Aqua Security Privacy Policy

This Privacy Policy describes how Aqua Security Software Ltd. (collectively with its affiliates, “Aqua Security”, “we”, “our” or “us”) collects, stores, uses and discloses personal data of individuals (“you” or “your”) who:

  • visit or otherwise interact with our websites (the “Sites”), and any online ads and content, or emails and communications in relation to the Sites (collectively, “Visitors”);
  • interact with us with respect to the Aqua Platform SaaS Offering and Aqua Platform Self-Hosted installation (the “Aqua Platform”, and together with the Sites, the “Services”) via various sales and marketing channels such as events, webinars, and other business and marketing activities, including business contact persons of our prospective or current corporate customers (“Prospects and Customers”), business partners, and service providers (collectively – “Business Contacts”).

Please note that this Policy does NOT cover our privacy practices with respect to individuals who use the Aqua Platform under the direction of our Customers (“Users”). We process personal data relating to such Users on behalf of our Customers, in our role as a data processor, and only in accordance with their instructions and the terms of our Data Processing Addendum and other commercial agreements with them.

Specifically, this Privacy Policy describes our practices regarding:

  1. Data Collection & Processing
  2. Data Uses & Lawful Bases for Processing
  3. Data Disclosure
  4. Data Location
  5. Data Retention
  6. Cookie & Tracking technologies
  7. Sale/ Sharing for Targeted Advertising
  8. Data Security
  9. Your Privacy Rights
  10. Communications
  11. Children
  12. Third-Party Links and Services
  13. Data Controller/Processor
  14. Contact Details
  15. Changes to this Privacy Policy

If you are a Visitor or a Business Contact, please read this Privacy Policy carefully and make sure that you fully understand it.

Please note that you are not legally required to provide us with any of your personal data, and may do so (or avoid doing so) at your own free will. However, please keep in mind that without it, we may not be able to provide you with the full range of the Services or deliver the best user experience. If you prefer not to share your personal data or have it processed by us, please refrain from providing it, and visiting or interacting with our Services. If we do process your personal data you submit a request to exercise your rights as explained in Section 9.

  
1.      Data Collection & Processing

Personal data (or “personal information” under certain data protection laws” is any information that identifies, relates to, describes an individual or that is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. It does not include aggregated, de-identified or anonymized information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual.

Specifically, we may collect, generate, disclose or otherwise process the following types of personal data in relation to the Services:

  • Contact Details: We process certain contact details including phone numbers, email addresses, job titles and workplaces, country, and other relevant information for managing business relationships or for billing and invoicing purposes. We may obtain such data directly from you such as when you submit an online form on our Sites (such as the “Contact Us”, “Get a Demo” forms) or otherwise contact us regarding the Aqua Platform, or from other sources. For example, if you participate in an event, webinar, or promotion that we co-sponsor or participate in, we may receive your personal data from the event organizers. We may also receive your contact and professional details from our business partners and through the use of tools and channels commonly used for connecting between companies and individuals in order to explore potential business opportunities, such as LinkedIn.
  • Communication content: We may collect personal data when you interact with us through any other means, including personal data contained in inquiries, surveys, feedbacks, transcripts of our phone and video conference calls and analysis thereof, and interactions through social media channels.
  • Site Usage Data: This includes certain connectivity, technical and aggregated usage data related to your interaction with our Sites such as activity logs, IP addresses, device data (such as type, operating system, device ID, browser version, location and language settings), communication and performance logs, session recordings and analytics, issues and bugs, and the cookies and pixels installed or utilized on our Sites and/or your device.

We collect the above personal data either directly from your interactions with us or our Services, automatically through cookies and other tracking technologies (as further detailed in Section 6 below), using our Service Providers (as further detailed in Section 3 below), or through third party services, social media, and other business initiatives. 

For the purposes of the California Consumer Privacy Act (“CCPA”), in the last twelve (12) months, we have collected the following categories of personal information, as defined in the CCPA: identifiers; commercial information; customer record information; internet or other electronic network activity information; geolocation data; and inferences.


2.      Data Uses & Lawful Bases for Processing

We use personal data as necessary for the performance of our Services and our contractual obligations (“Performance of Contract”); to comply with our legal obligations (“Legal Obligations”); to support our legitimate interests in maintaining and improving our Services, e.g. in understanding how our Services are used and how our campaigns are performing, and gaining insights which help us dedicate our resources and efforts more efficiently; in promoting our Services; providing customer services and technical support; and protecting and securing our Business Contacts, Visitors, ourselves and our Services (“Legitimate Interests”); or with your consent (“Consent”) when applicable, such as to inform you about offers and products in which you have expressed interest.

