Privacy Statement

Receive email notifications of sub-vendor changes

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form. Please try again.

Version 2.0 - Effective January 1st, 2022


First things first

At Conveyor our mission is to help build trust on the internet. As a result, our goal is to set a high standard for protecting the privacy of your information. This Privacy Statement transparently describes what you can expect Conveyor to do with your personal data, including how we collect, use, protect and share your information. 


If you would like to learn how Conveyor uses information about your business, such as your customers and your trust posture, to provide the network, please see our FAQ.



This privacy statement applies to the information we collect, receive, or use on or in connection with websites owned or controlled by Conveyor, Inc., a Delaware corporation ("Conveyor" or "we" or "our" or "us"), including, applications, products, features, services, marketing, email or other site-related electronic communications, whether online or offline, or any portion thereof (collectively, the "Service").


This Privacy Statement does not apply to personal information arising from Coveyor’s employment-related activities. Except to the extent that a third party provides services on our behalf (such as a SaaS vendor), this Privacy Statement also does not apply to the practices of third parties to which we may link or otherwise refer you, such as consultants, pen testing firms, audit firms, and other vendors.


Personal data we collect 

For purposes of this Privacy Statement, "Personal Information" means information from or about you that identifies you directly and information that is associated with you and thus could potentially identify you, including when combined with other information from or about you.

"Sensitive Personal Information" includes data about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union memberships, genetic and biometric data when used for identification purposes, and data about health, sex life, and sexual orientation.

We only collect the minimum personal data necessary and we don’t use automated decision making or profiling techniques.

Category Data Types Legal Basis and Purpose
Customer User Information The name, username, and contact information of our customers, company name and their employees with whom we may interact. We have a legitimate interest in contacting our customers and communicating with them concerning normal business administration such as projects, services, and billing.
Account Information (Customer User) We collect personal data from our customers when they create an account to access and use the Services or request certain free Services from our Sites. This information could include business contact information such as name, email address, title, company information, and password for our services. We have a legitimate interest in providing account related functionalities to our users, monitoring account logins, and detecting potential fraudulent logins or account misuse. Additionally, we use this information to fulfill our contract to provide you with Services.
Contact Information (Vendors) Users of our service may ask their vendors or service providers to submit company and security related information on our platform (e.g., to complete a security questionnaire). When a user invites a vendor we collect the name and email address of the vendor. We have a legitimate interest in contacting vendors on behalf of our customers in order to invite them to communicate with companies through our platform. Among other things, the communication allows our customers to efficiently solicit, and receive, security questionnaires, and allows vendors to efficiently solicit, and transmit, security questionnaires. Additionally, we use this information to fulfill our contract to provide Services which may include soliciting, receiving, transmitting, and hosting responses to security questions.
Account Information (Vendors) We collect personal data from vendors when they create an account to access and use the Services or request certain free Services from our Sites. This information could include business contact information such as name, email address, title, company information, and password for our services. We have a legitimate interest in providing account related functionalities to our vendor-users, monitoring account log-ins, and detecting potential fraudulent logins or account misuse. Additionally, in some cases, we use this information to fulfill our contract to provide vendor-users with Services.
Cookies and First Party tracking We use cookies and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a website is viewed. We have a legitimate interest in making our website operate efficiently.
Cookies and Third Party Tracking We participate in behavior-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests on our website, or on other websites. Where required by law, we base the use of third party cookies upon consent.
Email Interconnectivity If you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases. We have a legitimate interest in understanding how you interact with our communications to you.
Feedback/Support We collect personal data from you contained in any inquiry you submit to us regarding our Sites or Services, such as completing our online forms, calling, or emailing for the purposes of general inquiries, support requests, or to report an issue. When you communicate with us over the phone, your calls may be recorded and analyzed for training, quality control and for sales and marketing purposes. During such calls we will notify you of the recording via either voice prompt or script. We have a legitimate interest in receiving, and acting upon, your feedback, issues, or inquiries.
Mailing List When you sign up for one of our mailing lists we collect your email address or postal address. We share information about our products and services with individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products or services.
Order Placement We collect your name, billing address, shipping address, e-mail address, and phone number. To the extent that you have elected to pay using a credit card we also take (directly or through our payment processor) your payment card information. We use and share your information to perform our contract to provide you with products or services.
Surveys When you participate in a survey we collect information that you provide through the survey. If the survey is provided by a third party service provider, the third party’s privacy statement applies to the collection, use, and disclosure of your information. We have a legitimate interest in understanding your opinions, and collecting information relevant to our organization.
Website interactions We use technology to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser. We have a legitimate interest in understanding how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud.
Web logs We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors. We have a legitimate interest in monitoring our networks and the visitors to our websites. Among other things, it helps us understand which of our services is the most popular.
Leads Contact Data We collection information of leads contact data including names, email, company and title (optional) We have legitimate interest of provision, tailoring and improvement of our Services, development of new ones, sales and marketing.

