Privacy Policy
Last updated: October 20, 2023
A special note about data processed by our software and services:
NinjaOne software and services allow NinjaOne customers to collect, distribute, visualize, and otherwise manage their own data. In many use cases, this data stays entirely within the customer’s network, and NinjaOne has no access to it. In the limited situations and configurations in which NinjaOne has access to a portion of a customer’s data, NinjaOne processes it solely to provide our service to that particular customer. NinjaOne handles that data solely pursuant to our contract with that customer, not pursuant to NinjaOne’s own Privacy Policy. Thus, for example, the reference in this Privacy Policy to using personal information to send marketing and promotional communications does not apply to that customer data.
To the extent the data we receive through our services relates to an identified or identifiable individual, NinjaOne handles such data solely as the customer’s “processor” within the meaning of the General Data Protection Regulation (“GDPR”) and similar laws, and solely as the customer’s “service provider” within the meaning of the California Consumer Privacy Act (“CCPA”). Any inquiries or requests relating to such data should be directed to the relevant customer, not to NinjaOne.
- Information We Collect
- Use of Information
- Disclosure of Information
- EU-U.S. and Swiss-U.S. Data Privacy Framework
- Legal Basis for Processing Information
- Your Rights and Choices
- Protection of Information
- Retention of Information
- Updates and Changes to This Policy
- Contact Information
- Lead Data Protection Authority
- Data Protection Officer
- Dispute Resolution
- Additional Detail for California Residents
- Information We Collect
a. Information You Provide to Us
You may provide the following types of information to us:
- Identifiers (such as name, username, physical address, email address, and other contact information);
- Commercial information (such as information provided to us in your communications, transaction data, information about interactions with NinjaOne or our partners, content of tickets you submit, information about your interests and preferences, information you provide in entering a promotion sponsored by us, and your posts to our online forums);
- Financial data (such as payment information);
- Internet or other network or device activity (such as IP addresses, device identifiers, cookie data, device attributes, device usage information, browsing information, metadata, and other information; and utilization data and configuration settings related to your use of our products);
- Professional or employment-related data (such as company name);
- Other information that identifies or can be reasonably associated with you; and
- Inferences drawn from any of the above.
b. Cookies and Other Information Collection Technology
Through our online properties, we and third parties may collect information from your computer or other device by automated means such as cookies, web beacons, local storage, JavaScript, mobile-device functionality, and other computer code.
This information may include unique browser identifiers, IP address, browser and operating system information, device identifiers (such as advertising identifiers), location data, other device information, Internet connection information, as well as details about your interactions with the relevant website, email, or other online property (for example, the URL of the third-party website from which you came, the pages on our website that you visit, and the links you click on in a website). In some cases (such as cookies), the tools described here involve storing unique identifiers or other information on your device for later use.
These technologies help:
- Display personalized content;
- Store information about your preferences, allowing us to customize our Website according to your individual interests;
- Perform analytics, estimate our audience size and usage patterns, and better understand the demographics of users;
- Diagnose and fix technology problems;
- Plan for and enhance our business; and
- Facilitate the other uses and disclosures described in this Privacy Policy.
c. Information From Third Parties
We may also receive personal information from third parties, including our service providers, affiliates, and partners (such as organizations with whom we partner on events and contests, resellers, customers, technology vendors, business information vendors, and list brokers), as well as from publicly available sources (such as LinkedIn and company websites). We may combine some of that information with other information we have about you.
- Use of Information
We and our service providers use the information described above for the following purposes:
- Administer your account, including to process your registration and verify your information;
- Provide, manage, and improve our services;
- Conduct business operations in support of our services, such as auditing, security, fraud prevention, invoicing and accounting, sales and marketing, analytics, and research and development;
- Send messages that are related to services we provide (e.g., welcome messages and confirmation notices, and the like), your activity on the Website, or updates and changes to the Website or services, consistent with any applicable communications options we offer;
- Contact you regarding NinjaOne and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you, consistent with any applicable communications options we offer;
- Send you other marketing and promotional communications, consistent with any applicable communications options we offer;
- Customize content, preferences, and advertising on the services, across the Internet and elsewhere;
- Create aggregated, de-identified, or anonymized information;
- Comply with laws, regulations, and other legal process and procedures; and
- Establish, exercise, or defend our legal rights.