If you reside or are using our Services in a territory governed by privacy laws under which “consent” is the only or most appropriate legal basis for processing personal data as described in this Privacy Policy (either in general, based on the types of personal data you expect or elect to have processed by us, or due to the nature of such processing), your continued use of our Services means that you have had the opportunity to read and that you accept this Privacy Policy and will be deemed as your consent to the processing of your personal data for all purposes detailed in this Privacy Policy, unless applicable law requires a different form of consent. If you wish to revoke such consent, please contact us at [email protected].

Specifically, we collect and use personal data (including in the last 12 months) for the following purposes (and in reliance on the legal bases for processing noted next to them, as appropriate):

Purpose

Lawful bases for processing

To invoice and process payments
  • Performance of a Contract

To facilitate, operate, enhance, and provide usage of our Services and all related features and functions
  • Performance of a Contract
  • Legitimate Interests

To provide you with assistance and support, to test and monitor the Services, diagnose or fix technical issues
  • Performance of a Contract
  • Legitimate Interests

To personalize our Services, including by recognizing an individual and remembering their information when they return to our Services, and to provide further localization and personalization capabilities
  • Performance of a Contract
  • Legitimate Interests

To explore and pursue growth opportunities by facilitating a stronger local presence and tailored experiences
  • Performance of a Contract Legitimate Interests

To contact you with general or personalized service-related messages (such as password retrieval or billing issues), as well as promotional messages that may be of specific interest to you
  • Performance of a Contract
  • Consent
  • Legitimate Interests

To gain a better understanding on how individuals evaluate, use, and interact with our Services, to utilize such information to continuously improve our Services, offerings, and the overall performance, user-experience and value generated therefrom
  • Legitimate Interests

To create aggregated, statistical data, inferred non-personal data or anonymized or pseudonymized data (de-identified data), which we or others may use to provide and improve our respective Services, or for any other business purpose
  • Legitimate Interests

To enforce our Terms and agreements, resolve disputes, and protect our business interests and the interests and rights of third parties
  • Legitimate Interests

To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error or any illegal or prohibited activity
  • Legal Obligations
  • Performance of a Contact
  • Legitimate Interests

To comply with our contractual and legal obligations and requirements, and maintain our compliance with applicable laws, regulations and standards
  • Legal Obligations
  • Performance of a Contact
  • Legitimate Interests

To facilitate and optimize our marketing campaigns, ad management and sales operations, and to manage and deliver advertisements for our Services more effectively, including on other websites and applications. This may include contextual, behavioral and interests-based advertising based on your and other’s activities, preferences or other available data
  • Consent
  • Legitimate Interests

To facilitate, sponsor and offer certain events, webinars and promotions
  • Legitimate Interests
  • Consent

For any other lawful purpose, or other purpose that you consent to in connection with provisioning our Services
  • Legal Obligations
  • Consent


3.      Data Disclosure

We may disclose personal data in the following instances:

  • Service Providers: We rely on certain trusted third-party service providers to perform services on our behalf or complementary to our own such as hosting services, third party technical and customer support services, communications and content delivery networks (CDNs), data and cyber security services, billing and payment processing services, fraud detection, investigation and prevention services, call and session recording services, email, text messages and notification distribution, remote access services, performance measurement, data optimization and marketing services, social and advertising networks, data enrichment providers, customer relations management systems, and our legal, compliance and financial advisors and auditors. Our service providers may have access to personal data, depending on each of their specific roles and purposes in facilitating and enhancing our Services or other activities, and may only use the data as determined in our agreements with them.
  • Event Partners: If you register for any event that we host, organize or sponsor, we may disclose your registration details to others in accordance with applicable laws, including the hosts, organizers, speakers, service providers, and sponsors of that event, so that they may contact you with relevant information and offers, or to fulfil any promotions related to that event.
  • Aqua Security affiliates and organizational changes: We may share personal data internally within our group, for the purposes described in this Privacy Policy. In the event of any change in control or ownership, including by means of a merger, sale, change in control, or reorganization of all or part of our business, your personal data may be shared with the parties involved in such an event. If we believe that such change in control might materially affect your personal data then stored with us, we will notify you of this event and the choices you may have via any of the means of communication available to us;
  • Legal Compliance: We may be required to disclose or give access to personal data in response to subpoenas, court orders, legal processes, or in compliance with applicable laws and regulations;
  • Protecting rights and safety: We may share your personal data with others if we believe in good faith that this will help protect the rights, property or personal safety of Aqua Security, any of our Business Contacts, Visitors, or any members of the general public; or
  • We may share your personal data in additional manners, pursuant to your request or explicit approval, or if we have successfully rendered such data non-personal, non-identifiable and anonymous. We may transfer, share or otherwise use non-personal and non-identifiable data at our sole discretion and without the need for further approval.

Aqua Security only discloses personal data to third parties that demonstrate to provide the necessary measures to safeguard the security of the personal data they process.

