NinjaOne Privacy Policy

Last updated: August 26, 2022

As a global company with customers in nearly every country in the world, here at NinjaOne, protecting the personal data of our customers and their end-users is, and has always been, of the utmost priority.

This Privacy Policy covers the practices of NinjaOne, LLC and its affiliated companies (“NinjaOne” or “NinjaRMM GmbH” or “we” or “us”) concerning personal information that we handle in the context of offering or providing our services, including any such information we may collect from you or that you may provide when you visit the websites NinjaOne.com or any of our other websites that link to this Privacy Policy (collectively, our “Website”).

This policy is not a contract between NinjaOne and its users, but is merely a recitation of current NinjaOne policies. Please read this policy carefully to understand our policies and practices regarding personal information and how we will treat it. This policy may change from time to time, so please check the policy periodically for updates.

A special note about data processed by our software and services:

NinjaOne software and services allow NinjaOne customers to collect, distribute, visualize, and otherwise manage their own data. In many use cases, this data stays entirely within the customer's network, and NinjaOne has no access to it. In the limited situations and configurations in which NinjaOne has access to a portion of a customer's data, NinjaOne processes it solely to provide our service to that particular customer. NinjaOne handles that data solely pursuant to our contract with that customer, not pursuant to NinjaOne's own Privacy Policy. Thus, for example, the reference in this Privacy Policy to using personal data to send marketing and promotional communications does not apply to that customer data.

To the extent the data we receive through our services relates to an identified or identifiable individual, NinjaOne handles such data solely as the customer's "processor" within the meaning of the General Data Protection Regulation ("GDPR") and similar laws, and solely as the customer's "service provider'' within the meaning of the California Consumer Privacy Act ("CCPA"). Any inquiries or requests relating to such data should be directed to the relevant customer, not to NinjaOne.

This Privacy Policy contains the following sections:

Information We Collect
Use of Information
Sharing of Information
International Data Transfers
Legal Basis for Processing Information
Your Rights and Choices
Protection of Information
Retention of Information
Additional Detail for California Residents
Updates and Changes to This Policy
Contact Information
Lead Data Protection Authority
Data Protection Officer

Information We Collect

a. Information You Provide to Us

You may provide the following types of information to us:

Contact details, such as name, physical address, email address, phone number, company name;
Username and/or password for our Website and products;
Information about your purchases and other business interactions with us;
Utilization data and configuration settings related to your use of our products;
Information about your interests and preferences;
Content of tickets you submit;
Information you provide in filling in forms and surveys, registering to use our Website, entering a promotion sponsored by us, contacting us, and posting content to our online forums; and
Search queries you make on our Website.

b. Cookies and Other Information Collection Technology

Through our online properties, we and third parties may collect information from your computer or other device by automated means such as cookies, web beacons, local storage, JavaScript, mobile-device functionality and other computer code.

This information may include unique browser identifiers, IP address, browser and operating system information, device identifiers (such as advertising identifiers), location data, other device information, Internet connection information, as well as details about your interactions with the relevant website, email, or other online property (for example, the URL of the third-party website from which you came, the pages on our website that you visit, and the links you click on in a website). In some cases (such as cookies), the tools described here involve storing unique identifiers or other information on your device for later use.

These technologies help:

Display personalized content;
Store information about your preferences, allowing us to customize our Website according to your individual interests;
Perform analytics, estimate our audience size and usage patterns, and better understand the demographics of users;
Diagnose and fix technology problems;
Plan for and enhance our business; and
Facilitate the other uses and disclosures described in this Privacy Policy.

To opt out of Google Analytics, you can visit the Google Ads Settings page from each browser. Google also allows you to install a Google Analytics Opt-out Browser Add-on for each browser.

We do not handle or monitor browser-based “Do Not Track” signals, but we do provide you with the ability to control certain cookies and similar tracking technologies. You may be able to set your browser to refuse certain types of cookies, or to alert you when certain types of cookies are being used. Some browsers offer similar settings for HTML5 local storage and other technologies. However, if you disable or refuse cookies, local storage, JavaScript or other technologies, please note that certain websites (including some parts of our Website) may then be inaccessible or not function properly.