We also may use and disclose appropriately aggregated, de-identified, or anonymized information for any lawful purpose.
- Disclosure of Information
NinjaOne discloses personal information as follows:
- To Customers: We disclose personal information to our customers.
- To Service Providers: We may disclose personal information to companies that provide services to us or to you, such as providers of data storage, marketing, web hosting, security, analytics, and fraud prevention.
- To Affiliates: We may disclose personal information to other members of our corporate family for the purposes described in this Privacy Policy.
- Corporate Transactions: We may disclose personal information as part of, or to take steps in anticipation of, a sale of all or a portion of our business, a divestiture, merger, consolidation, asset sale, bankruptcy, or other significant corporate event.
- To Other Users: When you disclose personal information by posting content to public areas of the Website like message boards, such personal information may be viewed by all users and may be publicly distributed in perpetuity.
- To Business Partners: We may disclose information to business partners, such as organizations with whom NinjaOne partners to hold events and contests.
- Legal: We may disclose information when we believe disclosure is appropriate due to a subpoena or similar investigative demand, a court order, or other request from a law enforcement or government agency; or as otherwise required by law.
- Protection of NinjaOne and Others: We may disclose information when we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud, or other wrongdoing; to protect and defend the rights, property, or safety of our company, our employees, our customers, or others; and to enforce our terms and other agreements.
- Your Consent: If you have consented to additional disclosure of certain personal information, we may also disclose that personal information consistent with your consent.
In some cases, we may disclose appropriately aggregated, de-identified, or anonymized information in these or other circumstances.
NinjaOne is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). We may be required to disclose personal information that we handle under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF (UK-U.S. DPF), or the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) (collectively, the “DPFs”) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you are an EU resident and your personal data is transferred to a NinjaOne affiliate or to service providers located outside the EU, we will take steps to ensure that your personal data receives the same level of protection as if it remained within the EU, including by participating in the DPFs, and by entering into data transfer agreements using the European Commission approved Standard Contractual Clauses.. You have a right to obtain details of the mechanism under which your personal data is transferred outside of the EU by contacting [email protected].
If you are located in Australia, your personal data may be transferred to a NinjaOne affiliate located in Germany, Romania, the United Kingdom, and the United States. In such instances, we take reasonable steps to ensure that the recipient complies with the Australian Privacy Principles or is bound by a substantially similar privacy scheme before disclosing your personal data to it.
NinjaOne reserves the right to share any information that you provide that is not deemed personal data and/or is not otherwise subject to contractual restrictions.
- EU-U.S., UK-U.S. and Swiss-U.S. Data Privacy Frameworks
NinjaOne complies with the EU-U.S. DPF, the UK-U.S. DPF, and the Swiss-U.S. DPF, as set forth by the U.S. Department of Commerce. NinjaOne has certified to the U.S. Department of Commerce that we adhere to the EU-U.S. DPF Principles with regard to the processing of personal data received from the EU in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK-U.S. DPF. In addition, NinjaOne has certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the respective Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/. As described in the “Disclosure of Personal Data” section above, we transfer personal data from the European Union, the United Kingdom, and Switzerland to our affiliates and other entities located outside those countries. We remain responsible for the personal data we receive and transfer onward under the DPF Program.
In compliance with the DPF Principles, NinjaOne commits to resolve complaints about your privacy and our collection or use of your personal data. Data subjects with inquiries or complaints regarding this Privacy Policy should first contact NinjaOne at: [email protected].
Under certain conditions, more fully described on the DPF website here , you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
NinjaOne will renew our DPF certifications annually, unless we subsequently determine that we no longer need such certification or if we employ a different adequacy mechanism. Prior to the re-certification, NinjaOne will conduct an in-house verification to ensure that our attestations and assertions with regard to our treatment of personal data are accurate and that we have appropriately implemented these practices.