For the purposes of the CCPA, in the past 12 months, we may have disclosed the following categories of personal information to the recipients listed above: identifiers; commercial information; customer record information; internet or other electronic network activity information; geolocation data; and inferences. We did so in pursuit of the business and commercial purposes described in Section 2 above.


4.      Data Location

Since we operate globally and may use Service Providers worldwide, including in the US, Europe, Israel and other locations as reasonably necessary for the proper performance of our Services, or as may be required by law, we may transfer your personal data outside your country of residence. 

While privacy laws may vary between jurisdictions, Aqua Security is committed to protect personal data in accordance with this Privacy Policy and customary industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction from or to which such personal data is transferred.

For data transfers from the EEA, Switzerland or the UK, we will transfer your personal data only to countries approved by the European Commission, Swiss Federal Council and UK Information Commissioner’s Office (ICO) respectively, as providing adequate level of data protection, or rely on transfer mechanisms recognized by applicable data protection laws, such as Standard Contractual Clauses as approved by the relevant data protection authority. You can obtain a copy of these clauses by contacting us as indicated below.


5.      Data Retention

We retain the personal data that we collect for as long as needed to maintain and expand our relationship, to provide our Services to you and to comply with our legal or contractual obligations, to enforce our agreements or protect ourselves from any potential disputes (i.e., as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise), all in accordance with our data retention policy and applicable laws. Retention periods are determined taking into account the type of the personal data and the purpose for which it is processed, and the potential risk of harm from unauthorized use or disclosure of your personal data, bearing in mind the legal requirements applicable to the situation.


6.      Cookie & Tracking technologies

Our Services (including some of our Services Providers) use cookies, pixels, log files and other similar tracking technologies (collectively, “cookies”) in order for us to provide, monitor, and improve our Services, to ensure that they perform properly, to analyze our performance and marketing activities, to personalize your experience, and to improve and maintain the safety and functionality of the Services.

The type of information collected may include (but is not limited to) internet protocol (IP) addresses, MAC address, device type, browser type, operating system type, Internet Service Provider (ISP), date/time stamp of Services used and user interface interactions.

Based on your location when using our Services, you may be able to control your cookie preferences at any time by clicking the “Cookie Settings” link in our website’s footer or through the widget available in the lower-left hand corner of our website, depending on your location and activity on our Services. Top of FormYou can also manage your cookie preferences through your browser settings.

Please note though that if you block or restrict tracking technologies on your device, you will still be able to use our Services, but various features and functionality may be altered.

To learn more about our practices concerning cookies and tracking, please see our Cookie Policy.


7.      Sale / Sharing for Targeted Advertising

Under some US data protection laws, such as the CCPA, our disclosure of certain internet activity and device information with third parties through cookies may be considered a “sale”, or “sharing” of personal information or disclosure of cookies for “targeted advertising” (as such terms are defined in applicable data protection laws). We do so in pursuit of the business and commercial purposes described in Section 2 above.

For the purposes of the CCPA, in the last 12 months, we have “sold” or “shared” internet or other electronic network activity information, geolocation data, commercial information and inferences with our analytics and advertising partners and our Service Providers. We have not knowingly sold or shared the personal information of individuals under the age of 16.

You may opt-out any time from Aqua Security’s use of such cookies resulting is a “sale” or “sharing” of your personal information for in the following ways:

  • Click the “Cookie Settings” link available at the footer of our website or use the widget located in the bottom-left corner of any page, select the “Do Not Sell or Share My Personal Information” checkbox, then click the “Save My Preferences” button.
  • Set the Global Privacy Control (GPC) for each participating browser system that you use to opt out of the use of third-party advertising cookies (instructions on how to download and use GPC are available here).

Please note: If you visit us from a different device or browser, or clear your cookies, then you need to re-perform the above descriptions to re-select your preferences.


8.      Data Security

Aqua Security takes appropriate administrative, technical, physical and organizational security measures to protect your personal data. We adhere to generally accepted industry standards to protect the personal data submitted to us, both during transmission and once it is received, taking into account the nature of such information and the risks involved in processing, and we comply with applicable laws and regulations.

While we have taken reasonable steps to secure the personal data provided to us, please be aware that regardless of any security measures used, we cannot guarantee that our Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.

To learn more, please visit our Trust & Security webpage.


9.      Your Privacy Rights

Data protection laws and regulations provide individuals with certain statutory rights to their personal data, including the EU or UK General Data Protection Regulation (GDPR), and the CCPA. You can exercise your rights by submitting a request to [email protected].

Such rights may include (to the extent applicable to you):

  • The right to know/request access to your personal data.
  • The right to request rectification of your personal
  • The right to request erasure of your personal
  • The right to object to or to restrict the processing of personal data by us, including, for US states residents, the right to direct us not to “sell” or “share” your personal data or process it for “targeted advertising”, as described above.
  • The right to obtain a copy or port such personal
  • The right to equal services and prices (e.g., freedom from discrimination).