For additional information on how NinjaOne uses and handles cookies and other tracking technology, please see our Cookie Policy.

c. Information From Third Parties

We may also receive personal information from third parties, including our service providers, affiliates, and partners such as organization with whom we partner on events and contests, resellers, customers, technology vendors, business information vendors, and list brokers, as well as from publicly available sources such as LinkedIn and company websites. We may combine some of that information with other information we have about you.

Use of Information

We and our service providers use the information described above for the following purposes:

Administer your account, including to process your registration and verify your information;
Provide, manage, and improve our services;
Conduct business operations in support of our services, such as auditing, security, fraud prevention, invoicing and accounting, sales and marketing, analytics, and research and development;
Send messages that are service-related messages (e.g., welcome messages, confirmation notices), related to your activity on the site, or related to updates and changes to the site or services, consistent with any applicable communications options we offer;
Contact you regarding NinjaOne and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you, consistent with any applicable communications options we offer;
Send you other marketing and promotional communications, consistent with any applicable communications options we offer;
Customize content, preferences, and advertising on the Services, across the Internet and elsewhere;
Create aggregated, de-identified, pseudonymized, or anonymized information;
Comply with laws, regulations, and other legal process and procedures; and
Establish, exercise, or defend our legal rights.

We also may use and disclose appropriately aggregated, de-identified, or anonymized information for any purpose.

International Data Transfers

NinjaOne is a global company, and while we strive to ensure personal data is stored and processed in the same region in which it is collected, such data may occasionally be transferred across international borders to regions such as the U.S. and EU. To the extent such cross-border transfers occur, personal data will be protected under approved mechanisms to ensure personal data is adequately protected, such as (for GDPR-regulated data) the EU-approved Standard Contractual Clauses. If you wish to exercise a right to see copies of the mechanisms that NinjaOne uses to transfer data to third parties, please contact us as described at the end of this Privacy Policy.

1. Legal Basis for Processing Information

The General Data Protection Regulation (“GDPR”) and similar laws require data controllers to explain the legal bases that justify their processing of personal information. To the extent such rules apply, our legal bases are:

- In many cases, processing personal information is necessary for our legitimate interests or the legitimate interests of others. For example, we may process personal information on this legal basis to:
- - Manage and improve our services;
  - Conduct business operations in support of our services, such as auditing, security, fraud prevention, invoicing and accounting, certain sales and marketing activities, certain analytics activities, and research and development;
  - Contact you through certain channels regarding NinjaOne and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you;
  - Create aggregated or de-identified information; or
  - Establish, exercise, or defend our legal rights.
- In some cases, processing personal information is necessary for us to comply with our legal obligations.
- In other cases, we process personal information based on your consent. For example, in some cases the following activities will be performed on the basis of consent (which may be express consent or implied consent, depending on the situation and on which laws apply):
- - Contacting you through certain channels regarding NinjaOne and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you; and
  - Conducting certain other sales, marketing and analytics activities.

Your Rights and Choices

On occasion, NinjaOne will send you messages that are service related (e.g. welcome messages, confirmation notices), related to your activity on the site, or related to updates and changes to the site or services. By default these are through email though you may opt to receive certain text messages or physical mail. You may opt out of certain messages by contacting Customer Service. NinjaOne also offers optional email newsletters to which you may subscribe or unsubscribe under your account settings, by following the instructions contained in the newsletter emails, or by providing an email address.

You can make certain choices regarding the use of cookies and similar technology as described in Section 1 above.