- Legal Basis for Processing Information
The General Data Protection Regulation (“GDPR”) and similar laws require data controllers to explain the legal bases that justify their processing of personal information. To the extent such rules apply, our legal bases are:
- In many cases, processing personal information is necessary for our legitimate interests or the legitimate interests of others. For example, we may process personal information on this legal basis to:
- Manage and improve our services;
- Conduct business operations in support of our services, such as auditing, security, fraud prevention, invoicing and accounting, certain sales and marketing activities, certain analytics activities, and research and development;
- Contact you through certain channels regarding NinjaOne and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you;
- Create aggregated, de-identified, or anonymized information; or
- Establish, exercise, or defend our legal rights.
- In some cases, processing personal information is necessary for us to comply with our legal obligations.
- In other cases, we process personal information based on your consent. For example, in some cases the following activities will be performed on the basis of consent (which may be express consent or implied consent, depending on the situation and on which laws apply):
- Contacting you through certain channels regarding NinjaOne and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you; and
- Conducting certain other sales, marketing, and analytics activities.
- Your Rights and Choices
On occasion, NinjaOne will send you messages that are related to services we provide (e.g., welcome messages, confirmation notices, and the like), your activity on the Website, or updates and changes to the Website or services. By default, these are through email, though we may send you messages in other ways (e.g., text messages or physical mail). If you would like to opt out of these messages, please contact us as described at the end of this Privacy Policy. NinjaOne may also send email newsletters or promotional emails, to which you may unsubscribe by following the instructions contained in the emails.
We do not handle or monitor browser-based “Do Not Track” signals, but, depending on your jurisdiction, you may have the ability to control certain cookies and similar tracking technologies. Below, we describe various options for adjusting your preferences for our use of various technologies on the Website in a particular browser. For most of the cookie preference options described below, your opt-out will be stored as a cookie. That means that you can undo your opt-out by manually clearing the cookies in your browser or by using a browser that automatically clears cookies. Depending on where you are and some other factors, this may reactivate the sorts of cookies that your previous preference had stopped. If you do that and then decide to opt-out again for that browser, you will need to perform the relevant opt-out steps again in that browser.
Depending on your jurisdiction, you may be able to adjust your preferences about how certain cookies and certain similar technologies are used on our Website by clicking on a Cookie Preferences link in the Website’s footer. You should repeat this process with each browser you use to visit the Website. Google also allows you to install a Google Analytics Opt-out Browser Add-on in some kinds of browsers.
To learn more about interest-based advertising generally, or to use a different method to opt out of targeted, interest-based ads by some of our current ad service partners, visit aboutads.info/choices or youronlinechoices.eu from each browser you use.
In addition, you may be able to set your web browser to refuse certain types of cookies, or to alert you when certain types of cookies are being sent. Some browsers offer similar settings for HTML5 local storage, and Flash storage can be managed as described here. However, if you block or otherwise reject our cookies, local storage, JavaScript, or other technologies, certain websites (including some of our own Website) may not function properly.
If you replace, change, or upgrade your browser, or delete your cookies, or use a browser that automatically clears cookies, you may need to use these opt-out tools again.
Please visit your mobile device manufacturer’s website (or the website for its operating system) for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation. Please note, however, that we do not respond to browser-based “Do-Not-Track” signals at this time.
Depending on which laws apply to particular situations, individuals in the European Economic Area, the UK, and some other jurisdictions have certain additional legal rights to do the following with personal information we handle:
- obtain confirmation of whether we hold personal information about them, and receive information about how it is used and disclosed;
- obtain a copy of the personal information, and in some cases, receive it in a structured, commonly used and machine-readable format, or have it transmitted to a third party in such form;
- update, correct, or delete the information;
- object to the use or disclosure of the information;
- withdraw consent previously provided for the handling of the information (without affecting the lawfulness of prior use and disclosure of the information); and
- obtain a restriction on the use of the information.
For example, individuals whose personal information is subject to the GDPR have a right to opt out of our handling of their personal information for direct marketing purposes, as do individuals in Canada and many other jurisdictions.
Many of the rights described above are subject to limitations or exceptions under applicable law.
For information about Californians’ privacy rights under California law, including how to exercise those rights, please see Section 13 below. If you wish to exercise any other privacy or data protection rights, please contact us as described at the end of this Privacy Policy. Your request should include your name, company name, email address, and physical address. NinjaOne will endeavor to address all requests as quickly as possible, but in no more than 30 days.
