Forrester Study: Expanding Attack Surface Requires Management | Download the study now

Data Retention Policy

Revised: March 10, 2021

Scope

This data retention policy applies to data collected through Internet scanning, website inquiries, user signups, and customer engagement. 

How We Store Data

Data collected and stored by Censys is encrypted in transit via TLS 1.2 or greater, with strong, modern cipher suites. For data at rest, including data residing in our database, we use Google KMS keys to ensure strong encryption is always in use on our data and databases.

What information we collect

When you use Censys, we collect information about you and your actions on the Site. This includes:

Your IP address

We automatically receive and record information from your web browser when you interact with Censys, including your IP address. This information is used to prevent abuse and also to facilitate collection of data concerning your interaction with Censys (e.g., what links you have clicked on). We may collect some device-specific information if you access Censys using a mobile device. Device information may include but is not limited to unique device identifiers, network information, and hardware model, as well as information about how the device interacts with Censys.

Personal Information

By creating an Account and providing Personal Information to us, such as the name and contact information you provide when you establish a Censys account (“Account”), you allow us to identify you and therefore may not be anonymous. To make things easier for our users, you may be able to use your account credentials with Third Party Services (e.g. Google) to sign in to Censys. By doing so, you acknowledge that some third party account information may be transmitted into your Account with us, and that such third party account information transmitted to Censys is covered by this privacy policy. The Third Party Service may be collecting information about your browser or online activity through its own tracking technologies and subject to its own privacy policy.

Logs of your search queries and other interactions with our servers

All content submitted by you to Censys may be retained by us indefinitely. Please note that if you terminate your Account, any association between your Account and information we store will no longer be accessible through your Account but may remain stored on our servers. We may continue to disclose such content to third parties in a manner that does not reveal Personal Information, as described in this privacy policy.

Cookies

When you use the Site, we set a first-party cookie to uniquely identify your browser software over time on our site, and this cookie is recorded in our logs. Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. We strongly recommend that you leave cookies active; turning off the cookie feature may stop you from using some Censys products and services. This privacy policy covers our use of cookies only and does not cover the use of cookies by third parties. We don’t control when or how third parties place cookies on your computer. For example, third party websites to which a link on the Site points may set cookies on your computer.

Email communications

We may receive a confirmation when you open an email from us. We use this confirmation to improve our service.

Location information

Some of our Services may include features based on users’ actual locations and may report on users’ current locations (“Location-Based Services”). To the extent you voluntarily opt to use any Location-Based Services, we may collect and store information about your location at the time you use those Location-Based Services. This information can come from a variety of sources depending on the client you use to access the Services; for example, a mobile phone may report its GPS location at the time Location-Based Services are used.

In addition, we use third-party service providers and hosting providers who collect data on our behalf:

We use a variety of third-party analytics services, including, but not limited to, Segment, Intercom, and Google Analytics, to measure user engagement with our products. These services record data about how you use our services, and Intercom reports to us when you open messages we send.

We use Google Cloud to host parts of our servers. Google Cloud maintains additional logs of your computer’s interaction with its servers.

We use Stripe to process payments. However, we do not receive your credit card information; use and storage of that information is governed by Stripe’s terms of service and privacy policy located at https://stripe.com/us/checkout/legal.

Your interactions with these third-party service providers will be governed by their privacy policies. Your participation and interaction with Censys on third-party social media sites will be governed by the relevant vendors’ privacy policies.

What We Share

We use the information we collect (either ourselves or through third-party services) to improve our service offerings, troubleshoot system issues, prevent abuse, and develop new features. We will sometimes use your contact information to send you information about our products and services, but we will not sell it to third parties for marketing.

We may share information we collect with our authorized third-party vendors, consultants, and service providers who perform services for Censys. These third-parties may only use or disclose information about you to perform services on Censys’s behalf, to comply with legal obligations, or as described in their privacy policies.

If we, or substantially all of our assets, are acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Information as set forth in this policy.

We reserve the right to access, read, preserve and disclose any information about you if we reasonably believe it is necessary:

to comply with any applicable law, regulation, governmental request or legal process, to establish or exercise our legal rights or defend against legal claims, or as may be required for the purposes of national security;

to protect our rights or property, or to prevent physical, mental, financial or other harm, injury or loss to us, our users or the public;

to detect, investigate, prevent, or otherwise address suspect or actual illegal or inappropriate activity or exposure to liability, including fraud, security or technical issues (which includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention);

to enforce this privacy policy and our Terms of Service and any other agreements between us, including investigation of potential violations of the same, or

to respond to user support requests.

We reserve the right, solely at our discretion, to object to certain information disclosure requests that we believe to be improper.

California Privacy Right

Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: 116 ½ S Main St Ann Arbor, MI 48103.

Censys Search Retention Periods

User Data

Censys may store the data provided in your user account indefinitely. We do share this data with third-parties to allow Censys to improve the product, for marketing purposes, and for other purposes outlined above.

User Query Data

User queries are stored for a period of seven days within the Censys Search platform. After seven days, user queries are anonymized and stored indefinitely. Censys uses this data to make product improvements and in some cases, may share this anonymized data with third-parties.

Censys Attack Surface Management Retention Periods

User Data

Censys may store the data provided in your user account indefinitely. We do share this data with third-parties to allow Censys to improve the product, for marketing purposes, and for other purposes outlined above.

Provided Data

Data provided within the Censys Attack Surface Management (ASM) platform may be kept for a maximum period of three years following the expiration of the customer account. If the customer provides Censys with a request in writing, we will remove all of the customer’s data from the ASM platform. Due to internal systems, backups, snapshots, and other services used in conjunction with the Censys ASM Platform, it can take up to 30 days for all data to be removed from Censys systems. Examples of provided data include, but are not limited to, IP addresses, CIDR blocks, AS Numbers, Cloud Assets, DNS, and domain names.

California Privacy Right

Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: 116 ½ S Main St Ann Arbor, MI 48103.

Data Processors

HubSpot
Pendo
SalesForce
Google
Segment
6Sense
Zendesk
ZoomInfo