Depending on which laws apply to particular situations, the European Economic Area, the UK and some other jurisdictions have certain additional legal rights to do the following with personal information we handle:

obtain confirmation of whether we hold personal information about them, and receive information about how it is used and disclosed;
obtain a copy of the personal information, and in some cases, receive it in a structured, commonly used and machine-readable format, or have it transmitted to a third party in such form;
update, correct or delete the information;
object to the use or disclosure of the information;
withdraw consent previously provided for the handling of the information (without affecting the lawfulness of prior use and disclosure of the information); and
obtain a restriction on the use of the information.

For example, individuals whose personal information is subject to the GDPR have a right to opt out of our handling of their personal information for direct marketing purposes, as do individuals in Canada and many other jurisdictions.

Many of the rights described above are subject to limitations or exceptions under applicable law.

If you wish to exercise any of these rights, please contact us as described at the end of this Privacy Policy. Your request should include your name, company name, email address and physical address. NinjaOne will endeavor to address all requests as quickly as possible, but in no more than thirty days.

You also have a right to file a complaint about our privacy practices with the relevant supervisory authority, but we respectfully invite you to contact us first, as we would like to do our best to resolve any concern you may have. Complaints should be emailed to . Our privacy and/or legal teams will review the complaint, communicate about it with the business team and/or complaining party as appropriate, and attempt to reach a resolution. If you are not satisfied with our response, you may take your complaint to the relevant privacy regulator.

You can review and change your personal information by logging into the Website and visiting your account profile page. Note that in some cases, we cannot delete certain personal information except by also deleting your user account. Please understand that, without access to your personal data, NinjaOne may not be able to provide certain services. For example, NinjaOne will not be able to send you communications, sales, offers, newsletters. Additionally, it may be impossible for NinjaOne to fulfill purchases or sales without access to personal information.

Protection of Information

To help protect personal information, we have put in place physical, technical, and administrative safeguards. NinjaOne follows accepted industry best practices and standards to protect the personal information submitted to us, both during transmission and once NinjaOne receives it.

Unfortunately, the transmission of information via the internet is not completely secure. We cannot assure you that data that we collect under this Privacy Policy will never be used or disclosed in a manner that is inconsistent with this Privacy Policy. Any transmission of personal information is at your own risk, and we are not responsible for circumvention of any privacy settings or security measures contained on the Website.

The safety and security of your personal information also depends on you. You are responsible for keeping your password confidential. We urge you to be careful about giving out information in public areas of the Website like message boards, as the information you share in public areas may be viewed by any user of the Website.

Retention of Information

NinjaOne will retain your personal information for as long as your account is active or as needed to fulfill the purposes outlined in this Privacy Policy unless the law requires us to keep it for a longer period of time. To provide security and business continuity for the activities described in this Privacy Notice, we make backups of certain data, which we may retain for longer than the original data.

Additional Detail for California Residents

This Section 9 applies only to “personal information” about California residents, as that term is defined in the California Consumer Privacy Act (“CCPA”), and it supplements the information in the rest of our Privacy Policy above. Data about individuals who are not residents of California is handled differently and is not subject to the same rights described in this Section. This Section does not apply to data that NinjaOne handles in its capacity as a processor for its customers, even when such data is about a resident of California, or to other data or activities that are not subject to the relevant provisions of the CCPA.

a. Collection, Use, and Disclosure of California Personal Information

During the 12 months leading up to the effective date of this Privacy Policy, NinjaOne collected all of the information described in Section 1 of our Privacy Policy from and about California residents. You should refer to those locations for more detail, but this information generally falls into the categories listed in the chart below, to the extent it is personally identifiable. The chart also indicates the categories of third parties to whom we disclosed the data during the 12 months leading up to the effective date of this Privacy Policy.