The personal data we collect could generally cover these categories under the California Consumer Privacy Act:

  • Identifiers (e.g. real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers)
  • Categories of personal data from s. 1798.80 (e) California Consumer Privacy Act (e.g. name, address, telephone number)
  • Commercial information (e.g. information regarding products or services purchased, obtained, or considered)
  • Electronic network activity information
  • Geolocation data
  • Professional or employment-related information

Why We Collect Information from and about you

In addition to the purposes and uses described above, we use information in the following ways:

To establish and maintain contractual relationships with our customers:

  • To establish relationships with new customers
  • To fulfill our obligations to current customers
  • To contact customers regarding account-related issues and business communications relating to the Services, including technical notices, updates, security alerts, and administrative messages
  • To enable individuals to access and use our Services

To comply with our legal obligations:

  • To comply with legal obligations, including but not limited to complying with tax and financial reporting requirements
  • To demonstrate compliance with applicable privacy and data security laws and regulations, such as CCPA and GDPR
  • To comply with incident monitoring, reporting, assessment, and notification requirements
  • To comply with other applicable criminal and civil law and regulatory requirements under federal, state, and international law

To provide services and information that you request and consent to receive:

  • To provide customer service and support
  • To communicate with you, including responding to your comments, questions, and requests regarding our Services
  • To process and complete transactions, and send you related information, including purchase confirmations and invoices
  • To provide direct marketing, email, and other distributed information distribution

To fulfill our other legitimate interests to the extent that they are not overridden by individual interests, fundamental rights, or freedoms:

  • To administer, operate, maintain, and secure our website and Services
  • To monitor and analyze trends, usage, and activities in connection with our Services
  • To investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities
  • To verify compliance with our internal policies and procedures
  • For accounting, recordkeeping, backup, and administrative purposes
  • To customize and improve the content of our communications, websites, and social media accounts
  • To educate and train our workforce in data protection and customer support
  • To provide, operate, maintain, improve, personalize, and promote our Services
  • To develop new products, services, features, and functionality
  • To market our products and services (first-party marketing only; we do not provide personal information for use in marketing any non-Conveyor, third-party goods or services)

When possible, we will use anonymized data for these purposes, but if we do not, or if we combine it with Personal Information we will treat it in accordance with this Privacy Statement.

Sharing of Information

Except to the extent necessary to fulfill our business obligations, to accomplish one of the lawful purposes described in this Privacy Statement, or pursuant to your express instructions, we do not sell, transfer, or otherwise disclose personal information that we collect from or about you. We may share your information in the following ways:

  1. Affiliates and Acquisitions: We may share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.
  2. With other vendors listed on the Conveyor Network: We may share your personal information with companies, organizations, or individuals outside of Conveyor when we have your consent to do so.
  3. When you choose to directly share your information while using our Services: When you use our Services, certain features allow you to make some of your content accessible to the public or other users of the Services (eg. sharing a security document in your Conveyor Room) . We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users.
  4. With our vendors and business partners, to accomplish our business purposes: We may share your information with our service providers and other third parties who perform services on our behalf, listed in our Subprocessor Directory.
  5. When necessary to comply with laws and law enforcement requests, or otherwise to protect our rights or those of individuals: We may disclose your information (including your personal information) to a third party.
  6. We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request:
  • To enforce our agreements, policies and terms of service;
  • To protect the security or integrity of Coveyor’s products and services;
  • To respond to an incident involving personal data for which Conveyor has direct or indirect responsibility;
  • To protect the property, rights, and safety of Conveyor, our customers or the public from harm or illegal activities;
  • To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or
  • To investigate and defend ourselves against any third-party claims or allegations.

Your Rights

Depending on your location, you may have some rights around your personal information based on applicable laws. The following are the rights accessible to you. 

  1. Right to information: You may ask us how we use your personal data. We inform and communicate this through our Privacy Statement and privacy notices. 
  2. Right to access: You may request information about, and access to, the personal data that we collect from you.
  3. Right to rectification: You may update or correct your personal information at any time by accessing the account settings page on the website or within our platform.
  4. Right to be forgotten (right to deletion): You may request that we delete information that we have collected about you.
  5. Right to restriction of processing: You may request us to temporarily refrain from processing your personal data. 
  6. Right to portability: You may ask for a copy of your personal data in a way that can be shared somewhere else. 
  7. Right to withdraw consent: You may withdraw the consent you previously gave us. When you change your mind, you can let us know. 
  8. Right to object: You may opt out or unsubscribe from any direct marketing of any form at any time by following the opt-out link attached to each communication.. 


Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. That said, we certainly try very hard, employing a variety of organizational, technical and administrative measures to provide a level of security appropriate to the risk associated with the personal information you trust us with. For more information, please see our Security Policy.

Data Retention 

We retain your personal information only as long as necessary to accomplish the business purpose for which it was collected or to comply with our legal and contractual obligations. We will security dispose of customer information upon termination of contracts. 


Our Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us at

Changes to Privacy Statement 

As our business evolves, Conveyor may update this privacy statement from time to time with the changes to our Service and our business, and laws applicable to us and you. When this occurs, we will notify you by revising the version and date at the top of this Privacy Statement and, in some cases, where appropriate we may provide you with additional notice (such as adding a statement to the log-in screen or sending you an email notification).

If you’d also like to be notified of material changes by email, you can sign up by emailing with the subject “Subscribe to Privacy Statement Notifications” and telling us the email address where we should send these notifications. If you continue to use the Services after those changes are in effect, you agree to the revised statement. If you disagree, you’ll have to stop using the Service and delete your data.


Please contact us with any questions or comments about this Statement, your personal information, our use and disclosure practices, or your consent choices by email at