Last Updated: September 12, 2023
Koolay is committed to protecting the privacy of its Users whose information is collected and stored while using Koolay’s Platform or Website.
WE DO NOT SELL YOUR PERSONAL INFORMATION, NOR DO WE INTEND TO DO SO. WE DO NOT GIVE ACCESS TO YOUR PERSONAL INFORMATION TO THIRD PARTIES EXCEPT TO SUBPROCESSORS TO ASSIST US IN THE PROVISION OF OUR SERVICES TO YOU.
When you register to use our Website, Platform, or Software, we collect Personal Information (also referred to as personally identifiable information or “PII”) which may include your name, address, online contact information such as your email address or username, phone number, professional or employment-related information, unique node identifiers, Software and Platform versions, software configuration parameters, information related to your subscription information including the subscription plan, license key, and number of devices in use, persistent identifiers that can be used to identify a user over time across different websites or other online services, purchase information. We may collect other data in our interactions with you, including photographs, video or audio files for marketing the Company’s services, however this data is not collected as a part of the Company’s processing of data or information related to providing its content management software services. We do not sell this data or information collected in this manner. The information so collected will be stored on our servers. You are able to change your Personal Information via email by contacting us at [email protected] or through your profile or account settings on our Website or Platform.
You are able to control what PII is shared with the Company in relation to the software service we provide in the user interface during configuration.
Heartbeat and license check related information collected is necessary for the operation of the service and cannot be opted out. The PII information related to heartbeat and license check includes unique node identifiers, IP address, Software and Platform versions, software configuration parameters, information related to your subscription information including the subscription plan, license key, and number of devices in use. If you do not consent with the foregoing, please do not proceed with using the Software and remove it from your system.
Traffic Data. We do not collect and store traffic data on our servers. Traffic data is processed locally and only for the purpose of providing the content management software service. If you elect to manage your firewall from the cloud, data will be transmitted to our cloud servers only for the purposes of your own reporting and management.
Geolocation and Equipment Information. We may collect information that does not personally identify you such as (i) your geolocation (only your city and country), and (ii) information about your internet connection, the equipment you use to access our Website, Platform, or Software and usage details.
We collect Personal Information from you in the following ways:
At registration on our Website or Platform;
In email, text, and other electronic messages between you and our Website or Platform;
Through the Software you download from our Website or Platform, which provides dedicated non-browser based interaction between you and our Website or Platform;
From you placing an order, which includes details of transactions you carry out on our Website or Platform;
When you subscribe to a newsletter;
From your responses to a survey;
From forms filled out by you;
From records or copies of correspondences (including email addresses) if you contact us;
From search queries on our Website or Platform; and
When you post information to be published or displayed on our Website or Platform.
We collect information from you automatically when you use or access our Website, Platform, or Software in the following ways:
Information obtained through browser cookies;
Web beacons on our Website; and
Web beacons on emails sent by us.
We use the information that you provide to:
Personalize your experience in using our Website, Platform, or Software;
Provide you with information, products, or services requested from us;
Present our Website, Platform, and Software and their contents to you;
Provide you with notices about account and/or subscription, including expiration and renewal notices;
Carry out obligations and enforce rights arising from contracts entered into between you and us, including billing and collection;
Notify you about changes to our Website, Platform, and Software and any products or services;
Allow you to participate in interactive features on our Website, Platform, and Software;
Improve the Website, Platform, and Software;
Improve our customer service;
Administer contests, promotions, and surveys or other Website, Platform, and Software features;
Contact you about our products and services that may be of interest;
Enable the display of advertisements to our advertisers’ target audiences, although Personal Information is not shared with advertisers without your consent; and
Send you periodic emails, in accordance with the CAN-SPAM Act of 2003 as detailed in Section 14, via the email address provided by you to (i) send information, respond to inquiries, and/or other requests or questions; (ii) process orders and send information and updates pertaining to such orders; (iii) send additional information related to your product and/or service; and (iv) market to our mailing list or continue to send email to you after the original transaction has occurred.
