NinjaOne Privacy Policy

Last updated: August 26, 2022

As a global company with customers in nearly every country in the world, here at NinjaOne, protecting the personal data of our customers and their end-users is, and has always been, of the utmost priority.

This Privacy Policy covers the practices of NinjaOne, LLC and its affiliated companies (“NinjaOne” or “NinjaRMM GmbH” or “we” or “us”) concerning personal information that we handle in the context of offering or providing our services, including any such information we may collect from you or that you may provide when you visit the websites NinjaOne.com or any of our other websites that link to this Privacy Policy (collectively, our “Website”).

This policy is not a contract between NinjaOne and its users, but is merely a recitation of current NinjaOne policies. Please read this policy carefully to understand our policies and practices regarding personal information and how we will treat it. This policy may change from time to time, so please check the policy periodically for updates.

A special note about data processed by our software and services:

NinjaOne software and services allow NinjaOne customers to collect, distribute, visualize, and otherwise manage their own data. In many use cases, this data stays entirely within the customer's network, and NinjaOne has no access to it. In the limited situations and configurations in which NinjaOne has access to a portion of a customer's data, NinjaOne processes it solely to provide our service to that particular customer. NinjaOne handles that data solely pursuant to our contract with that customer, not pursuant to NinjaOne's own Privacy Policy. Thus, for example, the reference in this Privacy Policy to using personal data to send marketing and promotional communications does not apply to that customer data.

To the extent the data we receive through our services relates to an identified or identifiable individual, NinjaOne handles such data solely as the customer's "processor" within the meaning of the General Data Protection Regulation ("GDPR") and similar laws, and solely as the customer's "service provider'' within the meaning of the California Consumer Privacy Act ("CCPA"). Any inquiries or requests relating to such data should be directed to the relevant customer, not to NinjaOne.

This Privacy Policy contains the following sections:

Information We Collect
Use of Information
Sharing of Information
International Data Transfers
Legal Basis for Processing Information
Your Rights and Choices
Protection of Information
Retention of Information
Additional Detail for California Residents
Updates and Changes to This Policy
Contact Information
Lead Data Protection Authority
Data Protection Officer

Information We Collect

a. Information You Provide to Us

You may provide the following types of information to us:

Contact details, such as name, physical address, email address, phone number, company name;
Username and/or password for our Website and products;
Information about your purchases and other business interactions with us;
Utilization data and configuration settings related to your use of our products;
Information about your interests and preferences;
Content of tickets you submit;
Information you provide in filling in forms and surveys, registering to use our Website, entering a promotion sponsored by us, contacting us, and posting content to our online forums; and
Search queries you make on our Website.

b. Cookies and Other Information Collection Technology

Through our online properties, we and third parties may collect information from your computer or other device by automated means such as cookies, web beacons, local storage, JavaScript, mobile-device functionality and other computer code.

This information may include unique browser identifiers, IP address, browser and operating system information, device identifiers (such as advertising identifiers), location data, other device information, Internet connection information, as well as details about your interactions with the relevant website, email, or other online property (for example, the URL of the third-party website from which you came, the pages on our website that you visit, and the links you click on in a website). In some cases (such as cookies), the tools described here involve storing unique identifiers or other information on your device for later use.

These technologies help:

Display personalized content;
Store information about your preferences, allowing us to customize our Website according to your individual interests;
Perform analytics, estimate our audience size and usage patterns, and better understand the demographics of users;
Diagnose and fix technology problems;
Plan for and enhance our business; and
Facilitate the other uses and disclosures described in this Privacy Policy.

To opt out of Google Analytics, you can visit the Google Ads Settings page from each browser. Google also allows you to install a Google Analytics Opt-out Browser Add-on for each browser.

We do not handle or monitor browser-based “Do Not Track” signals, but we do provide you with the ability to control certain cookies and similar tracking technologies. You may be able to set your browser to refuse certain types of cookies, or to alert you when certain types of cookies are being used. Some browsers offer similar settings for HTML5 local storage and other technologies. However, if you disable or refuse cookies, local storage, JavaScript or other technologies, please note that certain websites (including some parts of our Website) may then be inaccessible or not function properly.

For additional information on how NinjaOne uses and handles cookies and other tracking technology, please see our Cookie Policy.

c. Information From Third Parties

We may also receive personal information from third parties, including our service providers, affiliates, and partners such as organization with whom we partner on events and contests, resellers, customers, technology vendors, business information vendors, and list brokers, as well as from publicly available sources such as LinkedIn and company websites. We may combine some of that information with other information we have about you.

Use of Information

We and our service providers use the information described above for the following purposes:

Administer your account, including to process your registration and verify your information;
Provide, manage, and improve our services;
Conduct business operations in support of our services, such as auditing, security, fraud prevention, invoicing and accounting, sales and marketing, analytics, and research and development;
Send messages that are service-related messages (e.g., welcome messages, confirmation notices), related to your activity on the site, or related to updates and changes to the site or services, consistent with any applicable communications options we offer;
Contact you regarding NinjaOne and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you, consistent with any applicable communications options we offer;
Send you other marketing and promotional communications, consistent with any applicable communications options we offer;
Customize content, preferences, and advertising on the Services, across the Internet and elsewhere;
Create aggregated, de-identified, pseudonymized, or anonymized information;
Comply with laws, regulations, and other legal process and procedures; and
Establish, exercise, or defend our legal rights.

