P0 SECURITY PRIVACY POLICY

Last Revised on Aug 12, 2025

This Privacy Policy for P0 Security, Inc. ("we", "us" "our") describes how we collect, use and disclose information about users of P0's websites (p0.app, p0.dev, docs.p0.dev, or any other properties), applications, services, tools and features (collectively, the "Services"). For the purposes of this Privacy Policy, "you" and "your" means you as the user of the Services. Please note that the Services are designed for users in the United States only and are not intended for users located outside the United States.

Please read this Privacy Policy carefully. By using, accessing, or downloading any of the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use, access or download any of the Services.

UPDATING THIS PRIVACY POLICY

We may modify this Privacy Policy from time to time in which case we will update the "Last Revised" date at the top of this Privacy Policy. If we make material changes to the way in which we use information we collect, we will use reasonable efforts to notify you (such as by emailing you at the last email address you provided us, by posting notice of such changes on the Services, or by other means consistent with applicable law) and will take additional steps as required by applicable law. If you do not agree to any updates to this Privacy Policy please do not access or continue to use the Services.

P0'S COLLECTION AND USE OF INFORMATION

When you access or use the Services, we may access, alter, collect, store, and use certain categories of information about you from a variety of sources:

Contact information
Contact information includes you personal name, your role, company name, company details (such as industy) and email address. We collect and store basic contact details to communicate with you, operate our products, and to measure the health of our products.

Payment information
Payment information includes credit or debit card information, bank account information and billing address. We collect payment information to process your payment and to provide you with our Services.

Account information
Account information includes your username, single-sign-on (SSO) details, multi-factor credentials, or password. We collect and store account information to maintain and secure your account with us. We may share this information with a third-party identity service. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately.

Usage data
Usage data includes your unique device identifier, device type, IP address, browser type, date and time stamps, operating system, log data, precise location, clickstream data and product usage (i.e., what products you are using and how frequently). We collect Usage Data to market to you, to run analytics, to correct errors, and to better understand user interaction with the Services.

Integration data
We collect information from third-party services that you explicitly choose to share with us ("Integrations"), including, but not limited to, services provided by: Amazon, Google, Microsoft, Okta, PagerDuty, Salesforce (including its subsidiary Slack Technologies), or Snowflake. For each Integration, we will communicate to you what information we collect from the Integration, either by using OAuth scopes, or by explicitly allowing you to configure the Integration yourself. Integration data may be used in the following ways:

• We access contact, conversation, and directory information, in order to send notifications to you or other members of your organization.
• We access authentication, membership (e.g. within escalation policies), contact, and directory information, in order to identify security risks in your configurations, and to determine whether to allow certain members of your organization to access certain of your own systems.
• We access and alter your Identity and Access Management (IAM) controls, in order to allow or prevent certain members of your organization access to certain of your own systems.
• We access, collect, and store your IAM control settings and your system access logs, in order to provide you with detailed information about your own systems, and generate recommendations for you.
• In addition, the above from these systems may be accessed, collected, and stored by us in order to diagnose and correct errors, and to improve our products.

Data you share with us
We also collect any other information you choose to include in communications with us, for example, when sending a message through our Contact Us web form, or via support requests.

In addition to the foregoing uses, we may use any of the above information to comply with any applicable legal obligations, to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

DATA RETENTION AND DELETION

We retain your information, including personal information, for the length of time needed to provide you with our Services unless a longer retention period is required or permitted by law.

You may request for your data to be deleted by contacting us through any of the means outlined in the "HOW TO CONTACT US" section of this privacy policy.

HOW P0 SHARES YOUR INFORMATION

In certain circumstances, P0 may share your information with third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

• With vendors or other service providers, such as
  • Payment processors
  • Data analytics vendors
  • Cloud storage providers
  • IT service management vendors
  • Email marketing services vendors
  • Security vendors
• To comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries
• In connection with an asset sale, merger, bankruptcy, or other business transaction
• To enforce any applicable terms of service
• To ensure the safety and security of P0 and/or its users
• When you request us to share certain information with third parties, such as through your use of P0 to query or update Integration data, or use of login elements
• With professional advisors, such as auditors, law firms, or accounting firms

COOKIES AND OTHER TRACKING TECHNOLOGIES

Do Not Track Signals
Your browser settings may allow you to transmit a "Do Not Track" signal when you visit various websites. Like many websites, our website is not designed to respond to "Do Not Track" signals received from browsers. To learn more about "Do Not Track" signals, you can visit All About DNT.

Cookies and Other Tracking Technologies

Most browsers accept cookies automatically, but you may be able to control the way in which your devices permit the use of cookies, web beacons/clear gifs, other geolocation tracking technologies. If you so choose, you may block or delete our cookies from your browser; however, blocking or deleting cookies may cause some of the Services, including any portal features and general functionality, to work incorrectly.

Click here to opt out of tracking by Google Analytics.

If you have questions regarding the specific information about you that we process or retain, as well as your choices regarding our collection and use practices, please contact us using the information listed below.

THIRD PARTY WEBSITES AND LINKS

We may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of these sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms (such as Facebook or Twitter) may also be viewable by other users of the Services and/or users of those third-party online platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

CHILDREN'S PRIVACY

Children under the age of 13 are not permitted to use the Services, and we do not seek or knowingly collect any personal information about children under 13 years of age. If you are the parent or guardian of a child under 13 years of age who has provided us with their personal information, you may contact us using the below information to request that it be deleted.

DATA SECURITY

We commit to treat your information with care. We follow data-handling best-practices including:

Encryption of data in transit and at rest
Least-privilege access to data
Data segregation
Regular auditing
Please be aware that, despite our reasonable efforts to protect your information, no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." Please further note that any information you send to us electronically, while using the Services or otherwise interacting with us, may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.

ADDITIONAL COMPLIANCE

Google APIs User Data Policy: In addition to the above policies, P0's use and transfer of information from Google API's to any other app will adhere to the Google API Services User Data Policy, including its limited-use requirements.

HOW TO CONTACT US

Should you have any questions about our privacy practices or this Privacy Policy, please email us at support@p0.dev or contact us at:

447 Sutter St. Suite 405 PMB 198,
San Francisco, CA, 94108