CCPA classification, and explanation, of the California personal information we collected	Categories of third parties to whom we disclosed it
Identifiers (such as name, username, physical address, email address, and other contact information)	· Our affiliates. · Our customers. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors. · Joint marketing partners, including organizations with whom NinjaOne partners to hold events and contests. · Entities involved in dispute resolution (such as an arbitrator or an opposing party). · Entities involved in potential or actual significant corporate transactions or events involving NinjaOne or its affiliates. · Governmental entities.
Commercial information (such information provided to us in your communications, transaction data, information about interactions with NinjaOne or our partners);	Same as first row in this chart.
Professional or employment-related data (such as company name)	· Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors.
Financial data (such as payment information)	Affiliates and third parties that assist us, such as payment processors.
Internet or other network or device activity (such as IP addresses, device identifiers, cookie data, device attributes, device usage information, browsing information, metadata, and other information)	· Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors.
Professional or employment-related data (such as company name)	· Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors.
Other information that identifies or can be reasonably associated with an individual	· Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors.
Inferences drawn from any of the above	· Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors.

b. CCPA Right to Access or Delete Personal Information

If you are a California resident, California law also may permit you to request that we:

Provide you the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
Provide access to and/or a copy of certain information we hold about you.
Delete certain information we have about you.

Certain information is exempt from such requests under applicable law.

To request to exercise any of these rights and receive the fastest response, please email us as described at the end of this Privacy Policy. We will take steps to verify your identity to our satisfaction before responding to your request, which may include, depending on the type of request you are making, the sensitivity of any data you are requesting, and the nature of your relationship with us: verifying your name, asking you to click on a link that we send to your email address, requesting that you login to an account you maintain with us, or requesting that you provide us with information about our relationship that only you are likely to have.

You also may have the right to receive information about certain “financial incentives” (as defined under the CCPA) that we offer to you (if any). You also have certain rights under the CCPA not to be subject to certain negative consequences for exercising CCPA rights.

c. Requests Made by Agents

For security and legal reasons, we do not accept personal data requests that require us to use a third-party service (such as one operated by an agent) to view or respond to the requests. If you are an agent making a request on behalf of a consumer, we reserve the right to take steps to verify that you are authorized to make that request, which may include requiring you to provide us with written proof such as a notarized authentication letter or a power of attorney. We also may require the consumer to verify their identity directly with us. Because opt-out requests for sales made through cookies and related technology must be performed from each browser that is used to access our Services, it is easiest for the consumer to perform such opt-outs themselves. However, if a consumer wishes for an agent to perform browser-based requests on their behalf, the consumer may arrange for the agent to use the consumer’s browser to make such requests. We are not responsible for the security risks of this or any other arrangements that a consumer may have with an agent. For clarity, this is not permission for any user to share their login credentials with an agent or any third party. Such sharing is prohibited and is not required for an agent to make requests under this Privacy Policy.

Updates and Changes to This Policy

NinjaOne may update this Privacy Policy from time to time, such as to reflect changes in our practices or for legal reasons. We will post those changes here or on a similarly accessible page.

Contact Information

If you have questions, concerns, or suggestions you can contact us, by sending an email to , or at:

NinjaOne, LLC
816 Congress Ave, Suite 1670
Austin, TX 78701

NinjaOne GmbH
Alexanderstraße 1
10178 Berlin

Lead Data Protection Authority

NinjaOne’s lead data protection authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Behördlicher Datenschutzbeauftragter
Friedrichstr. 219, 10969 Berlin
+49 30 13889-406

You may lodge any complaints about NinjaOne’s data processing under the GDPR with this Lead Data Protection Authority, but we respectfully invite you to contact us first, as we would like to do our best to resolve any concern you may have.

Data Protection Officer

You can contact the NinjaOne Data Protection Officer by emailing: .