You also have a right to file a complaint about our privacy practices with the relevant supervisory authority, but we respectfully invite you to contact us first, as we would like to do our best to resolve any concern you may have. Complaints should be emailed to [email protected]. Our privacy and/or legal team(s) will review the complaint, communicate about it with the business team and/or complaining party as appropriate, and attempt to reach a resolution. If you are not satisfied with our response, you may take your complaint to the relevant privacy regulator.
- Protection of Information
We use various physical, technical, and administrative safeguards to help protect the personal information submitted to us. Unfortunately, no technology is completely secure. Any transmission of personal information is at your own risk, and we are not responsible for circumvention of any privacy settings or security measures contained on the Website.
The safety and security of your personal information also depends on you. We urge you to be careful about giving out information in public areas of the Website like message boards, as the information you disclose in public areas may be viewed by any user of the Website.
- Retention of Information
- Updates and Changes to This Policy
NinjaOne may update this Privacy Policy from time to time, such as to reflect changes in our practices or for legal reasons. We will post those changes here or on a similarly accessible page.
- Contact Information
If you have questions, concerns, or suggestions you can contact us, by sending an email to [email protected], or at:
NinjaOne, LLC
3687 Tampa Road, Suite 200
Oldsmar, FL 34677
NinjaOne GmbH
Alexanderstraße 1
10178 Berlin
- Lead Data Protection Authority
NinjaOne’s lead data protection authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Behördlicher Datenschutzbeauftragter
Friedrichstr. 219, 10969 Berlin
+49 30 13889-406
[email protected]
- Data Protection Officer
You can contact the NinjaOne Data Protection Officer by emailing: [email protected].
- Dispute Resolution
In compliance with the Data Privacy Framework Principles and applicable privacy laws, NinjaOne commits to promptly resolve complaints about privacy and our collection or use of personal data. Individuals with questions, concerns, or complaints about the use of their personal data should contact us by emailing [email protected] or using the contact details set out in Section 10 of this Privacy Policy and identify the company or other organization with whom they are affiliated or for whom their data was collected, if the collection was for a current or prospective NinjaOne customer. We will respond to your concern or complaint within 30 days, or the time prescribed by applicable law.
In compliance with the DPFs, NinjaOne commits to refer unresolved complaints concerning our handling of personal data received in reliance on the DFPs to VeraSafe, an alternative dispute resolution provider based in the United States, the European Union, the United Kingdom, and/or Switzerland (as applicable). If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://verasafe.com/privacy-solutions/data-privacy-framework-dispute-resolution-program/ for more information or to file a complaint. The services of VeraSafe are provided at no cost to you.
If you are located in Australia and you are not satisfied with the way we have handled a privacy complaint, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au for further information.
- Additional Detail for California Residents
A. Collection, Retention, and Use of California Personal Information
During the 12 months leading up to the effective date of this Privacy Policy, NinjaOne collected the categories of personal information described below. We intend to retain this information for as long as we feel it is necessary for the purposes described further below, or for any longer period required by law. Because we may collect and use the same category of personal information for different purposes and in different contexts, there is no general fixed retention period that always will apply to a particular category of personal information. Examples of how long we normally intend to retain personal information in certain situations are set forth below.Category of personal information | Examples of how long we normally plan to keep this information |
Identifiers (such as name, username, physical address, email address, and other contact information) | We may retain identifiers associated with points of contact within existing customers for the duration of the customer’s contract with NinjaOne, and for 2 years after that for related administration and sales purposes. We may retain identifiers associated with non-customer persons until 1 year after they unsubscribe from emails, or 1 year after the person’s last interaction with NinjaOne (whichever is greater) for analytics purposes. |
Commercial information (such as information provided to us in your communications, transaction data, and information about interactions with NinjaOne or our partners); | We may retain information on a person’s interest in our products for up to 1 year after the person’s last interaction with NinjaOne, or 2 years after the end of their organization’s contract with NinjaOne. |
Financial data (such as payment information) | We may retain financial data for 7 years in support of financial statements/filings and key financial or business process controls. |