We also anonymize data and aggregate data for statistics:
If you opt-in from the Software user interface, our Software may send certain information to our Cloud Threat Intelligence & Reputation Server. We will use this information to provide you with the threat intelligence and web categorization service.
The information sent includes information about your computer or device on which the Software is running, including outer IP address, and Koolay Networks unique machine identifier, and specific information regarding remote connections like remote IP address, hostname, port number, and URL.
We allow links to third-party web pages. These third-party sites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our Website and Platform and welcome any feedback at about these sites. Please contact us at [email protected].
We use these Cookies to compile data regarding User interactions with ad impressions and other ad service functions as they relate to our Website or Platform.
Our Website and Platform receive regular security scans, penetration tests, and malware scans. In addition, our Website and Platform use an SSL certificate as an added security measure. We require username and passwords for our employees who can access your Personal Information that we store and/or process on our Platform and servers. In addition, we actively prevent third parties from getting access to your Personal Information that we store and/or process on our Platform and servers. We accept payment by credit card through a third-party credit card processor on our behalf. We implement reasonable security measures every time you (a) place an order, or (b) enter, submit, or access your information, (c) register, or (d) access our Platform.
Security Measures. We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website or Platform, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to our Website or Platform. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our Website or Platform.
Fair Information Practice Principles. In the event of a personal data breach, we will notify you within 48 hours after having become aware of it via (i) email and/or (ii) our Platform notification system on our Website. We agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
There are times when we may share Personal Information that you have shared with us may be shared by Koolay with others to enable us to provide you other Services, including contractors, service providers, and third parties (“Partners”). This section discusses only how Koolay may share such information with Partners. We will ensure that our Partners protect your Personal Information. The following describe how and with whom we may share your Personal Information:
Disclosure of Personal Information.
We may disclose aggregated, de-personalized information about you that does not identify any individual to other parties without restriction, such as for marketing, advertising, or other uses.
We may disclose Personal Information to contractors, services providers, and other third parties.
We require all contractors, service providers, and other third parties to whom we disclose your Personal Information to be under contractual obligations to keep Personal Information confidential and to use it only for the purposes for which we disclose them.
We may disclose Personal Information in the event of a merger, sale of business, etc.
We require all other Partners, to whom we disclose your Personal Information, to enter into contracts with us to keep Personal Information confidential and use it only for the purposes for which we disclose it to such Partners.
We disclose Personal Information to fulfill the purpose for which you have provided it, for instance, if you gave us an email address to use the “email a friend” feature of the Website.
Other Disclosure of Personal Information.
Third Party Disclosure.
We do not sell, trade, rent, or otherwise transfer Personal Information to others, unless we provide you with advance notice. This does not include our hosting partners and other parties who assist us in operating our Website, Platform or Software, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
We provide disaggregated, de-personalized, non-personally identifiable information for marketing, advertising, or other purposes.
Choices Users Have About How Koolay Uses and Discloses Information.
We are headquartered in the United States. Most of the operations are located in Europe and the United States. Your Personal Information, referred to as Personal Data under the GDPR which you give to us during registration or use of our Website, Platform, or Software, may be accessed by or transferred to us in the United States. If you are visiting our Website or registering for our services from outside the United States, be aware that your Personal Data may be transferred to, stored, and processed in the United States. Our servers or our third-party hosting services partners are located in the United States and Europe. By using our site, you consent to any transfer of your Personal Data out of Europe, UK, or Switzerland for processing in the US or other countries.
If you are a resident of or a visitor to Europe, you have certain rights with respect to the processing of your Personal Data, as defined in the General Data Protection Regulation (“GDPR”).
Please note that in some circumstances, we may ask you to provide us with additional information in connection with your request, which may be Personal Data, for example, if we need to verify your identity or the nature of your request. In such situations, however, we will still respond to let you know the result of your inquiry.
As used herein, “Personal Data” means any information that identifies you as an individual, such as name, address, email address, IP address, phone number, business address, business title, business email address, company, etc.
The New SCCs.
The New SCCs took effect on June 27, 2021.
The Old SCCs may still be used for new data transfers in new contracts during a three-month transition period that ends on September 27, 2021.