Cookie	Duration	Description
_vwo_ds	3 months	This cookie is set by the provider Visual Website Optimiser. This cookie is used for collecting information on how visitors interact with the pages on website.
_vwo_sn	30 minutes	This cookie is set by the provider Visual Website Optimiser. This cookie is used for collecting information on how visitors interact with the pages on website. It collect statistical data such as number of visit, average time spent on the website, what pages haves been read.
_vwo_uuid	10 years	This cookie generates a unique ID for every visitor and is used for the report segmentation feature in VWO. Also, this cookie allows you to view data in a more refined manner. If you have the campaign running on multiple domains, you will notice campaign-specific UUID values.
_vwo_uuid_v2	1 year	This cookie is set by Visual Website Optimiser and is used to measure the performance of different versions of web pages.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
ninja	1 month	No description
ninja_added	session	No description
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie is set by CloudFlare. The cookie is used to support Cloudflare Bot Management.
_vis_opt_test_cookie	session	This cookie is set by Visual Website Optimiser and is a session cookie generated to detect if the cookies are enabled on the browser of the user or not.
geoData		First-party cookie. Stores geoIP data in order to display appropriate phone numbers and content for your region.

Cookie	Duration	Description
_biz_flagsA	1 year	This cookie is set by Bizible. A single cookie that stores multiple information, such as whether or not the user has submitted a form, performed a crossdomain migration, sent a viewthrough pixel, opted out from tracking, etc.
_biz_nA	1 year	This cookie is set by Bizible and is used to store a sequence number that Bizible includes for all requests, for internal diagnostics purpose.
_biz_pendingA	1 year	This cookie is set by Bizible. Temporarily stores analytics data that has not been successfully sent to Marketo Measure server yet.
_biz_sid	30 minutes	This cookie is set by Bizible. The cookie is used to store the session ID of the user.
_biz_uid	1 year	This cookie is set by Bizible and is used to store the user ID on the current domain.
_hjIncludedInSessionSample	2 minutes	This is a Hotjar cookie set to determine if a user is included in the data sampling defined by the site's daily session limit.
YSC	session	This cookie is set by YouTube and is used to track the views of embedded videos.

Cookie	Duration	Description
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	The cookie is set by Google Analytics. The cookie is used to determine new sessions/visits. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmc	session	The cookie is set by Google Analytics and is deleted when the user closes the browser. The cookie is not used by ga.js. The cookie is used to enable interoperability with urchin.js which is an older version of Google analytics and used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmz	6 months	This cookie is set by Google analytics and is used to store the traffic source or campaign through which the visitor reached your site.
_BUID	1 year	This cookie is used to store a universal user ID to identify the same user across multiple clients' domains.
_dc_gtm_UA-100000610-1	1 minute	This is a Google Analytics cookie used to store the number of service requests.
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat	1 minute	This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.
_gat_UA-100000610-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gd_session	4 hours	This cookie is used for collecting information on users visit to the website. It collects data such as total number of visits, average time spent on the website and the pages loaded.
_gd_svisitor	2 years	This cookie is set by the Google Analytics. This cookie is used for tracking the signup commissions via affiliate program.
_gd_visitor	2 years	This cookie is used for collecting information on the users visit such as number of visits, average time spent on the website and the pages loaded for displaying targeted ads.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_uetsid	1 day	This cookies are used to collect analytical information about how visitors use the website. This information is used to compile report and improve site.
_vis_opt_s	3 months 8 days	This cookie is set by Visual Website Optimiser and is used to detect if the user is new or returning to a particular campaign.
6suuid	2 years	This is a 6sense cookie. Registers user behaviour and navigation on the website, and any interaction with active campaigns. This is used for optimizing advertisement and for efficient retargeting.
DriftPlaybook	session	This is a Drift cookie.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
page	1 month	No description
pardot	past	The cookie is set when the visitor is logged in as a Pardot user.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
_an_uid	7 days	This is a 6sense cookie. Presents the user with relevant content and advertisement. The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers.
_rdt_uuid	3 months	This cookie is set by Reddit and is used for remarketing on reddit.com
_uetvid	1 year 24 days	This is a Bing Ads cookie to store and track visits across websites.
MUID	1 year 24 days	Used by Microsoft as a unique identifier. The cookie is set by embedded Microsoft scripts. The purpose of this cookie is to synchronize the ID across many different Microsoft domains to enable user tracking.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

NinjaOne Privacy Policy

Last updated: August 26, 2022

Products

Resources

Company

Compliance