We also may use and disclose appropriately aggregated, de-identified, or anonymized information for any purpose.

International Data Transfers

NinjaOne is a global company, and while we strive to ensure personal data is stored and processed in the same region in which it is collected, such data may occasionally be transferred across international borders to regions such as the U.S. and EU. To the extent such cross-border transfers occur, personal data will be protected under approved mechanisms to ensure personal data is adequately protected, such as (for GDPR-regulated data) the EU-approved Standard Contractual Clauses. If you wish to exercise a right to see copies of the mechanisms that NinjaOne uses to transfer data to third parties, please contact us as described at the end of this Privacy Policy.

1. Legal Basis for Processing Information

The General Data Protection Regulation (“GDPR”) and similar laws require data controllers to explain the legal bases that justify their processing of personal information. To the extent such rules apply, our legal bases are:

- In many cases, processing personal information is necessary for our legitimate interests or the legitimate interests of others. For example, we may process personal information on this legal basis to:
- - Manage and improve our services;
  - Conduct business operations in support of our services, such as auditing, security, fraud prevention, invoicing and accounting, certain sales and marketing activities, certain analytics activities, and research and development;
  - Contact you through certain channels regarding NinjaOne and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you;
  - Create aggregated or de-identified information; or
  - Establish, exercise, or defend our legal rights.
- In some cases, processing personal information is necessary for us to comply with our legal obligations.
- In other cases, we process personal information based on your consent. For example, in some cases the following activities will be performed on the basis of consent (which may be express consent or implied consent, depending on the situation and on which laws apply):
- - Contacting you through certain channels regarding NinjaOne and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you; and
  - Conducting certain other sales, marketing and analytics activities.

Your Rights and Choices

On occasion, NinjaOne will send you messages that are service related (e.g. welcome messages, confirmation notices), related to your activity on the site, or related to updates and changes to the site or services. By default these are through email though you may opt to receive certain text messages or physical mail. You may opt out of certain messages by contacting Customer Service. NinjaOne also offers optional email newsletters to which you may subscribe or unsubscribe under your account settings, by following the instructions contained in the newsletter emails, or by providing an email address.

You can make certain choices regarding the use of cookies and similar technology as described in Section 1 above.

Depending on which laws apply to particular situations, the European Economic Area, the UK and some other jurisdictions have certain additional legal rights to do the following with personal information we handle:

obtain confirmation of whether we hold personal information about them, and receive information about how it is used and disclosed;
obtain a copy of the personal information, and in some cases, receive it in a structured, commonly used and machine-readable format, or have it transmitted to a third party in such form;
update, correct or delete the information;
object to the use or disclosure of the information;
withdraw consent previously provided for the handling of the information (without affecting the lawfulness of prior use and disclosure of the information); and
obtain a restriction on the use of the information.

For example, individuals whose personal information is subject to the GDPR have a right to opt out of our handling of their personal information for direct marketing purposes, as do individuals in Canada and many other jurisdictions.

Many of the rights described above are subject to limitations or exceptions under applicable law.

If you wish to exercise any of these rights, please contact us as described at the end of this Privacy Policy. Your request should include your name, company name, email address and physical address. NinjaOne will endeavor to address all requests as quickly as possible, but in no more than thirty days.

You also have a right to file a complaint about our privacy practices with the relevant supervisory authority, but we respectfully invite you to contact us first, as we would like to do our best to resolve any concern you may have. Complaints should be emailed to . Our privacy and/or legal teams will review the complaint, communicate about it with the business team and/or complaining party as appropriate, and attempt to reach a resolution. If you are not satisfied with our response, you may take your complaint to the relevant privacy regulator.

You can review and change your personal information by logging into the Website and visiting your account profile page. Note that in some cases, we cannot delete certain personal information except by also deleting your user account. Please understand that, without access to your personal data, NinjaOne may not be able to provide certain services. For example, NinjaOne will not be able to send you communications, sales, offers, newsletters. Additionally, it may be impossible for NinjaOne to fulfill purchases or sales without access to personal information.

Protection of Information

To help protect personal information, we have put in place physical, technical, and administrative safeguards. NinjaOne follows accepted industry best practices and standards to protect the personal information submitted to us, both during transmission and once NinjaOne receives it.

Unfortunately, the transmission of information via the internet is not completely secure. We cannot assure you that data that we collect under this Privacy Policy will never be used or disclosed in a manner that is inconsistent with this Privacy Policy. Any transmission of personal information is at your own risk, and we are not responsible for circumvention of any privacy settings or security measures contained on the Website.