Existing data transfers contracts that rely on the Old SCCs can be used until December 27, 2022, by which time all data transfers relying on the Old SCCs must be transitioned to the New SCCs.
As of now, we and our customers are using the New SCCs to transport Personal Data from the EU to other countries including the US for processing by us.
You are the Controller, as defined in the GDPR, and the Exporter, as defined in the New SCCs, of the Personal Data and we are a processor, as defined in the GDPR, and the Importer of such Personal Data.
You agree to comply with the GDPR rules that apply to Controllers and the New SCCs rules that apply to Data Exporters. We agree to comply with the GDPR rules that apply to Processors and the New SCCs rules that apply to Data Importers.
Our GDPR Compliance Commitment.
We agree to fully comply with the letter and the spirit of the GDPR and the New SCCs with respect to the transfer or your Personal Data for Processing outside the EU.
As a Data Importer, a User may contact us as set forth in Subsection 9(d) below with respect to the Personal Data we store and process on you.
We hereby notify you that we will be processing, as defined in the GDPR, the Personal Data of your Authorized Users (i.e., those individuals whom you have authorized to access our Platform and to use our Services) in the US, Canada, and Turkey for us to be able to provide the Services to you that we have agreed to do in our definitive service agreement between you and us.
Upon request, we will provide you with a list of your Personal Data that we will process and a copy of the New SCCs under which we will transport your Personal Data for processing.
We hereby warrant that, at the time of agreeing to the SCCs for the transport of your Personal Data, we have no reason to believe that the laws and practices applicable to us as a data processor and a data importer, including those of the US, Canada, and Turkey are not in line with the requirements of the New SCCs.
If we cannot satisfy any request or dispute to your satisfaction, we will agree to arbitrate or litigate the dispute in the EU jurisdiction in which you reside.
We will only transfer your Personal Data to a third country in accordance with documented instructions from you.
Your Personal Data will be transferred and stored in an encryption format.
Only our employees, who have a need to access your Personal Data to enable us to meet our contractual and legal obligations to you, will be given access to your Personal Data.
Such employees will be given a Username and Password to access your Personal Data.
We will keep an automated record of all persons who have accessed your Personal Data.
Access: You can request more information about the Personal Data we hold about you. You can also request a copy of the Personal Data.
Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
Objection: You can contact us to let us know that you object to the collection or use of your Personal Data for certain purposes.
Erasure: You can request that we erase some or all of your Personal Data from our systems.
Restriction of Processing: You can ask us to restrict further processing of your Personal Information.
Portability: You have the right to ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.
Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, it may limit your ability to use some/ all of our services or Platform and you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our services and Platform.
Right to File Complaint: You have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. Please go to to locate your Data Protection Authority in the EU. You may contact the UK’s Information Commissioner at or by telephone: 0303 123 1113.
We will respond to your inquiry within thirty (30) days of the receipt.
Koolay does not sell, trade, or otherwise transfer to outside third parties your “Personal Information” as the term is defined under the California Civil Code Section § 1798.82(h). Additionally, California Civil Code Section § 1798.83 permits Users of our Website, Platform, or Software that are California residents to request certain information regarding our disclosure of their Personal Information to third parties for their direct marketing purposes. To make a request for such disclosure, or identification and/or deletion of Personal Information in all our systems that we store on you, please send an email to [email protected] or write us at Koolay Inc., 8 The Green STE D Dover DE, 19901 United States.
Note that (i) if we delete your Personal Information as requested, we will no longer be able to provide our services to you and (ii) we may need to keep such Personal Information for a while during the shutting down and billing process. If you would like to discuss our Personal Information storage and processing process with us, please send us an email at [email protected] or write to us at Koolay Inc., 8 The Green STE D Dover DE, 19901 United States. .
Right to Request Personal Information. Upon request, we will provide you with (i) a list of all Personal Information that we have collected on you, (ii) from whom we obtained such Personal Information, (iii) the reason why we collected such Personal Information, and (iv) with whom (if any) we have shared such Personal Information. We require such Personal Information to be able to provide to you our Services.