If you are a GDPR-protected individual, you also have the right to lodge a complaint with the relevant supervisory authority in the European Economic Area (EEA) or the UK, as applicable.

To the extent applicable to you, you may also designate an authorized agent, in written authorization or through a power of attorney, to request to exercise your privacy rights on your behalf. The authorized agent may submit a request to exercise these rights by contacting us at [email protected].

Please note that when you or an authorized agent ask us to exercise any of your rights under this Privacy Policy or applicable law, we may request certain additional information to verify your identity, to avoid disclosure to you of personal data related to others, or to better understand the nature and scope of your request. Such additional information may be then retained by us for legal purposes (e.g., as proof of the identity of the person submitting the request, or proof of request fulfillment).


10.  Communications

We engage in Services and promotional communications, through email, phone, SMS and notifications.

Services Communications: We may contact you with important information regarding the Services. For example, we may send you notifications (through any of the means available to us) to inform you of changes or updates to our Services, billing issues, log-in attempts or password reset notices, etc. Please note that you will not be able to opt-out of receiving certain service communications which are integral to the provision of the Services.

Promotional Communications: Subject to applicable regulations, we may also notify you about new features, additional offerings, events and special opportunities or any other information we think you will find valuable. We may provide such notices through any of the contact means available to us, through the Services, or through our marketing campaigns on any other sites or platforms. If you do not wish to receive such promotional communications, you may notify us at any time by sending an email to [email protected] or by following either of the following “unsubscribe”, “stop”, “opt-out” or “change email preferences” instructions contained in the promotional communications you receive.


11.  Children

Our Services are designed for commercial businesses, not individuals, and therefore are also not designed to attract children. We do not knowingly collect or solicit personal Information from children – i.e. anyone under the age of consent (as determined under the applicable laws where the individual resides). In the event that we learn that we have collected personal data from a child, we will attempt to prohibit and block such use and to promptly delete that information upon discovery. If you believe that we might have any information from or about an individual under the Age of Consent, then please contact us through the contact details available below.


12.  Third-Party Links and Services

Our Services may contain links to other websites or services.  This Privacy Policy only addresses Aqua Security’s data processing practices with regards to personal data that Aqua Security processes about you as a data controller. To the extent you disclose, submit or otherwise transmit your information to third-party services, such third parties’ terms and privacy practices shall apply. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party that you choose to disclose information to.


13.  Data Controller/Processor

Certain data protection laws and regulations, such as the EU and UK GDPR and the CCPA, typically distinguish between two main roles for parties processing personal data: the “data controller” (or under the CCPA, the “business”), who determines the purposes and means of processing; and the “data processor” (or under the CCPA, the “service provider”), who processes the data on behalf of the data controller (or business). Below we explain how these roles apply to our Services, to the extent that such laws and regulations apply.

Aqua Security is the data controller of personal data relating to Business Contacts and Visitors. In this capacity, we assume the responsibilities of a data controller under applicable data protection law, as set forth in this Privacy Policy, and our Service Providers processing such data on our behalf will assume the role of data processors.

Aqua Security is the data processor of personal data relating to Users. Accordingly, we process such data strictly in accordance with our respective Customers’ instructions and as further stipulated in our Data Processing Addendum and other commercial agreements with them.


14.  Contact Details

DPO: Aqua Security has appointed PrivacyTeam as our Data Protection Officer, for monitoring and advising on Aqua Security’s ongoing privacy compliance and serving as a point of contact on privacy matters for data subjects and supervisory authorities.

EU Representative: Aqua Security has designated Prighter as Aqua Security’s representative for the European Union for data protection matters pursuant to Article 27 of the GDPR. Inquiries regarding our privacy practices in the EU may be sent by email to [email protected], or to our EU representative through this link.

UK Representative: Aqua Security Software UK Ltd. acts as Aqua Security’s representative in the United Kingdom for data protection matters contact regarding matters related to the processing of personal data of UK residents and may be contacted for any inquiry or questions regarding our UK privacy practices at [email protected].

Database Controller: For the purposes of Israel’s Protection of Privacy Law, Aqua Security Software Ltd. serves as the “Database Controller” for the personal data covered by this Privacy Policy which it processes as a data controller, and may be contacted at [email protected].

Questions, concerns or complaints: If you have any questions, inquiries, concerns, or requests regarding the use or disclosure of your personal data, please contact us at: [email protected].


15.  Changes to this Privacy Policy

We may update and amend this Privacy Policy from time to time by posting an amended version on our Services. The amended version will be effective as of the date it is published. We will provide prior notice if we believe that the changes involved materially alter your rights, via any of the communication means available to us or via the Services. After such notice period, all amendments shall be deemed accepted by you.

Last updated: August, 2025

Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Policy | Your Privacy Choices |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links