purposes as permitted under applicable law.

Transparency and Choice

You can opt out of the use of Cookies on this website by clicking here and an “opt-out cookie” will be placed on your computer or device. Alternatively, The Digital Advertising Alliance (“DAA”) and the Network Advertising Initiative (“NAI”) offer tools to provide consumers with choices as to whether participating third parties can use your information to provide targeted advertising (DAA Tools available here and NAI Tools available here).

Please note that if you clear your Cookies on that computer or device, we will not be able to read the “opt-out cookie” and may resume collecting information from that computer or device for purposes of retargeting. Similarly, an opt-out request will not be effective on other browsers, computers, or devices you may use if you have not opted out while using that browser, computer, or device, so you must opt out on all of the browsers (e.g. Chrome, Safari) and devices (e.g. laptop, smartphones) you use.

Your choice to use any of our opt-out tools will not affect ads placed by any other organization.

Accountability

If you have any questions, concerns, or complaints about Vercara Personal Information processing, please contact us at:

Vercara Privacy
45980 Center Oak Plaza
Sterling, VA 20166
Email: Vercaradataprivacy@vercara.com

Security

Vercara has implemented policies that include reasonable administrative, technical, and physical safeguards designed to protect PII against unauthorized access, use, or disclosure.

Children

Vercara does not knowingly collect information from children under 16. If we become aware of any such information in our repositories, we will promptly delete it.

Policy Updates

We update this policy from time to time but at least on an annual basis. We will revise the “Updated” date appearing at the beginning of this Privacy Statement to indicate the date of the latest update. We will post all updates on this page and, if they are significant (also known as material updates), we will provide more prominent notice on this site prior to the updates becoming effective and indicate at the top of this statement when it was most recently updated. Updates we determine to be material will become effective 30 days after posting.

Information for California Residents

If you are a California resident, you have certain rights, pursuant to the California Consumer Privacy Act (the “CCPA”), regarding the collection, use, disclosure, and sale of information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly with you (“personal information”). Below, we describe your CCPA rights and explain how to exercise those rights.

Under the CCPA, California residents have the right to be informed about what personal information Vercara is collecting about them and how we use and share that information. Vercara practices (in the offline and online environment) regarding the collection, use, disclosure and sale of personal information are described below.

Please see our Summary of Categories of Data Processed and Sources (above) for a chart summarizing the categories of data we process and the different kinds of sources for that data.
Please see our Summary of Categories of Data Uses (above) for a chart summarizing how we use different categories of data.
Please see our Summary of Categories of Data Disclosures (above) for a chart summarizing the categories of third parties with whom Personal Information may be shared.

Under the CCPA, California residents also have the right to make certain requests regarding how Vercara uses personal information about them as described below:

Access: You have the right to request that we disclose to you: (i) the categories and specific pieces of personal information we have collected or shared about you; (ii) the categories of sources from which we have collected that information; (iii) the commercial or business reason(s) we have collected or shared that information; and (iv) the categories of third parties with whom we have shared or to whom we have sold that information within the 12 months preceding your request.
Deletion: You have the right to request deletion of Personal Information about you subject to certain exceptions.
Opt-Out of Sale: You have the right to “opt-out” of the sale of personal information about you.

You may designate an authorized agent (as designated in the CCPA) to exercise these rights on your behalf. If you choose to do so, we may request confirmation from you or the agent to validate the agent relationship.

How to exercise your rights under CCPA:

You can also submit an access, deletion, or opt-out of sale request by sending an email to Vercaradataprivacy@vercara.com. Please be sure to include your full name, postal address, telephone number, and email address. We will contact you by email or telephone (as applicable) promptly after receipt to let you know the status of your request and, if necessary, to ask for any additional information we need to verify your identity and fulfill your request.

Please note that, depending on the nature of your request, we may need additional information to verify your identity including, without limitation, name, address, telephone number, and/or email addresses. We will use any information you submit only to fulfill your request.

Vercara is prohibited by law from treating you in a discriminatory fashion as a result of your election to exercise any rights you have under CCPA.

Information for Residents of EEA, UK and Switzerland

Vercara honors confirmation, access, correction, objection, and erasure rights of Data Subjects under the EU’s General Data Protection Regulation (GDPR). If you are resident in the European Economic Area (EEA), UK or Switzerland and wish to exercise any of these rights, please contact us at Vercaradataprivacy@vercara.com.

Information for Brazil Residents

Vercara honors access; confirmation; correction; anonymization, blocking or deletion; portability; information; and revocation rights of data subjects under Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD). If you are resident in Brazil, and wish to exercise any of these rights, please contact us at Vercaradataprivacy@vercara.com.

Contact Us

Vercara Privacy
2201 Cooperative Way
Suite 350
Herndon, VA 20171
Vercaradataprivacy@vercara.com

Data Protection Officer:
J. Beckwith Burr
HARRIS, WILTSHIRE & GRANNIS LLP
1919 M Street NW/8th Floor
Washington DC 20036
BBurr@hwglaw.com

EU Representative:
Rickert Rechtsanwaltsgesellschaft mbH
Neustar Security Services
Colmantstraße 15
53115 Bonn
Germany
art-27-rep-security-services@rickert.law

Rickert Services Ltd UK
– Security Services –
PO Box 1487
Peterborough
PE1 9XX
United Kingdom
art-27-rep-security-services@rickert-services.uk

Introducing UltraAPI: Bash bots and secure APIs.