Unless otherwise specified, we only collect Personal Information from you. We do not use others to provide us with your Personal Information.
b. Disclosure of Personal Information. We only share your Personal Information with service providers, e.g., billing and collection agents, who enable us to provide our Services to you. We do not sell or give your Personal Information to third parties for purposes unrelated to our provision of Services to you.
Right to have Personal Information Deleted. Upon request, we will delete all of your Personal Information that we have collected on you and will direct our Service Providers to also delete all of your Personal Information. But note that if we do delete all of this Personal Information, you will no longer be able to use our Services.
Non-Discrimination Right. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Financial Incentives. However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
Under 16. We will not sell your Personal Information if you are under the age of 16 unless we have the consent of your parent or your guardian nor will we sell it if you ask us not to do so.
Personal Information that We Store. For your information, we store/collect the following Personal Information on you including your name, address, online contact information such as your email address or username, phone number, professional or employment-related information, persistent identifiers that can be used to identify a user over time across different websites or other online services, purchase information, photographs, video or audio files. .
The Children’s Online Privacy Protection Act (“COPPA”) is a federal legislation that applies to entities that collect and store “Personal Information,” as the term is defined under COPPA, from children under the age of 13. We are committed to ensuring compliance with COPPA. Our Website, Platform, and Software are not meant for use by children under the age of 13. Our Website, Platform, and Software do not target children under the age of 13, but we do not age-screen or otherwise prevent the collection, use, and personal disclosure of persons identified as under 13. If you would like to know more about our practices and specifically our practices in relation to COPPA compliance, please email us at [email protected].
IF YOU ARE UNDER 13, PLEASE DO NOT ACCESS OR USE OUR WEBSITE, PLATFORM, OR SOFTWARE.
The CAN-SPAM Act establishes requirements for commercial messages, gives recipients the right to have businesses stop emailing them, and spells out penalties for violations. Per the CAN-SPAM Act, we will:
not use false or misleading subjects or email addresses;
identify the email message as an advertisement in some reasonable way;
include the physical address of Koolay Inc., which is 8 The Green STE D Dover DE, 19901 United States;
monitor third-party email marketing services for compliance, if one is used;
honor opt-out/unsubscribe requests quickly; and
give an “opt-out” or “unsubscribe” option.
If you wish to opt out of email marketing, follow the instructions at the bottom of each email and we will promptly remove you from all future marketing correspondences.
Additionally, if you have any questions or concerns about our third-party service providers, please email us at [email protected].
If you believe that any content on our Website, Platform, or Software violates your copyright, and you wish to have the allegedly infringing material removed, the following information in the form of a written notification (pursuant to the Digital Millennium Copyright Act of 1998 (“DMCA Takedown Notice”)) must be provided to our designated Copyright Agent.
Your physical or electronic signature;
Identification of the copyrighted work(s) that you claim to have been infringed;
Identification of the material on our Website, Platform, or Software that you claim is infringing and that you request us to remove;
Sufficient information to permit us to locate such material;
Your address, telephone number, and email address;
A statement that you have a good faith belief that use of the objectionable material is not authorized by the copyright owner, its agent, or under the law; and
A statement that the information in the notification is accurate, and under penalty of perjury, that you are either the owner of the copyright that has allegedly been infringed or that you are authorized to act on behalf of the copyright owner.
Koolay’s Copyright Agent to receive DMCA Takedown Notices is Compliance Manager at and at Koolay Inc., Attn: DMCA Notice, 8 The Green STE D Dover DE, 19901 United States You acknowledge that for us to be authorized to take down any content, your DMCA Takedown Notice must comply with all the requirements of this Section. Please note that, pursuant to 17 U.S.C. § 512(f), any misrepresentation of material fact (falsities) in a written notification automatically subjects the complaining party to liability for any damages, costs and attorney’s fees incurred by Koolay in connection with the written notification and allegation of copyright infringement.
Data Privacy Officer
Email: [email protected]
Address: Koolay Inc., 8 The Green STE D Dover DE, 19901 United States
Thank you! Our website is currently under construction, but we'll be back soon with more content and features. Stay tuned!Return to the homepage