Internet or other network or device activity (such as IP addresses, device identifiers, cookie data, device attributes, device usage information, browsing information, metadata, and other information) | We retain the internet and other network device activity information of our existing customers for the duration of the customer’s contract with NinjaOne, and for 2 years after that for account authentication, fraud detection, and other cybersecurity purposes. |
Professional or employment-related data (such as company name) | We typically retain professional or employment data of our customers’ and prospective customers’ personnel for 1 year after the person’s last interaction with NinjaOne, or 2 years after the end of a customer’s contract with NinjaOne. |
Inferences drawn from any of the above | We often retain inferences for the same period of time for which we retain the underlying data. |
- Administer your account, including to process your registration and verify your information;
- Provide, manage, and improve our services;
- Conduct business operations in support of our services, such as auditing, security, fraud prevention, invoicing and accounting, sales and marketing, analytics, and research and development;
- Send messages that are related to services we provide (g., welcome messages, confirmation notices, and the like), your activity on the Website, or updates and changes to the Website or services, consistent with any applicable communications options we offer;
- Contact you regarding NinjaOne and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you, consistent with any applicable communications options we offer;
- Send you other marketing and promotional communications, consistent with any applicable communications options we offer;
- Customize content, preferences, and advertising on the services, across the Internet and elsewhere;
- Create aggregated, de-identified, or anonymized information;
- Comply with laws, regulations, and other legal process and procedures; and
- Establish, exercise, or defend our legal rights.
Category of personal information | Categories of entities to whom we disclosed it |
Identifiers (such as name, username, physical address, email address, and other contact information) | · Our affiliates. · Our customers. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors. · Joint marketing partners, including organizations with whom NinjaOne partners to hold events and contests. · Entities involved in dispute resolution (such as an arbitrator or an opposing party). · Entities involved in potential or actual significant corporate transactions or events involving NinjaOne or its affiliates. · Governmental entities. |
Commercial information (such information provided to us in your communications, transaction data, information about interactions with NinjaOne or our partners); | Same as first row in this chart. |
Financial data (such as payment information) | Affiliates and third parties that assist us, such as payment processors. |
Internet or other network or device activity (such as IP addresses, device identifiers, cookie data, device attributes, device usage information, browsing information, metadata, and other information) | · Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors. |
Professional or employment-related data (such as company name) | · Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors. |
Other information that identifies or can be reasonably associated with an individual | · Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors. |
Inferences drawn from any of the above | · Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors. |
b. CCPA Right to Access, Correct, or Delete Personal Information
If you are a California resident, California law also may permit you to request that we:- Provide access to and/or a copy of certain information we have about you;
- Delete certain information we have about you;
- Correct certain personal information we have about you; or
- Provide you the categories of personal information we have collected or disclosed about you in the last 12 months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; the categories of third parties with whom we shared personal information; and more specific detail about what categories of information were “sold,” “shared,” or disclosed to particular categories of third parties, similar to the detail above this Section of the Privacy Policy.
c. Requests Made by Agents
For security and legal reasons, we do not accept personal information requests that require us to use a third-party service (such as one operated by an agent) to view or respond to the requests. If you are an agent making a request on behalf of a consumer, we reserve the right to take steps to verify that you are authorized to make that request, which may include requiring you to provide us with written proof such as a notarized authentication letter or a power of attorney. We also may require the consumer to verify their identity directly with us. Because opt-out requests for sales made through cookies and related technology must be performed from each browser that is used to access our Services, it is easiest for the consumer to perform such opt-outs themselves. However, if a consumer wishes for an agent to perform browser-based requests on their behalf, the consumer may arrange for the agent to use the consumer’s browser to make such requests. We are not responsible for the security risks of this or any other arrangements that a consumer may have with an agent. For clarity, this is not permission for any user to share their login credentials with an agent or any third party. Such sharing is prohibited and is not required for an agent to make requests under this Privacy Policy.d. Nondiscrimination
You also have a right not to receive “discriminatory treatment” (within the meaning of the CCPA) for the exercise of the privacy rights conferred by the CCPA.