The safety and security of your personal information also depends on you. You are responsible for keeping your password confidential. We urge you to be careful about giving out information in public areas of the Website like message boards, as the information you share in public areas may be viewed by any user of the Website.

Retention of Information

NinjaOne will retain your personal information for as long as your account is active or as needed to fulfill the purposes outlined in this Privacy Policy unless the law requires us to keep it for a longer period of time. To provide security and business continuity for the activities described in this Privacy Notice, we make backups of certain data, which we may retain for longer than the original data.

Additional Detail for California Residents

This Section 9 applies only to “personal information” about California residents, as that term is defined in the California Consumer Privacy Act (“CCPA”), and it supplements the information in the rest of our Privacy Policy above. Data about individuals who are not residents of California is handled differently and is not subject to the same rights described in this Section. This Section does not apply to data that NinjaOne handles in its capacity as a processor for its customers, even when such data is about a resident of California, or to other data or activities that are not subject to the relevant provisions of the CCPA.

a. Collection, Use, and Disclosure of California Personal Information

During the 12 months leading up to the effective date of this Privacy Policy, NinjaOne collected all of the information described in Section 1 of our Privacy Policy from and about California residents. You should refer to those locations for more detail, but this information generally falls into the categories listed in the chart below, to the extent it is personally identifiable. The chart also indicates the categories of third parties to whom we disclosed the data during the 12 months leading up to the effective date of this Privacy Policy.

CCPA classification, and explanation, of the California personal information we collected	Categories of third parties to whom we disclosed it
Identifiers (such as name, username, physical address, email address, and other contact information)	· Our affiliates. · Our customers. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors. · Joint marketing partners, including organizations with whom NinjaOne partners to hold events and contests. · Entities involved in dispute resolution (such as an arbitrator or an opposing party). · Entities involved in potential or actual significant corporate transactions or events involving NinjaOne or its affiliates. · Governmental entities.
Commercial information (such information provided to us in your communications, transaction data, information about interactions with NinjaOne or our partners);	Same as first row in this chart.
Professional or employment-related data (such as company name)	· Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors.
Financial data (such as payment information)	Affiliates and third parties that assist us, such as payment processors.
Internet or other network or device activity (such as IP addresses, device identifiers, cookie data, device attributes, device usage information, browsing information, metadata, and other information)	· Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors.
Professional or employment-related data (such as company name)	· Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors.
Other information that identifies or can be reasonably associated with an individual	· Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors.
Inferences drawn from any of the above	· Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors.

b. CCPA Right to Access or Delete Personal Information

If you are a California resident, California law also may permit you to request that we:

Provide you the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
Provide access to and/or a copy of certain information we hold about you.
Delete certain information we have about you.

Certain information is exempt from such requests under applicable law.

To request to exercise any of these rights and receive the fastest response, please email us as described at the end of this Privacy Policy. We will take steps to verify your identity to our satisfaction before responding to your request, which may include, depending on the type of request you are making, the sensitivity of any data you are requesting, and the nature of your relationship with us: verifying your name, asking you to click on a link that we send to your email address, requesting that you login to an account you maintain with us, or requesting that you provide us with information about our relationship that only you are likely to have.

You also may have the right to receive information about certain “financial incentives” (as defined under the CCPA) that we offer to you (if any). You also have certain rights under the CCPA not to be subject to certain negative consequences for exercising CCPA rights.

c. Requests Made by Agents

For security and legal reasons, we do not accept personal data requests that require us to use a third-party service (such as one operated by an agent) to view or respond to the requests. If you are an agent making a request on behalf of a consumer, we reserve the right to take steps to verify that you are authorized to make that request, which may include requiring you to provide us with written proof such as a notarized authentication letter or a power of attorney. We also may require the consumer to verify their identity directly with us. Because opt-out requests for sales made through cookies and related technology must be performed from each browser that is used to access our Services, it is easiest for the consumer to perform such opt-outs themselves. However, if a consumer wishes for an agent to perform browser-based requests on their behalf, the consumer may arrange for the agent to use the consumer’s browser to make such requests. We are not responsible for the security risks of this or any other arrangements that a consumer may have with an agent. For clarity, this is not permission for any user to share their login credentials with an agent or any third party. Such sharing is prohibited and is not required for an agent to make requests under this Privacy Policy.

Updates and Changes to This Policy

NinjaOne may update this Privacy Policy from time to time, such as to reflect changes in our practices or for legal reasons. We will post those changes here or on a similarly accessible page.

Contact Information

If you have questions, concerns, or suggestions you can contact us, by sending an email to , or at:

NinjaOne, LLC
816 Congress Ave, Suite 1670
Austin, TX 78701

NinjaOne GmbH
Alexanderstraße 1
10178 Berlin

Lead Data Protection Authority

NinjaOne’s lead data protection authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Behördlicher Datenschutzbeauftragter
Friedrichstr. 219, 10969 Berlin
+49 30 13889-406

You may lodge any complaints about NinjaOne’s data processing under the GDPR with this Lead Data Protection Authority, but we respectfully invite you to contact us first, as we would like to do our best to resolve any concern you may have.